can CAS handle 3-strike scenario?
Michael Ströder
michael at stroeder.com
Fri Jan 23 18:44:16 EST 2009
hua lu wrote:
> it would make more sense to allow the user to change password (with some
> kind of rule, such as password Complexity) in CAS.
Personally I disagree. Setting the password can differ a lot depending
on the backend system. So I agree with Scott that CAS server should just
display a customizable message how to change the password.
I think there should be password policy exceptions raised by the custom
authc handlers.
> Otherwise, SSO is still not single in some sense.
I don't understand your concerns here.
Ciao, Michael.
More information about the cas
mailing list