• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Strategic Plan
  • Jobs
  • Contact info
  • Service & System Metrics
• INTERNAL
• SEARCH

  • Search IT Services:
     

• WebAuth Overview
• WebAuth News
• Obtaining WebAuth
• FAQ
• Download
• Installation
• Configuration
• User Authentication

• IT Services
• WebAuth
• Obtaining and Installing
• Download

Download WebAuth

WebAuth is available as source code, as Debian GNU/Linux packages, or as compiled binaries for Solaris (built on Solaris 8, but should work on 9 or 10 as well). There is also an unsupported binary distribution for Apache for Windows. If you are using WebAuth on some other platform, you will need to compile it yourself.

Source

Download WebAuth source:

• WebAuth 3.6.0 (PGP signature)
  MD5 checksum: 3a944c415b7ffd1dade3f70ca8be4094

Debian Packages

WebAuth is available directly from the standard Debian package repositories for Debian unstable and the stable etch (4.0) release. It is also available for Ubuntu breezy and all later releases as part of Ubuntu universe.

For packages for Debian sarge, see backports.org.

Wherever you are getting the packages from, install the basic WebAuth module with:

    aptitude update
    aptitude install libapache2-webauth

(or use apt-get if you normally do). Then read /usr/share/doc/libapache2-webauth/README.Debian for instructions on configuring the package for your local WebAuth setup and for more information about the Debian packaging. All of WebAuth, including the WebKDC, is packaged for Debian, broken into several different packages. For a list of all the available packages, use apt-cache search webauth.

Red Hat Packages

We provide a Red Hat package of the mod_webauth and mod_webauthldap modules plus the supporting shared library built for Red Hat Enterprise Linux 3, 4, and 5. Packages of the Perl bindings, the WebKDC, and the Weblogin server are not currently available.

• WebAuth 3.6.0 RHEL3 i686 binaries
• WebAuth 3.6.0 RHEL4 i686 binaries
• WebAuth 3.6.0 RHEL4 x86_64 binaries
• WebAuth 3.6.0 RHEL5 i686 binaries
• WebAuth 3.6.0 RHEL5 x86_64 binaries
• WebAuth 3.6.0 RHEL4 source
• WebAuth 3.6.0 RHEL5 source

If rebuilding the source RPMs, see the comments in the spec file. They will require some minor modifications for Fedora.

Solaris Binaries

The Solaris binary release comes in two separate packages. The first is a stow package of the WebAuth libraries and utilities, suitable for installation in /usr/local. The second is a tarball containing only the Stanford configuration fragments and the compiled mod_webauth and mod_webauthldap modules. These binary releases will need all of the prequisite stow packages listed on the stow package page.

The modules are built to look in /usr/local/lib and /usr/local/apache2/lib for libraries, but the library search path will also be supplemented by your Apache configuration (so they should have no trouble finding the basic Apache libraries). These modules should work with Apache 2.0.58 and later (and possibly with earlier versions back to 2.0.42, but this has not been tested).

Download WebAuth Solaris binaries:

• WebAuth 3.5.1 Solaris stow package (PGP signature)
  MD5 checksum: ec94d28d2fac7a85ea7e5760f77bce7f

• WebAuth 3.5.1 Solaris modules (PGP signature)
  MD5 checksum: c13772054e1ad418da07fb0f1363059d

We don't yet have Solaris packages for newer versions.

For information on how to install stow packages in /usr/local, see the stow package documentation. The WebAuth stow package installs exactly like the stow packages for the other prerequisites.

Windows Binaries

There is a contributed implementation of WebAuth for IIS written by Jesse Young, based on an initial implementation that was never completed. This version of WebAuth for IIS is in use in a few places, but is not supported by the WebAuth team (at least at this time). For more information and downloads, see his WebAuth for IIS page (external link).

There is also an unsupported port to Windows Apache available as a .zip file that can be unpacked over top an Apache for Windows distribution. This port contains the various DLL files used by WebAuth as well as the WebAuth modules itself and a compilation of mod_ssl.

To install this port, please see the Windows installation instructions. You will separately need to install Apache 2.0.47 for Windows, as described in these instructions.

Download the WebAuth Windows port:

• WebAuth 3.2.0 for Windows (PGP signature)
  MD5 checksum: deadeb90f996a79a66fdd854a87265df

Both of these ports are unsupported. They are provided on an as-is basis in the hope that people will find it useful, and for Windows users to experiment with. We welcome feedback and contributions, but the Windows port is currently a low priority and we cannot provide installation help beyond the documentation or links to external sites. If you find this port useful and feel that we should fully support it, please let us know; if enough people request support, we may be able to find resources to do so.

Java Implementation

The SPIE project at the Oxford University Computing Services department developed a WebAuth implementation written in pure Java. This is a Java Servlet 2.3 implementation that provides a subset of the mod_webauth Apache module capabilities. It has been tested with Tomcat 4.1 and 5.5. It currently only implements the des3-cbc-sha1-kd and des-cbc-crc Kerberos enctypes. This implementation is licensed under the GNU Lesser General Public License.

• README and Requirements
• WebAuth JAR
• WebAuth source JAR

Please note that this implementation is unsupported by the WebAuth team, but the original author may be able to answer some questions. For more information and contact information for the author, please see the README file.

PGP Information

All WebAuth distributions are signed with an OpenPGP signature. You can verify these signatures with GnuPG. Here is the WebAuth signing key, or you can also obtain it from a key server. The key ID is 0xDFA89CD3.

This key has been signed by Russ Allbery (key ID 0x0AFC7476), who is part of the Debian web of trust.

The Red Hat packages are signed by Stanford's Red Hat package signing key, which is also signed by Russ Allbery and by the WebAuth key linked to above. The key ID is 0xAF476543.

License

Stanford WebAuth is released under the following license:

Copyright 2002, 2003, 2004, 2005, 2006, 2007 Board of Trustees, Leland Stanford Jr. University.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.