07/31/08: CUWEBAUTH VERSION 2.0 AVAILABLE FOR APACHE SYSTEMS
CUWebAuth 2.0 is now available for download by campus service providers. If your
service currently relies on CUWebAuth 1.x or SideCar, you are encouraged to
upgrade well before December 2008, when Kerberos 4 is expected to be retired and
these methods will no longer work.
The documentation and binaries are available at: https://confluence.cornell.edu/display/CUWAL/CUWebAuth+2.0
CUWebAuth 2.0 highlights:
- Supports Kerberos 5 (only)
- Uses shared libraries for Kerberos functions to avoid conflicts with other modules that load Kerberos
- Provides better support for CGI-based authorization (permit/group lookups)
- Includes additional configuration directives (and discontinues others)
-
Is available as open-source
A note on SideCar:
Service providers who still rely on SideCar for authentication should have plans
in place to switch methods. SideCar will stop working when Kerberos 4 is retired.
In the newest version of Bear Access, SideCar has been replaced by Kerberos
Viewer, a program that allows individuals to view their current credentials but,
unlike SideCar, does not perform out-of-band authentication via port 913.
If you have any questions or concerns about upgrading to CUWebAuth 2.0 or
discontinuing use of SideCar, please let us know at idmgmt@cornell.edu.