v0.14 (2020-12-17) ------------------ - Respect X-Forwarded-Proto header for method selection (Contributed by Ludek Navratil) - Build via automake (Contributed by @rmacd) - Fix OpenSSL compatibility issues (Contributed by @rmacd) - PHP login: Fix occasional invalid signature (suggested by @michelcve) - PHP login: Fix bauth when password contains ':' (suggested by @ggramaize) - Maximum uid length increased to 255 chars (to match Apache spec) (Contributed by @rmacd) v0.13 (2018-10-15) ------------------ - Add compatibility with OpenSSL 1.1 API (Contributed by Vulpeculus) v0.12 (2018-03-15) ------------------ - Add TKTAuthRequireMultifactor and TKTAuthMultifactorURL. These can be used to protect certain Directory/Location directives with an additional login factor to achieve multifactor. Like the original login, the multifactor method is left up to the ticket generation application, only requiring an attestation that multifactor has been supplied. (Contributed by Nick Ramser) v0.11 (2017-02-28) ------------------ - Fixes selection of digest algorithm when using TKTAuthDigest. v0.10 (2016-12-16) ------------------ - New option TKTAuthDigest allowing selection of the digest algorithm. If not configured, the old defaults of SHA1 (for RSA privkey) and DSS1 (for DSA privkey) will be used. SHA224, SHA256, SHA384, and SHA512 are the additional valid algorithm values. (Contributed by Jake Buchholz) v0.9 (09/07/2015) ----------------- - New option TKTAuthHeader allowing custom header(s) to be used instead of a just a Cookie. v0.8 (06/28/2012) ----------------- - new option TKTAuthPassthruBasicAuth and corresponding field in ticket ("bauth") makes it possible to specify the Basic authorization username/password in the ticket (e.g. when reverse proxying to a third party system that cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket (AES-128-CBC). v0.7 (06/04/2012) ----------------- - TKTAuthPublicKey can now be set per directory/location (it is still possible to set a global default key, so existing configurations do not need to be changed) (contributed by Ivo De Decker). - TKTAuthLoginURL is now optional; if not provided, users without a valid ticket will simply get an HTTP forbidden error (contributed by Ivo De Decker). - Added Perl ticket generation module (contributed by Assaf Gordon). - Module now compiles with Apache 2.4. - Added TKTAuthBadIPURL option (contributed by John Wittkoski). - Increased max. UID length to 64 (from 32); can be changed by modifying MAX_UID_SIZE. v0.6a (02/23/2010) ------------------ - Fixed XSS vulnerability in example php-login/login.php. (reported by Thomas Hug). v0.6 (09/12/2009) ----------------- - Fixed inheritance of TKTAuthCookieName and TKTAuthBackArgName configuration directives (reported by Iaroslav Vassiliev). - Improved compatibility with HTTP 1.0 (redirect) (contributed by Frederic Planchon ). v0.5 (01/22/2009) ----------------- - Fixed parsing of cookies with escaped spaces ('+') (reported by Iaroslav Vassiliev). - Fixed errors in login.php example. v0.4 (01/18/2009) ----------------- - Replaced TKTAuthGracePeriod directive by graceperiod key in ticket (contributed by Frederic Planchon ). - Updated example PHP login page to support ticket refreshing/grace periods (contributed by Frederic Planchon ). v0.3 (01/13/2009) ----------------- - Added TKTAuthFakeBasicAuth option (when enabled, adds an Authorization header to prevent problems with username logging for requests that are handled by PHP), contributed by Frederic Planchon . - Added support for ticket refreshing (TKTAuthRefreshURL and TKTAuthGracePeriod configuration directives), contributed by Frederic Planchon . v0.2 (02/03/2008) ----------------- - Initial public release.