Skip navigation



WebAuth 4.0.2 Announcement

The ITS WebAuth team is pleased to announce Stanford WebAuth 4.0.2. This is a bug-fix release for the new functionality in WebAuth 4.0 and corresponds to the code deployed in production at Stanford. With this release, we consider WebAuth 4.0 ready for production use.

For documentation and downloads of WebAuth 4.0.2, see:


New Debian packages have been uploaded to Debian unstable. New Red Hat packages will be coming later.

The user-visible changes in this release are:

  • Fix a typo that caused the cookie tracking whether a user had requested REMOTE_USER authentication to be reset as a session cookie.

  • Fix compilation without remctl libraries.

  • Port to APR 0.9, which comes with Red Hat Enterprise 4 and distributions derived from it.

  • Ignore cookies with undefined values in WebLogin and tokens that aren't present in the password change page to avoid Perl warnings in the Apache error log.

  • Document factor codes in the mod_webauth manual.

  • Add additional Stanford-specific documentation for how to enable multifactor authentication on a WebAuth Application Server at Stanford.

  • Update to rra-c-util 3.11:

    • Check for a missing ssize_t.
    • Correctly remove -I/usr/include from Kerberos and GSS-API flags.
    • Fix message utility library compiler warnings on 64-bit systems.
Last modified Friday, 12-Dec-2014 02:31:13 PM

Stanford University Home Page