On Thu, 25 Jul 2013, Trenton D. Adams wrote:
Hmm, it doesn't seem reasonable for an authentication system to not be
throttled. Any ideas on why it's not on by default? I know it was for CAS
2.
Can we get it enabled by default going forward?
Our CAS system uses our LDAP service to handle authentication, and our
LDAP service already has a password policy with handles lockout after X
number of failed authentication attempts. Additionaly, we have different
password policies for different categories of users ("higher" security
accounts allow fewer failed authentication attempts).
We don't really want CAS to handle the lockout/throttling for us, so I
would prefer it wasn't enabled by default. However, it isn't too
difficult to overlay our own configuration with Maven, so we can remove it
if the defaults do change.
Thanks,
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
