DACS DACS - The Distributed Access Control System


Download and Release Information

DACS software is available for free. It is distributed in source form only - you must build it, although in most cases this is not difficult. Please refer to the license for details and copyright notices. A Debian GNU/Linux release of DACS is available, however. DSS does not prepare or manage that distribution.

Starting with version 1.4.26, DACS is not available on SourceForge - get it from the links in the table below. For the time being, releases prior to 1.4.26 will continue to be distributed as tarballs on SourceForge.net; please refer to the table below.

Important release notes, change summaries, and post-release notifications are posted on this page, and when a significant bug is found after release, we will post a notice here, sometimes with a solution. Please review this information before installing DACS or if you are experiencing any problems with DACS. We apologize for any inconvenience and try to fix all known bugs in the next release. Patches and bug fix releases are sometimes available - please inquire.

Information that appears here about older releases may be superseded by changes made in newer releases; this also applies to such things as the renaming of programs and files. A bug reported for a specific release may also be present in earlier releases.

As mentioned elsewhere, we like to think that development of DACS is guided largely by the needs of its users, so we need your input to do a good job! Your requests and suggestions are important for us to continue to focus our efforts on solving problems that are important to you.

We do not require you to register your copy of DACS, but we would appreciate hearing from you if you decide to use it. The anonymous information you provide can help us to focus development and will be taken into account when we consider making changes, particularly changes that are incompatible with earlier releases.

What You Need

To build DACS, at minimum you will need the following:

If you require certain optional features, you will need to obtain some additional third-party software, such as Berkeley DB, Samba, or OpenLDAP.

Please see dacs.install(7) for details.

Bugs and Support

If you are having a problem with DACS, after first reviewing the release notes and post-release notes for your version, the next thing to do is check your DACS log files and Apache log files (you may need to bump up your logging level to get additional information as to what is happening). You should also consult the FAQ and Tips. Whenever possible, you should always run the latest release of DACS and check that you are compiling with the correct version of third-party software.

Please see the support area for information on reporting bugs and other assistance. Technical support and maintenance packages are available.

Downloads and Release History

To unpack a tarball into a subdirectory named after the tarball file with the extension removed,

The decompression commands should be available on practically all platforms that are suitable for building DACS.

