> By the way, Should it show the hashed password at all? sounds like a > security vulnerability.
CAS computes the hash from the password supplied by the user and compares it with the value on record. So in that sense it "knows" the hash, but only in a transient fashion. All authentication systems that authenticate against a hash work this way, so no, there's no security vulnerability. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
