Hi,
I think I have seen some folks discuss this issue before on this list, but I don't recall ever seeing any definitive solution. How does one handle expired passwords when using CAS? The primary case I find myself needing to deal with is the case where a user forgets their password and requests a self-service reset. In this case, the system generates a temporary random password, changes the user's password, sets a flag of some sort to force a password change on the next login, and then sends the new password to the user's email address of record. When the user logs in, the first thing they are forced to do is change their password BEFORE they are redirected to the application. Does CAS have a way of handling this? Thanks in advance. Bill Bailey Senior Developer / DBA Northland, A Church Distributed
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
