[cas-dev] [Fwd: Re: CAS 3.0.5 Final Released]

[Scott Battaglia]

Pasal,

Sorry for the delayed response, we've had some email issues here lately.


<snip />
> Nice to see you have included the adaptors (the sources in fact). Now I
> know the quick start we be able to use them thus minimizing the wrapping
> code (a distinct authentication manager will be necessary however for
> the aliasing feature).


I'd like to work with your team to determine the exact use case for the
aliasing and possibly (if we all agree its a good idea) grant someone (you?)
on your development team access to the CAS CVS in order to include this
aliasing as part of the CAS distribution.  Thoughts?


> Improvements:
> > * LDAP Authentication Handlers now use LdapTemplate project
> >
> Shouldn't the LdapTemplate jar be included in the distribution for the
> project to compile out of the box?


Due to the version of Maven we're using and the fact that we had to write a
custom goal it wasn't picking up the LdapTemplate because it was defined in
an adaptor's POM.  In 3.0.6 its been moved up to the main POM.

<snip />

>
> The password encoder used by class
> AbstractUsernamePasswordAuthenticationHandler only has a String
> encode(String password) method. I believe a more generic method such as
> boolean match(String clearPassword, String encryptedPassword) would
> support more complex (salt-based) encryption algorithtms, such as
> pam_md5 (see CAS GH v2). Your opinion?
> Thanks again,
> PA


I'll have to look into the pam_md5.  Are you assuming that the salt is
appended to the encrypted password?  The original Password encoder works
under the assumption that the salt is static (which may or may not be a good
thing).  I'm not against a more complex encoder if people have a need for
it.

-Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20060822/39f35f51/attachment.html