Release Name Release Date Release Info Tarballs
File Name Bytes Checksums
1.4.30 7-July-2014 README, Notes, Changes, Post-Release
dacs-1.4.30.tbz 2753095 | file MD5 SHA-1
dacs-1.4.30.txz 2175092 | file MD5 SHA-1
dacs-1.4.30.tgz 3805653 | file MD5 SHA-1
1.4.29 30-Oct-2013 README, Notes, Changes, Post-Release
dacs-1.4.29.tbz 2751185 | file MD5 SHA-1
dacs-1.4.29.txz 2170444 | file MD5 SHA-1
dacs-1.4.29.tgz 3796945 | file MD5 SHA-1
1.4.28b 1-Mar-2013 README, Notes, Changes, Post-Release
dacs-1.4.28b.tbz 2715660 | file MD5 SHA-1
dacs-1.4.28b.txz 2153752 | file MD5 SHA-1
dacs-1.4.28b.tgz 3768448 | file MD5 SHA-1
1.4.28a 29-Jan-2013 README, Notes, Changes, Post-Release
dacs-1.4.28a.tbz 2711714 | file MD5 SHA-1
dacs-1.4.28a.txz 2141460 | file MD5 SHA-1
dacs-1.4.28a.tgz 3749167 | file MD5 SHA-1
1.4.28 23-Oct-2012 README, Notes, Changes, Post-Release
dacs-1.4.28.tgz 3732171 | file MD5 SHA-1
dacs-1.4.28.tbz 2700929 | file MD5 SHA-1
1.4.27b 19-Mar-2012 README, Notes, Changes, Post-Release
dacs-1.4.27b.tgz 3724152 | file MD5 SHA-1
dacs-1.4.27b.tbz 2695824 | file MD5 SHA-1
1.4.27 16-Jan-2012 README, Notes, Changes, Post-Release
dacs-1.4.27.tgz 3675561 | file MD5 SHA-1
dacs-1.4.27.tbz 2627120 | file MD5 SHA-1
1.4.26 30-Sep-2011 README, Notes, Changes, Post-Release
dacs-1.4.26.tgz 3658730 | file MD5 SHA-1
dacs-1.4.26.tbz 2608183 | file MD5 SHA-1
1.4.25 23-Jun-2010 Notes, Changes, Post-Release, Patch
dacs-1.4.25.tgz 3633131 | file MD5 SHA-1
dacs-1.4.25.tbz 2563328 | file MD5 SHA-1
1.4.24 7-Jan-2010 Notes, Changes, Post-Release
dacs-1.4.24.tgz 3373741 | file MD5 SHA-1
dacs-1.4.24.tbz 2404871 | file MD5 SHA-1
1.4.23a 16-Oct-09 Notes, Changes, Post-Release
dacs-1.4.23a.tgz 3346646 | file MD5 SHA-1
dacs-1.4.23a.tbz 2381089 | file MD5 SHA-1
1.4.23 14-Sep-09 Notes, Changes, Post-Release
dacs-1.4.23.tgz 3324221 | file MD5 SHA-1
dacs-1.4.23.tbz 2358779 | file MD5 SHA-1
1.4.22 13-Jan-09 Notes, Changes, Post-Release
dacs-1.4.22.tgz 3015392 | file MD5 SHA-1
dacs-1.4.22.tbz 2137791 | file MD5 SHA-1
1.4.21 31-Mar-08 Notes, Changes, Post-Release
dacs-1.4.21.tgz 2823882 | file MD5 SHA-1
dacs-1.4.21.tbz 2050146 | file MD5 SHA-1
1.4.20 15-Aug-07 Notes, Changes, Post-Release
dacs-1.4.20.tgz 2686200 | file MD5 SHA-1
dacs-1.4.20.tbz 1925130 | file MD5 SHA-1
1.4.19* 2-Jul-07 Notes, Changes, Post-Release
dacs-1.4.19.tgz 2648991 | file MD5 SHA-1
dacs-1.4.19.tbz 1884646 | file MD5 SHA-1
1.4.18 4-Apr-07 Notes, Changes, Post-Release
dacs-1.4.18.tgz 2542689 | file MD5 SHA-1
dacs-1.4.18.tbz 1842434 | file MD5 SHA-1
1.4.17 8-Feb-07 Notes, Changes, Post-Release
dacs-1.4.17.tgz 2413437 | file MD5 SHA-1
dacs-1.4.17.tbz 1737306 | file MD5 SHA-1
1.4.16 4-Dec-06 Notes, Changes, Post-Release
dacs-1.4.16.tgz 2343899 | file MD5 SHA-1
dacs-1.4.16.tbz 1689186 | file MD5 SHA-1
1.4.15 1-Oct-06 Notes, Changes, Post-Release
dacs-1.4.15.tgz 2264282 | file MD5 SHA-1
dacs-1.4.15.tbz 1620600 | file MD5 SHA-1
1.4.14 1-Aug-06 Notes, Changes, Post-Release
dacs-1.4.14.tgz 2152617 | file MD5 SHA-1
dacs-1.4.14.tbz 1562839 | file MD5 SHA-1
1.4.13a 2-Jun-06 Notes, Changes, Post-Release
dacs-1.4.13a.tgz 2071894 | file MD5 SHA-1
dacs-1.4.13a.tbz 1498288 | file MD5 SHA-1
1.4.13 1-Jun-06 Notes, Changes, Post-Release
dacs-1.4.13.tgz 2072574 | file MD5 SHA-1
dacs-1.4.13.tbz 1499260 | file MD5 SHA-1
1.4.12 1-May-06 Notes, Changes, Post-Release
dacs-1.4.12.tgz 1754404 | file MD5 SHA-1
dacs-1.4.12.tbz 1227125 | file MD5 SHA-1
1.4.11 9-Mar-06 Notes, Changes, Post-Release
dacs-1.4.11.tgz 1704101 | file MD5 SHA-1
dacs-1.4.11.tbz 1187716 | file MD5 SHA-1
1.4.10 26-Jan-06 Notes, Changes, Post-Release
dacs-1.4.10.tgz 1598073 | file MD5 SHA-1
dacs-1.4.10.tbz 1150470 | file MD5 SHA-1
1.4.9 24-Dec-05 Notes, Changes, Post-Release
dacs-1.4.9.tgz 1547377 | file MD5 SHA-1
dacs-1.4.9.tbz 1136473 | file MD5 SHA-1
1.4.8 18-Nov-05 Notes, Changes, Post-Release
dacs-1.4.8.tgz 1474462 | file MD5 SHA-1
dacs-1.4.8.tbz 1087179 | file MD5 SHA-1
1.4.7 20-Oct-05 Notes, Changes, Post-Release
dacs-1.4.7.tgz 1364048 | file MD5 SHA-1
dacs-1.4.7.tbz 1007226 | file MD5 SHA-1

