Scott Battaglia wrote: >> On Thu, Sep 17, 2009 at 11:09 AM, javier <[email protected] >> <mailto:[email protected]>> wrote: >> We have been using CAS for a weeks and just noticed that if the user >> changes his password it's able to logging with the new and the old >> password till the tomcat instance where CAS is running is restarted. > > What are you using? LDAP?
The question is whether the GAS ticket granting cookie was invalidated after password change. If not, then yes, the CASTGC is just (re-)used to create another service ticket. Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
