> I have the CAS (3.5) inspektr audits logging to a file. I have been given a > requirement to show the WHY a credential is considered bad; i.e. either a > bad username or a bad password.
That is impossible for some authentication handlers. For example an LDAP bind simply produces error code 49, from which you cannot distinguish between unknown username, invalid password, or both. I suppose you could determine a non-existent user if you perform and LDAP search and it returns 0 results, but there are other cases for which it's simply not possible to distinguish. LDAP is the authentication backend with which I'm most familiar, but I'm fairly certain it's true generally. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