DACS Version 1.4.30

Release Notes

This release primarily addresses configuration and build problems, improves documentation, fixes some minor bugs, and upgrades third-party support packages.

Change Summary

Post-Release Notes

Nothing yet.

DACS Version 1.4.29

Release Notes

This release primarily addresses configuration and build problems, improves documentation, fixes some minor bugs, and upgrades third-party support packages.

Change Summary

Post-Release Notes

DACS Version 1.4.28c

Release Notes

This version was not publicly released but the changes summarized below were made to the code base.

Change Summary

Post-Release Notes

This sentence intentionally left blank.

DACS Version 1.4.28b

Release Notes

This release addresses problems with Apache 2.4 support, fixes some minor bugs, and upgrades some third-party support packages.

Change Summary

Post-Release Notes

DACS Version 1.4.28a

Release Notes

This release improves support for Apache 2.4, corrects many problems with dacs.quick(7), and fixes a variety of minor bugs. There are no third-party support package upgrades, so upgrading from DACS 1.4.28 should be easy. For details, consult the README and HISTORY files, dacs.readme(7), and dacs.install(7).

Change Summary

Post-Release Notes

DACS Version 1.4.28

Release Notes

This minor bug fix release addresses build and portability issues. For details, consult the README and HISTORY files, dacs.readme(7), and dacs.install(7).

Change Summary

Post-Release Notes

DACS Version 1.4.27b

Release Notes

This minor bug fix release addresses build and portability issues found after the release of 1.4.27. For details, consult the README and HISTORY files, dacs.readme(7), and dacs.install(7).

Change Summary

Post-Release Notes

Nothing yet.

DACS Version 1.4.27

Release Notes

This is mainly a bug fix release. Consult the README and HISTORY files, dacs.readme(7), and dacs.install(7).

Change Summary

Post-Release Notes

DACS Version 1.4.26

Release Notes

This is mainly a bug fix release. Consult the README and HISTORY files, dacs.readme(7), and dacs.install(7).

Change Summary

Post-Release Notes

DACS Version 1.4.25

Release Notes

Although it mainly fixes bugs and adds some minor features, this release includes improved support for one-time passwords (such as time-based tokens, token provisioning, and additional OTP token vendors), introduces a new, simplified user-selectable authentication control, fixes and improves PAM-based authentication, and adds support for SQLite.

As with earlier releases of DACS, a variety of problems were encountered building third-party software. In particular, OpenSSL - which has seen a larger than usual number of releases recently - seems to be troublesome. These problems are addressed in dacs.install(7).

