We have CASified gmail and google apps in production for over a year now. Works
great.
As to what happens when CAS is down that's two fold:
1) We use Google API's to allow our web based password change tools to Sync our
passwords to Google. This allows end users to use devices such as their iPhone
to access gmail via secure IMAP.
I know a lot of our peers debate the security of syncing passwords with
google but for us we felt there were two valid arguments
First they are controlling our email which considering the
content some users send around is some of our most sensitive content
Second It's a safe assumption that users will want to receive
email on their devices, if you don't support it some smart students will figure
out how anyways, with syncing the passwords we're forcing them to change their
email passwords on the same schedule and complexity rules as their network
password.
2) Second we're preparing to cluster our on site datacenter with an off-site
data center to support critical functions like email, accounting and our LMS.
In the mean time, our CAS login to access google mail is as reliable, if not
more so, then when we hosted our own email servers.
-Andrew
On Sep 22, 2011, at 3:55 PM, Aaron Fuleki wrote:
> Two quick questions for members of the list:
>
> * Who on the list currently uses CAS to perform single sign-on with Google
> apps?
>
> * Do you have a contingency plan for allowing your users to login to Google's
> web interface when CAS is unavailable (e.g., cached passwords, etc.)?
> There's concern at our institution that using CAS creates a dependency on
> that could lead to downtime. For example, if some farmer hits our fiber
> line, users off-campus couldn't reach CAS to login (don't laugh; farm
> equipment is a serious threat around here).
>
> -Aaron
>
> ---------------------------------
> Aaron Fuleki
> Senior Web Architect
> Denison University
> 740.587.5752
> ---------------------------------
>
>
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
