[cas-dev] Password encryption
Scott Battaglia
scott.battaglia at gmail.com
Fri Feb 8 11:26:33 EST 2008
The default PasswordEncoder supports MD5 hashes. However, if you use a
custom salt per user, then you'll need to write a custom
AuthenticationHandler to handle that case.
-Scott
On Feb 8, 2008 11:16 AM, Harry Ng <harryworld at gmail.com> wrote:
>
> Ewan,
>
> You can make use of the passwordEncoder. Write a passwordEncoder to
> encrypt
> the password according to your need, and attach it to the authentication
> handler.
>
> Harry
>
>
> Ritchie, Ewan [OS-IE] wrote:
> >
> > Hey there,
> >
> >
> >
> > I am trying to find out if CAS supports encrypted passwords.
> >
> >
> >
> > The database we are going to authenticate against will have the
> > passwords encrypted (md5) for security reasons. I have been looking for
> > some information or examples so I could determine whether or not we can
> > let CAS handle the authentication.
> >
> >
> >
> > If CAS doesn't support encrypted at present can I ask if it is something
> > that could be included in future releases. If it does can you point me
> > in the direction of any resources there are (I have looked through the
> > wiki and not found much help) or provide me with some help.
> >
> >
> >
> > Thanks for your help.
> >
> >
> >
> > Ewan
> > SAIC Limited is a private limited company registered in England and
> Wales.
> > Registered number 1396396. Registered office at 120 New Cavendish
> Street,
> > London, W1W 6XX. VAT number 599 5474 64.
> > This e-mail and any attachments are private and confidential. Any
> > disclosure, copying, distribution or use of its contents is strictly
> > prohibited. If you have received this message in error, please notify
> the
> > sender immediately and then delete it (including any attachments) from
> > your system.
> > All emails and attachments are virus scanned. It is your responsibility
> > to ensure that any onward transmission, opening or use of this message
> and
> > any attachments will not adversely affect your or the onward recipients'
> > systems or data. Please carry out such virus and other such checks as
> you
> > consider appropriate.
> > SAIC Limited may monitor email traffic data and, also, the content of
> > email for the purposes of security, staff training and compliance with
> > SAIC policies.
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Password-encryption-tp15357923p15358480.html
> Sent from the CAS Dev mailing list archive at Nabble.com.
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080208/5c1162c7/attachment.html
More information about the cas-dev
mailing list