Change Summary

Post-Release Notes

Important (3-Nov-2010):
The local_passwd_authenticate authentication module for 1.4.25 may report a successful authentication outcome even if an incorrect password is given. If you are using this authentication module or plan to, please apply this patch immediately, then "make install" DACS. Sites running earlier releases of DACS should upgrade (and apply the patch), or at least verify that their release's local_passwd_authenticate is working properly.

DACS Version 1.4.24

Release Notes

This is primarily a bug fix release, but it also introduces support for the Mac OS X 10.6/x86 platform.

As with earlier releases of DACS, a variety of problems were encountered building third-party software on OpenSolaris/x86. These problems - and, sometimes, solutions - are addressed in dacs.install(7).

Change Summary

Post-Release Notes

DACS Version 1.4.23a

Release Notes

This release adds some refinements to the Information Card support, introduces some new features, fixes some bugs, and upgrades to recent releases of third-party supporting software. Everyone is encouraged to upgrade to this release of DACS.

One significant new feature is an optional inactivity time out (see the new directives, ACS_TRACK_ACTIVITY and ACS_INACTIVITY_LIMIT_SECS). Another important feature is that dacs_current_credentials can return information about a user's last login and other logins that might be "active" - this can be useful for detecting security breaches.

For additional information about Information Cards and the new authentication capabilities available in this release, please visit the demo area. Note that as with the previous release, you must use the built-in local_infocard_authentication module rather than the web service.

If you are upgrading from an earlier release of DACS, after installation check that you are using the site.conf that comes with the new release.

Change Summary

Post-Release Notes

Nothing yet.

DACS Version 1.4.23

Release Notes

This release mainly introduces support for Information Cards, but it also includes some minor enhancements, bug fixes, and upgrades to recent releases of third-party supporting software.

For additional information about Information Cards and the new authentication capabilities optionally available in this release, please visit the demo area. If you like (or do not like) DACS support for InfoCards, please let us know.

If you are upgrading from an earlier release of DACS, after installation check that you are using the site.conf that comes with the new release.

Change Summary

Post-Release Notes

Building openssl-0.9.8j on FreeBSD

A "make install" of the standard openssl-0.9.8j distribution fails on FreeBSD 7.0, even if specifying only --prefix and --openssldir to configure. It may fail on other platforms, too (I'm lookin' at you, OpenSolaris and Cygwin):

cp: fipscanister.o.sha1: No such file or directory
cp: fipscanister.o: No such file or directory
*** Error code 1

Stop in /usr/k/generic/src/sysutils/openssl-0.9.8j/fips.

Here is what was needed to fix the problem(s) on FreeBSD 7.0 (your mileage may vary).

  1. After unpacking the source distribution, run configure
  2. As usual, run:
    % make
    % make test
    
    These should work properly; if they do, proceed.
  3. Do: make install
    If it fails, continue with the following steps.
  4. Change to the fips subdirectory
  5. Edit each of {aes,des,dh,dsa,hmac,rand,rsa,sha}/Makefile and (if necessary) change the value of INCLUDES (defined near the beginning of the file) to:
    INCLUDES=-I../.. -I..
    
  6. Run "make lib" in each of those directories:
    % (cd aes; make lib)
    % (cd des; make lib)
    and so on
    % (cd sha; make lib)
    
  7. Do: make fipscanister.o
    It will probably report an error, but that's ok provided it actually creates fipscanister.o.
  8. Do: make fips_standalone_sha1
  9. Do: ./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
  10. Change to the distribution's root directory and try again to install:
    % cd ..
    % make install
    
    If it still doesn't work, as on OpenSolaris and Cygwin, try openssl-0.9.8i, which doesn't seem to have these problems.

DACS Version 1.4.22

Release Notes

This release mainly fixes an assortment of bugs and upgrades to recent releases of third-party supporting software.

