Scott,
Thanks for the reply. We will be using MD5 without a custom salt so there is no need for me to write a custom handler. My next question is do we need to configure the authentication to encrypt the passwords and if so where is that configuration held. Regards Ewan ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: 08 February 2008 16:27 To: Mailing list for CAS developers Subject: Re: [cas-dev] Password encryption The default PasswordEncoder supports MD5 hashes. However, if you use a custom salt per user, then you'll need to write a custom AuthenticationHandler to handle that case. -Scott On Feb 8, 2008 11:16 AM, Harry Ng <[EMAIL PROTECTED]> wrote: Ewan, You can make use of the passwordEncoder. Write a passwordEncoder to encrypt the password according to your need, and attach it to the authentication handler. Harry Ritchie, Ewan [OS-IE] wrote: > > Hey there, > > > > I am trying to find out if CAS supports encrypted passwords. > > > > The database we are going to authenticate against will have the > passwords encrypted (md5) for security reasons. I have been looking for > some information or examples so I could determine whether or not we can > let CAS handle the authentication. > > > > If CAS doesn't support encrypted at present can I ask if it is something > that could be included in future releases. If it does can you point me > in the direction of any resources there are (I have looked through the > wiki and not found much help) or provide me with some help. > > > > Thanks for your help. > > > > Ewan > SAIC Limited is a private limited company registered in England and Wales. > Registered number 1396396. Registered office at 120 New Cavendish Street, > London, W1W 6XX. VAT number 599 5474 64. > This e-mail and any attachments are private and confidential. Any > disclosure, copying, distribution or use of its contents is strictly > prohibited. If you have received this message in error, please notify the > sender immediately and then delete it (including any attachments) from > your system. > All emails and attachments are virus scanned. It is your responsibility > to ensure that any onward transmission, opening or use of this message and > any attachments will not adversely affect your or the onward recipients' > systems or data. Please carry out such virus and other such checks as you > consider appropriate. > SAIC Limited may monitor email traffic data and, also, the content of > email for the purposes of security, staff training and compliance with > SAIC policies. > > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > -- View this message in context: http://www.nabble.com/Password-encryption-tp15357923p15358480.html Sent from the CAS Dev mailing list archive at Nabble.com. _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
