> what is it going to take (without lengthy academic discussions) to get the > lppe-feature branch merged into the master for 3.5?
I hate to say it, but likely a fight about the following: https://github.com/serac/cas/commit/f5d4c6b258b9728d166b5c2647abe261f6a0572a https://github.com/serac/cas/commit/09cbf9f3ab861899f993d2194c7f2b5efd1c1863 I did this over the break and had hoped for Scott's review before inviting broader review, but you're pressing the matter so here goes. These are fairly big changes, but ones that I feel are vitally important to supporting password expiration with a broader view than just LDAP. For example, with the authentication API changes we could easily roll support for X.509 certificate expiration, which is a use case I'm particularly interested in. Other folks have expressed interest in password expiration for database stores, and we could also support that use case fairly straightforwardly. Highlights of the patches: - Change signature of AuthenticationHandler#authenticate() to throw GeneralSecurityException to indicate failure. - Put new AuthenticationHandler interface into parent package so we can provide an adapter class onto existing interface to support existing handlers and custom ones to facilitate transition to the new API. - Add support for multiple credentials. - Some component name changes to simplify and clarify behavior. I'm willing to bargain on the last two. I figured while we're making changes to the authentication handler APIs, why not add support for multiple credentials. It's fairly straightforward and by using varargs the API to callers is unchanged. Please review and provide feedback. My vision here is to leverage the lppe use case for some needed changes to authentication APIs that buy a lot more than just password expiration for LDAP. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
