-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Scott Battaglia escribió: > Apologies if this response sounds harsh, but since all of these emails > are publicly archived, I need to make sure the security warning appears > every time otherwise someone will come along and say "oh you didn't say > not to do this and it was on the list" :-)
Yes, I definitely get this and actually read it on the MLs while doing the research before subscribing. I agree with you on the security draw backs that doing this might have. My scenario is simpler: client does the login form (they _want_ to see credentials, if you like) but they don't want to deal with the complexity of an authentication datastore so they'd like to POST username, password, service and lt (latter's the one that's tricky), get a ticket back which mod_auth_cas can verify and get some attributes for authorization (say, group memberships) which, as Marvin said, might as well be done by mod_auth_cas in trunk. That said, I'd probably rely more on CAS in the future and less on passing parameters, once I get the LDAP Password Policy and Expiration warnings and modules, which I can't get running (my middleware needs to try and bind before going to the login form so I can know why a user is being rejected for authentication) and multiple database support* CAS is a great product, and I agree with you people giving the right direction to newcomers, in order to reduce the associated complexity with understanding the concepts behind it. Jose * I'm aware CAS uses Spring-LDAP which allows multiple servers, which doesn't mean it supports multiple databases. At least for me, it also can't operate on the base tree, so at this moment I'm stuck with single domain authentication using LDAP as a backend, unless I can, e.g., split a username like DOMAIN\user and build a new base with that DOMAIN, any pointers on how this can be achieved? - -- José Miguel Parrella Romero (bureado.com.ve) PGP: 0×88D4B7DF Debian Developer Caracas, VE/Quito, EC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJL2wilAAoJEMAyQqmI1LffV5AP/AlMuu52udi+6AO5mTAo/gyn DD3yfUEq9P5AEn4Hg1ZNWg5LALRggiUBWls7gs/06p0XXs/QDrS2F7x3dDNbju15 047WP83sueJeCJpw4iZohd1+JVTENY1JeLDbsCIFg4FK4OZ9xF+I1AC5dlPUFvft xj7ZVFmbJvm0KSPsnSzq/v2frLBi0ZxDqW+pUDYYaKAdIsEQ1W4W79hX5gnvKByL ElyglAGbbtLG6O/3aSxFC6z0LBvZLT8x5HSBNEQB5/SEL6dQJxx6DQylS+53XwqW 70TSil5M0Xqph8ke4O8yFis5RHGSjPIgEeseFfVLpf3tBxAVW9MiIOeQAIGU7Csk Pga/2LVneuya2rlINB1LifUClbliQxGLuqjHRHb2fWq/GlWS8rIs6s+/7PWsTyAx lCzg2lVa0W32WGBq+L/x3nmfZX2hYoC+x71Yhms573ptHVOieLcPXi9d+wJW1OvJ R9eK3U80G9NbYr6oR8jU9yLVM3fnkevk1Ah3jkxOmyUWbPdpFM+7xMcmiUTxRQoW vE7Kp8u7tyqaig+Qimg6bOXhv945cAPPTmGRqxKRRgCLYpKGzKddRym2oln7/5oE JrYEePEWIKdXZrRjKDVSUO3yAOzEa7wyJMgjvXcjaWxGhKz/PNZp6SxguHJbNA1T +KFue9MDnRIZYH1MOVxS =y8Gn -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