Change Summary

Post-Release Notes

The following errata and comments are associated with this release:

DACS Version 1.4.21

Release Notes

Although this release mainly addresses a wide assortment of bugs, and upgrades to recent releases of third-party supporting software, it also features some significant performance and administrative improvements. Changes of note include:

Change Summary

Post-Release Notes

The following errata are associated with this release:

This and previous releases of DACS produce HTTP cookies that have colons (and possibly other punctuation) in their names. Although this is not known to cause problems with any web browsers, it is unacceptable to some versions of Tomcat. It seems that RFC 2109 (Sections 4.2.2 and 4.1) and RFC 2965 (Sections 3.2.2 and 3.1), with RFC 2616 (Section 2.2), do not allow these "separators" to appear in a cookie name. DACS does not currently have a workaround for this problem, but then it does not claim to be RFC 2109/2965 compliant. A future release of DACS will likely change the syntax of its cookies to something benign. Changes to the cookie name syntax may cause problems for interoperation between different versions of DACS. Note that middleware should not be relying upon (esp. parsing) the names of DACS cookies, other than to identify the different types of cookies, so a change should only be a minor inconvenience for middleware.

It seems that issues may arise when mod_rewrite and mod_proxy come into play with DACS-wrapped resources. A single proxied request may cause Apache to perform many authorization checks. Also, Apache mangles some variables associated with a proxied request during processing (e.g., the REQUEST_URI) and these may not be handled properly by DACS. Avoid these kinds of requests, or at least test them carefully.

DACS Version 1.4.20

Release Notes

This is primarily a bug fix release. DACS is security software - we urge all users to upgrade to the latest release.

Change Summary

Post-Release Notes

While DACS is not officially supported on Solaris/SPARC, a bug has been found on that platform that breaks the http(1) command and internal HTTP requests. One consequence of this bug is that authentication may fail; this particular case can be avoided by using built-in authentication modules. This bug will be fixed in the next release, but you can contact us for a patch.

The SetDACSAuthConf and SetDACSAuthSiteConf directives may not work properly. Because these directives cause the environment variables DACS_CONF and DACS_SITE_CONF, respectively, to be passed to dacs_acs(8), a possible work-around is to explicitly set them in your Apache configuration (using SetEnv, for instance).

DACS should not be affected by the problems recently discovered in OpenSSL 0.9.8e. The next release of DACS will upgrade to the then-current release of OpenSSL.

DACS Version 1.4.19

Release Notes

This is primarily a bug fix and minor enhancements release. DACS is security software - we urge all users to upgrade to the latest release.

Change Summary

Post-Release Notes

  1. Important:
    A bug in the local_passwd_authenticate authentication module has been discovered that can cause an invalid DACS password to be accepted when it should not be. This does not affect any other forms of authentication or the DACS password file. Unless you are sure that you will not use this authentication module, you must apply the following fix. We apologize for the error.

    This bug has been fixed and a new version of src/local_passwd_auth.c is available. Replace the local_passwd_auth.c file (revid 1941) that ships with dacs-1.4.19 with the new one (revid 1983). Do a 'make clean' from the distribution's src directory, then build and install DACS again.

    Before deploying this or any other DACS authentication method in a production system, please ensure that authentication succeeds only if all authentication material is correct.

  2. Correction: in the examples in dacsauth(1), the -vfs flag must appear with the module flags (before the -u flag, for instance).

  3. Regarding the notice acknowledgment feature (dacs_notices(8), dacs.nat(5)), if a document requiring acknowledgement is accessed using the https scheme, all links to the document must provide the port number (even if it is 443) in its URL. For instance, use https://dss.fedroot.com:443/notices/ack-me.html instead of https://dss.fedroot.com/notices/ack-me.html. Failure to do this causes users to see the same prompt twice. The default port number will be handled correctly in the next release.

DACS Version 1.4.18

Release Notes

This is primarily a bug fix and minor enhancements release. DACS is security software - we urge all users to upgrade to the latest release.

