[cas-dev] CAS 2.0.x
Velpi
velpi at industria.be
Fri May 5 08:50:31 EDT 2006
> I'm actually considering fixing it so that both ST and PT's are
> generated as that appears to be the one major confusing point :-). Any
> developers have any thoughts on that? Or are we just not getting the
> message out that PT's are ST's?
Oh, I thought it was done on purpose. Isn't it easier to understand that
everything uses the same tickets (ST), only some clients can be allowed to
request tickets themselves (TGT/TGC).
To me it feels FAR more logical when there are only ST's and TGT's (in v2.0 you
could validate ST's on the proxyValidator anyway). The only "problem" is that
some clients are programmed to do a match on 'PT' in the string (very easy to fix).
yale java CASclient: no changes needed
pam_cas: no changes needed
ESUP phpCAS: no changes needed
ESUP cas.php Auth class for Horde: change PT to ST (or add and || statement)
Since a TGC is the cookie version of a TGT I don't see why creating a PT is
useful, and the 2.0 version has proven that, I think.
> Or are we just not getting the message out that PT's are ST's?
If my vote counts, I suggest doing that. Though it is a little confusing for
upgraders at first, they probably won't mind a change which is that logical (at
least we don't).
-- Velpi
More information about the cas-dev
mailing list