Skip navigation



WebAuth 3.7.2 Announcement

The ITS WebAuth team is pleased to announce Stanford WebAuth 3.7.2. This release fixes a serious bug in option parsing in wa_keyring that made the utility unusable. It also fixes some portability problems and improves WebLogin handling of expired or disabled accounts.

For documentation and downloads of WebAuth 3.7.2, see:


New Debian packages have been uploaded to Debian experimental. The wa_keyring bug has been fixed in a separate upload to unstable and is targetted for the squeeze release. Updated versions with the wa_keyring fix will be uploaded to once WebAuth 3.7.2 migrates to Debian testing.

New Red Hat packages will be coming soon.

The user-visible changes in this release are:

  • Fix wa_keyring option parsing problems introduced in 3.7.0. Correctly count arguments so that commands are recognized correctly and do not require -- before commands with negative time offsets, like "gc -90d".

  • Fix uninitialized variable that caused wa_keyring to randomly default to verbose mode for list.

  • mod_webkdc now returns a user rejected error instead of a generic Kerberos error for attempted authentications to expired accounts or accounts set to disallow authentication, allowing WebLogin to display a rejected user error message rather than a generic failure message.

  • Add portability code for old MIT Kerberos and Heimdal libraries without krb5_get_init_creds_opt_free.

  • Fix build problems with with Perl module (only built when the WebKDC is enabled) on platforms where all shared libraries need to be linked with explicitly.

Last modified Friday, 12-Dec-2014 02:31:13 PM

Stanford University Home Page