Notable improvements include:

Change Summary

Post-Release Notes

There is a bug in dacsvfs(1) that prevents a field separator character other than the default (a colon) from being used. A bug in http(1) causes improper output buffering with the -ih flag.

Arguments passed through the multipart/form-data content type may not be handled correctly.

Requests that are the result of an internal redirect by Apache may cause DACS to become confused about the request URI that it should use.

The dacsrlink(1) command and its manual page have several bugs. The -expires flag is buggy. The manual page has a typo: the flag for the rlink operation should be called -lmode instead of -mode. The manual page lacks examples.

On Cygwin, a build using expat-2.0.0 was clean but the DACS binaries did not work properly. Building with expat-1.95.8 instead solved the problem.

DACS Version 1.4.17

Release Notes

This is primarily a bug fix and minor enhancements release. DACS is security software - we urge all users to upgrade to the latest release.

Notable improvements include:

Neither Samba 3.0.23d nor 3.0.23c would build on the Solaris 5.10 x86 platform (see also DACS 1.4.15).

Cygwin is once again (partially) supported.

Change Summary

Post-Release Notes

A bug was found that may cause the Args namespace to be unavailable during configuration processing by dacs_acs. This will be fixed in the next release.

There may be problems compiling DACS on GNU/Linux if Apache was built with large file support enabled (it was if apr.h defines APR_HAS_LARGE_FILES to be 1). Try configuring Apache's APR support library (srclib/apr) with --disable-lfs, and then rebuilding Apache and DACS. This will be addressed in the next release.

Apparently some GNU/Linux distributions sometimes install Apache's apxs utility as apxs2. In this case, DACS will not find apxs during its build. A quick fix is to edit the DACS src/defs.mk.in file and replace

   apxs = $(apache_home)/bin/apxs
with wherever your apxs2 is, for example:
   apxs = /usr/sbin/apxs2

DACS Version 1.4.16

Release Notes

This is primarily a bug fix and minor enhancements release. DACS is security software - we urge all users to upgrade to the latest release.

Improvements of note include:

Note: In the final stages of testing we discovered that this release of DACS does not build on Cygwin, despite what is indicated elsewhere in the DACS documentation. This is because Cygwin lacks several library functions (even POSIX ones) that are provided by all of the fully-supported platforms. We will decide before the next release whether we will continue to partially support the Cygwin platform or abandon it entirely. Please let us know if you would like to see support for Cygwin continued.

Note: Minor but incompatible changes have been made to the setvar function. If you currently use this function, you will need to review the documentation and make appropriate changes before upgrading.

Change Summary

Post-Release Notes

In releases 1.4.16 and earlier, it is possible to create a DACS account that has no password (the password is the empty string) but these accounts cannot be used because local_passwd_authenticate rejects these passwords as a sanity check. Password-less accounts will be addressed more consistently in release 1.4.17.

DACS Version 1.4.15

Release Notes

This is primarily a bug fix and minor enhancements release. DACS is security software - we urge all users to upgrade to the latest release.

With this release, DACS now supports strong authentication based on the Authenex A-Key hardware token (and other OATH-HOTP/RFC 4226 compliant products). This provides a very low cost and convenient path to two-factor authentication, not only for web-based single sign-on and CGI programs, but for virtually any software. No additional software is required to use the Authenex token with DACS. We hope to support other vendors' products in future releases. Besides auth_token(1), please see a description of the Authenex A-Key and background on two-factor authentication.

This release no longer supports some PASSWORD_* directives, as earlier advised. If you configured them for a previous release, you will need to delete some configuration directives. Please see the Change Summary.

This release includes incompatible changes to dacs_auth_transfer(8). If you configured it for a previous release, you will need to change some configuration directives. We apologize for the inconvenience, but we think you will agree that the new way to configure cross-federation trusts is much simpler and easier to understand. Please see the Change Summary.

