Per se, I'm not sure 'sense' implies that CAS should do the password changing, given the myriad of authentication stores behind CAS.
If someone wanted to write and contribute an authentication handler with this feature for some common backends, e.g. AD & OpenLDAP, that would, I'm sure, be appreciated by a lot of people... some configurations might still not be able to use it, though. In general, I can't conceive of how the project could build this in as a configurable feature... any API would not match up with all possible back ends, returning us to the need for custom code. As it is, it seems possible for someone with Java experience to adapt a custom authentication handler that performs some checks with the supplied credentials (for expiration, for example, or as we would like, a check of whether the person has set their 'pw reset' questions, and then send the user to the correct page (pw change, reset question entry). I'm not such a person, but I'm not going to try to get Scott to write our module for me. On Jan 23, 2009, at 3:44 PM, Michael Ströder wrote: > hua lu wrote: >> it would make more sense to allow the user to change password (with >> some >> kind of rule, such as password Complexity) in CAS. _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas