can CAS handle 3-strike scenario?
Michael Ströder
michael at stroeder.com
Sun Jan 25 07:02:11 EST 2009
Kim Cary wrote:
> If someone wanted to write and contribute an authentication handler
> with this feature for some common backends, e.g. AD & OpenLDAP, that
> would, I'm sure, be appreciated by a lot of people.
So let's just take a look at MS AD and OpenLDAP as example:
1. In AD (not ADAM) you have to set 'unicodePwd' with UTF-16-le encoding
of the password enclosed in double quotes.
2. With OpenLDAP you have several methods:
- Password modify extended operation (might be needed because of
Samba/Kerberos password syncing or other security requirements)
- Setting 'userPassword' directly either as clear-text or one of several
salted hash schemes.
> .. some configurations might still not be able to use it, though.
That's very likely and therefore not worth the effort within CAS.
Ciao, Michael.
More information about the cas
mailing list