1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
shibboleth-sp2 (2.5.5+dfsg1-1) unstable; urgency=medium
The Debian specific redirection of logs from the Apache module (native
logs) is dropped in this version. The new upstream location for these
logs is /var/log/shibboleth-www.
-- Ferenc Wágner <wferi@niif.hu> Thu, 21 Jan 2016 01:13:27 +0100
shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low
Shibboleth has added new Require shib-session and Require shib-user
directives, which will replace use of Require valid-user and Require
user with Shibboleth authentication. If you are currently using
valid-user or user restrictions with Shibboleth, consider switching to
shib-session and shib-user, respectively.
If you are using both Shibboleth and another authentication method, such
as basic auth, on the same Apache server and want to use Require
valid-user or Require user with the non-Shibboleth authentication
method, you will need to add:
ShibCompatValidUser On
to your server or virtual host configuration.
-- Russ Allbery <rra@debian.org> Tue, 18 Jun 2013 14:47:40 -0700
shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
As of this release, running shibd as a non-root user is supported and
recommended to limit the impact of any potential security issues. The
package will create a dedicated _shibd user on installation for that
purpose.
In order for shibd to run as user _shibd instead of as root, user _shibd
must have read access to the private key of the server. The easiest way
is to make the private key, normally /etc/shibboleth/sp-key.pem, owned
by root and readable by group _shibd:
chown root:_shibd /etc/shibboleth/sp-key.pem
chmod 640 /etc/shibboleth/sp-key.pem
The init script attempts to detect, when starting up shibd, whether it
can read the private key specified in the configuration and, if not,
falls back on running shibd as root, as was done in previous versions of
this package.
-- Russ Allbery <rra@debian.org> Tue, 10 Nov 2009 16:48:03 -0800
shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
There are several changes to the configuration syntax and defaults in
Shibboleth 2.2, one of which produce deprecation warnings on startup
until /etc/shibboleth/shibboleth2.xml is updated.
The most significant change is that <Rule> tags in the <Policy> element
should be changed to <PolicyRule> and a new policy rule added:
<PolicyRule type="Conditions">
<PolicyRule type="Audience"/>
<!-- Enable Delegation rule to permit delegated access. -->
<!-- <PolicyRule type="Delegation"/> -->
</PolicyRule>
See:
https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationChanges
for all the details and further explanation.
-- Russ Allbery <rra@debian.org> Tue, 15 Sep 2009 20:44:26 -0700
shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low
With this release, the Apache module configuration fragments in
/etc/apache2/mods-available have been renamed to shib2.* from shib.* to
avoid conflicts with libapache2-mod-shib. If you had any customizations
in /etc/apache2/mods-available/shib.load, you will need to move them to
/etc/apache2/mods-available/shib2.load.
-- Russ Allbery <rra@debian.org> Tue, 14 Oct 2008 20:52:20 -0700
|
