> Thank you for your quick response. It's a pity it impossible, because this > is how many people would expect it to work.
It works the way it works primarily due to ease of development and QA considerations. We offer the feature for deployments where throttling is not available or not feasible in the back-end authentication system, which would be better suited for a more robust implementation. > Could you give me an advise of where to make a feature request? https://issues.jasig.org/browse/CAS I can tell you from having reworked the existing capability to what is now that the primary obstacle will be state management. Any solution that measures an absolute time interval per user/host will require state to measure time from previous auth attempt to now. We make every effort to reduce the amount of stateful data required for authentication, and the requirements of this feature are contrary to that design goal. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
