hua lu wrote: > it would make more sense to allow the user to change password (with some > kind of rule, such as password Complexity) in CAS.
Personally I disagree. Setting the password can differ a lot depending on the backend system. So I agree with Scott that CAS server should just display a customizable message how to change the password. I think there should be password policy exceptions raised by the custom authc handlers. > Otherwise, SSO is still not single in some sense. I don't understand your concerns here. Ciao, Michael. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
