mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
|Tags||Internet Web HTTP Servers Security|
|Operating Systems||Windows Unix FreeBSD Linux|
Release Notes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.
Release Notes: The public key can be set per directory instead of only globally. The login URL is now optional, and a new TKTAuthBadIPURL option has been added. Furthermore, the module now compiles with Apache 2.4 and includes a Perl ticket generation module.
Release Notes: This release fixes inheritance of the TKTAuthCookieName and TKTAuthBackArgName configuration directives. It improves compatibility with HTTP 1.0 (redirect). It adds an RPM spec file and sample config to the distribution.
Release Notes: This release adds automatic ticket refreshing support, fixes a bug with username logging when PHP is installed, and corrects a problem with escaped spaces in ticket cookies.
No changes have been submitted for this release.