/
Yale CAS Clients 2.0.10
Yale CAS Clients 2.0.10
Legacy code
The Java clients in this release are superceded by more recent releases of the Java CAS Client. The remaining clients in this bundle are superceded by those in more recent releases of the Yale CAS Clients bundle.
Getting the files
Distribution is attached to this Wiki page.
Release notes
These notes describe how this release differs from the previous release, Yale CAS Clients 2.0.4.
CAS client 2.0.10 (June 2003): product maturation
- Numerous enhancement and fixes to mod_cas:
- The distributions are now intended to be cross-platform, though continued feedback from the community on the ease of compilation and installation would be appreciated. Particular dependencies on Linux have been removed; /dev/urandom can now be avoided with a CASEGDFile runtime parameter that directs use of the EGD via OpenSSL, and advisory file locking uses POSIX calls instead of BSD calls. (Failure of /dev/urandom to be found when it's needed now results in a failure to add a ticket to the cache; adding entries with nonrandom keys to the local cache isn't secure, so we now "fail closed" instead of "failing open.")
- Mod_cas now uses distinct names for cookies sent securely and insecurely, thus allowing them to exist side by side on a server that has both HTTP and HTTPS URLs. Thanks to Eric Abbott (now at BC, I believe) for the suggestion.
- Minor improvements to the commenting and layout of the code.
- The Apache 1.x module now supports access control based on Unix groups. (This feature had been present only in the Apache 2.x module.)
- Pam_cas incorporates a number of fixes provided by the ESUP-Portail group in France (particularly Vincent Mathieu):
- The module did not properly compare the authenticating NetID to the one provided by CAS, allowing a trusted proxy to assert a username freely. This is now handled securely.
- The module now avoids trying to validate tickets that don't appear to be tickets; this saves time and helps prevent users' passwords (or incorrect passwords) that happen to run through the PAM module from being sent to the CAS server and potentially recorded in HTTPD logs.
- Improved error codes and messages are used by the module; this should facilitate debugging.
- The PL/SQL library has been updated to support proxy authentication and the server's 'renew=true' option. This client code has not been widely tested, so feedback here would be valuable as well.
- Miscellaneous minor bugfixes (e.g., 'serverName' in the Java Servlet filter now works as documented, thanks to reports by Andy Zygmunt and Peter Snow).
- Added a directory for outside contributions – currently containing an ISAPI filter provided by Indiana University.