We were unable to successfully build, or even configure, Samba 3.0.23c on the Solaris 10 x86 platform but had no problems with it on FreeBSD and GNU/Linux. If you require NTLM support on the Solaris 2.8 platform and experience difficulties building local_ntlm_auth, you may need to edit src/defs.mk and add "-lresolv" to the SAMBA_LIBS argument list (this must be repeated if you re-run configure). Please make sure you build Samba exactly as described in dacs.install(7). If this release of Samba does not build on your platform, or will not work properly with DACS, try an earlier release that has been tested with DACS: samba-3.0.23, samba-3.0.22, or samba-3.0.21a.

Although this release was tested with OpenSSL 0.9.8c, initial testing with 0.9.8d has not revealed any problems and it should be ok to use.

Change Summary

Major changes and improvements include:

Some progress has been made with local_pam_authenticate and we hope to have it functional in the next release.

Post-Release Notes

Both the HTML and XML output of conf(1) and dacs_conf(8) can be incorrect - a closing Roles tag may be omitted. This is insignificant for most users, but a patch is available for src/conf.c. The CSS file for the HTML output (man/css/conf.css) was not updated to include the new Transfer clause. Though not important, a patch is available.

DACS Version 1.4.14

Release Notes

This is primarily a bug fix and minor enhancements release. It includes new applications that apply the DACS rule processing engine to problems other than web access control. A demonstration of one of these applications, dacs_transform(8), is available. The new dacstransform(1) command was used to generate much of this site's documentation.

Improvements of note include:

Note:
A new feature, which is enabled by default, has been added to improve security. Earlier releases will discard credentials generated by this release unless the feature has been disabled at jurisdictions running this release, however. Please refer to the VERIFY_UA directive for details.

Change Summary

Bug fixes, minor enhancements, and documentation improvements, including:

New features:

Post-Release Notes

None yet.

DACS Version 1.4.13

Release Notes

This is primarily a bug fix and minor enhancements release. Please be sure to use dacs-1.4.13a - see below.

Important new features include:

Change Summary

Various minor bug fixes and man page improvements, including:

Post-Release Notes

DACS Version 1.4.12

Release Notes

This is primarily a bug fix and minor enhancements release.

Important new features include:

Change Summary

Various minor bug fixes and man page improvements, including:

Post-Release Notes

DACS Version 1.4.11

Release Notes

This is primarily a bug fix and minor enhancements release.

A new cross-federation identity transfer mechanism has been added. It not only provides support for single sign-on among DACS federations, but also between a DACS federation and other identity management systems. See dacs_auth_transfer(8) for details.

The initial release of a web-based DACS administration interface called FedAdmin will be made available shortly at Sourceforge's contributed resource project for DACS. The DACS Java Library (DJL), which is being developed to support the use of DACS in Java client applications, will also be updated.

Change Summary

Post-Release Notes

DACS Version 1.4.10

Release Notes

Change Summary

This release contains some minor new features, fixes bugs, and improves the documentation.

A contributed resource project for DACS is now available. The DACS Java Library (DJL) is being developed to support the use of DACS in Java client applications. It implements Java wrapper classes for selected DACS services, and provides an HTTP client through which DACS services may be accessed and DACS credentials obtained and managed.

Changes of note:

Post-Release Notes

  1. On some newer GNU/Linux distributions, sslclient appears to fail randomly:
    % perl -e 'printf "GET / HTTP/1.0\n\n";' | sslclient fedroot.com:443 > /dev/null
    ssllib: set_nonblocking: fcntl: Invalid argument

    If you want an immediate fix, replace your src/ssllib.c with ssllib.c.gz [SHA(ssllib.c)= df23421c6f826b9cdac7d2f2a9491898b6137ef3]
  2. "make install" may fail if shared libraries have been configured. To fix this, edit Makefile (and/or Makefile.in), look for the targets install-libs and install-shared-lib, and remove the string "/$(SHARED_LIB)". Or simply disable shared libraries (--disable-shared) when you build this release.

