1 shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
3 As of this release, running shibd as a non-root user is supported and
4 recommended to limit the impact of any potential security issues. The
5 package will create a dedicated _shibd user on installation for that
8 In order for shibd to run as user _shibd instead of as root, user _shibd
9 must have read access to the private key of the server. The easiest way
10 is to make the private key, normally /etc/shibboleth/sp-key.pem, owned
11 by root and readable by group _shibd:
13 chown root:_shibd /etc/shibboleth/sp-key.pem
14 chmod 640 /etc/shibboleth/sp-key.pem
16 The init script attempts to detect, when starting up shibd, whether it
17 can read the private key specified in the configuration and, if not,
18 falls back on running shibd as root, as was done in previous versions of
21 -- Russ Allbery <rra@debian.org> Tue, 10 Nov 2009 16:48:03 -0800
23 shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
25 There are several changes to the configuration syntax and defaults in
26 Shibboleth 2.2, one of which produce deprecation warnings on startup
27 until /etc/shibboleth/shibboleth2.xml is updated.
29 The most significant change is that <Rule> tags in the <Policy> element
30 should be changed to <PolicyRule> and a new policy rule added:
32 <PolicyRule type="Conditions">
33 <PolicyRule type="Audience"/>
34 <!-- Enable Delegation rule to permit delegated access. -->
35 <!-- <PolicyRule type="Delegation"/> -->
40 https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationChanges
42 for all the details and further explanation.
44 -- Russ Allbery <rra@debian.org> Tue, 15 Sep 2009 20:44:26 -0700
46 shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low
48 With this release, the Apache module configuration fragments in
49 /etc/apache2/mods-available have been renamed to shib2.* from shib.* to
50 avoid conflicts with libapache2-mod-shib. If you had any customizations
51 in /etc/apache2/mods-available/shib.load, you will need to move them to
52 /etc/apache2/mods-available/shib2.load.
54 -- Russ Allbery <rra@debian.org> Tue, 14 Oct 2008 20:52:20 -0700