Hey, Marvin, Thank you very much for your quick response and detailed explanations. I appreciate it. Your arguments are reasonable. I think I know enough for the time being.
Thanks again and best regards, Artur On 4 December 2013 18:43, Marvin Addison <[email protected]> wrote: > > Thank you for your quick response. It's a pity it impossible, because > this > > is how many people would expect it to work. > > It works the way it works primarily due to ease of development and QA > considerations. We offer the feature for deployments where throttling > is not available or not feasible in the back-end authentication > system, which would be better suited for a more robust implementation. > > > Could you give me an advise of where to make a feature request? > > https://issues.jasig.org/browse/CAS > > I can tell you from having reworked the existing capability to what is > now that the primary obstacle will be state management. Any solution > that measures an absolute time interval per user/host will require > state to measure time from previous auth attempt to now. We make every > effort to reduce the amount of stateful data required for > authentication, and the requirements of this feature are contrary to > that design goal. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