DACS Version 1.4.9

Release Notes

Change Summary

This release contains some minor new features, fixes bugs, and improves the documentation.

Other changes:

Post-Release Notes

None.

DACS Version 1.4.8

Release Notes

Change Summary

The major change is the new dacscheck(1) command, which we believe will open up DACS to many developers and many new applications. It provides simplified, platform-independent, general-purpose access to the DACS access control rule evaluation engine. This feature can be used by any virtually any application, script (Perl, PHP, shell, etc.), server software, or CGI program to make data-driven access control decisions rather than program-driven ones. dacscheck can be used by itself and does not depend on any other DACS programs, web services, or even an web server. Simply install it and start to use it. Please refer to the manual page for details and examples.

Other changes:

Post-Release Notes

DACS Version 1.4.7

Release Notes

Please note the following important changes/incompatibilities:

Post-Release Notes

Change Summary

This release includes:

DACS Version 1.4.6

Release Notes

Authentication bugs
Bugs in the NTLM and LDAP authentication modules have been found that may cause authentication to fail. Fixes for these bugs will appear in the next release.

Checksums
After obtaining a DACS release, please verify all checksums for the file you downloaded. Do not use a download if any checksum for it does not match. Checksums will be posted here from now on.

OpenSSL's "dgst" command can be used to compute checksums:

     openssl dgst -md5 dacs-1.4.6.tgz
     openssl dgst -sha1 dacs-1.4.6.tgz

Checksums for dacs-1.4.6.tgz:
-rw-r--r--  1 brachman  wheel  1320654 Sep 19 16:24 dacs-1.4.6.tgz

MD5:   c5c7bc5a941b9f568f2777c523aec121
SHA-1: f2783a0ecd769c332981f28c1fa7f4cd8c746a25

Checksums for dacs-1.4.6.tbz:
-rw-r--r--  1 brachman  wheel  972539 Sep 19 16:24 dacs-1.4.6.tbz

MD5:   7c1a510dee6e41d33eca4dfadd15afa5
SHA-1: 69137b4913f838eb8bcca17690b589bd26c3039d

A note about upgrading
Because DACS is security software, we strongly recommend that you upgrade to the newest release as soon as you are able. This is neither a difficult nor a time consuming procedure most times. Sometimes an incompatible change in DACS will require you to change a DACS configuration file, but this should not be difficult to do and we will try to advise you of such changes.

For a quick and dirty upgrade (assumes you aren't changing any third-party packages or options):

  1. Obtain and unpack the new distribution and cd to it;
  2. Review the README and INSTALL instructions;
  3. Copy the src/config.nice from your installed version to the new src directory and configure DACS:
    "cd src; sh ./config.nice";
  4. Build DACS ("gmake");
  5. Stop Apache httpd ("apachectl stop");
  6. Install DACS ("gmake install");
  7. Make and install the latest mod_auth_dacs module
    "cd ../apache; gmake tag install";
  8. Restart Apache httpd ("apachectl start"); and
  9. Check that DACS appears to be working correctly.

This will leave your existing DACS configuration files alone but it will also leave files that are no longer needed by the new DACS.

Note: whenever you upgrade to a more recent version of DACS, please do not forget to install the Apache mod_auth_dacs module that comes with your new version of DACS.

Change Summary

This release includes:

DACS Version 1.4.5

Release Notes

Change Summary

DACS Version 1.4.4

Release Notes

Change Summary

DACS Version 1.4.3

Release Notes

If you are upgrading to this version of DACS from an older version of DACS 1.4:

Documentation for the dacs_signout web service is missing from the distribution. Its manual page is available here.

Change Summary

DACS Version 1.4.2

Release Notes

Index: INSTALL

Index: HISTORY

Change Summary

$Id: $