File: libapache2-mod-shib2.NEWS

package info (click to toggle)
shibboleth-sp2 2.6.0%2Bdfsg1-4%2Bdeb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 7,896 kB
  • sloc: cpp: 39,404; sh: 11,726; makefile: 866; xml: 371; ansic: 35
file content (82 lines) | stat: -rw-r--r-- 3,285 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
shibboleth-sp2 (2.5.5+dfsg1-1) unstable; urgency=medium

  The Debian specific redirection of logs from the Apache module (native
  logs) is dropped in this version.  The new upstream location for these
  logs is /var/log/shibboleth-www.

 -- Ferenc W√°gner <wferi@niif.hu>  Thu, 21 Jan 2016 01:13:27 +0100

shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low

  Shibboleth has added new Require shib-session and Require shib-user
  directives, which will replace use of Require valid-user and Require
  user with Shibboleth authentication.  If you are currently using
  valid-user or user restrictions with Shibboleth, consider switching to
  shib-session and shib-user, respectively.

  If you are using both Shibboleth and another authentication method, such
  as basic auth, on the same Apache server and want to use Require
  valid-user or Require user with the non-Shibboleth authentication
  method, you will need to add:

      ShibCompatValidUser On

  to your server or virtual host configuration.
  
 -- Russ Allbery <rra@debian.org>  Tue, 18 Jun 2013 14:47:40 -0700

shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high

  As of this release, running shibd as a non-root user is supported and
  recommended to limit the impact of any potential security issues.  The
  package will create a dedicated _shibd user on installation for that
  purpose.

  In order for shibd to run as user _shibd instead of as root, user _shibd
  must have read access to the private key of the server.  The easiest way
  is to make the private key, normally /etc/shibboleth/sp-key.pem, owned
  by root and readable by group _shibd:

      chown root:_shibd /etc/shibboleth/sp-key.pem
      chmod 640 /etc/shibboleth/sp-key.pem

  The init script attempts to detect, when starting up shibd, whether it
  can read the private key specified in the configuration and, if not,
  falls back on running shibd as root, as was done in previous versions of
  this package.

 -- Russ Allbery <rra@debian.org>  Tue, 10 Nov 2009 16:48:03 -0800

shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low

  There are several changes to the configuration syntax and defaults in
  Shibboleth 2.2, one of which produce deprecation warnings on startup
  until /etc/shibboleth/shibboleth2.xml is updated.

  The most significant change is that <Rule> tags in the <Policy> element
  should be changed to <PolicyRule> and a new policy rule added:

      <PolicyRule type="Conditions">
          <PolicyRule type="Audience"/>
          <!-- Enable Delegation rule to permit delegated access. -->
          <!-- <PolicyRule type="Delegation"/> -->
      </PolicyRule>

  See:

  https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationChanges

  for all the details and further explanation.

 -- Russ Allbery <rra@debian.org>  Tue, 15 Sep 2009 20:44:26 -0700

shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low

  With this release, the Apache module configuration fragments in
  /etc/apache2/mods-available have been renamed to shib2.* from shib.* to
  avoid conflicts with libapache2-mod-shib.  If you had any customizations
  in /etc/apache2/mods-available/shib.load, you will need to move them to
  /etc/apache2/mods-available/shib2.load.

 -- Russ Allbery <rra@debian.org>  Tue, 14 Oct 2008 20:52:20 -0700