Skip navigation



WebAuth 3.4.1 Announcement

The ITS WebAuth team is pleased to announce Stanford WebAuth 3.4.1. This is a bug fix and porting release.

The change to not strip WebAuth information from unprotected URLs made in 3.4.0 had to be reverted since it didn't interact well with WebAuth authentication configured in .htaccess files, but the configuration option WebAuthStripURL is now supported and documented as a partial replacement.

WebAuth has also, with this release, been ported to the Heimdal Kerberos implementation, no longer uses deprecated OpenLDAP interfaces, and should find com_err headers on recent releases of Red Hat and Fedora.

For documentation and downloads of WebAuth 3.4.1, see:


We have not yet updated the versions of the binary packages for Solaris.

The user-visible changes in this release are:

  • Reverted the change in 3.4.0 to not strip WebAuth data from the URLs for unprotected URLs since it didn't work with .htaccess files.

  • Documented the WebAuthStripURL directive as a partial replacement for the problem the reverted change was supposed to solve. This directive has always been supported but it was previously undocumented and not guaranteed to remain.

  • Ported to Heimdal. The Kerberos implementation dependencies are all inside libwebauth, which can now be built with either MIT Kerberos or Heimdal. Mixed environments with some Heimdal-based WebAuth modules and some MIT-based modules should work correctly.

  • Avoid deprecated OpenLDAP interfaces whose prototypes are unavailable by default in OpenLDAP 2.3.

  • Support et/com_err.h as well as com_err.h for portability to Red Hat Enterprise Linux 4 and possibly other newer Red Hat-based Linux systems.

Last modified Friday, 12-Dec-2014 02:31:13 PM

Stanford University Home Page