I guess my vote would be to keep them in the system after they graduated, with some sort of flag. Then, after they successfully authenticate themselves, you can give them all the helpful messages you want.
Otherwise, unauthenticated users should get as little information as possible.
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Amy Vecchione
Sent: Monday, May 12, 2014 2:53 PM
To: [log in to unmask]
Subject: Re: Ez proxy -deliver message saying why not authenticated
Yes, we talked about that. Would we be able to delineate password and/or username wrong as opposed to "you graduated and you don't have access anymore because you're not enrolled"? Just curious.
Amy Vecchione, Digital Access Librarian/Assistant Professor http://works.bepress.com/amy_vecchione/
Albertsons Library, Boise State University, L212 http://library.boisestate.edu
On Mon, May 12, 2014 at 12:18 PM, LeVan,Ralph <[log in to unmask]> wrote:
> Hi Amy!
> That sort of information is generally considered to be a security
> violation. If someone is probing your system, being told that they
> got the ID right and all they have left is to figure out the password is a big help.
> I'm afraid that unhelpful messages are best for unverified clients.
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf
> Of Amy Vecchione
> Sent: Monday, May 12, 2014 1:29 PM
> To: [log in to unmask]
> Subject: Ez proxy -deliver message saying why not authenticated
> I just thought I would try and ask here since I haven't found anything
> elsewhere: has anyone written a script that delivers a more nuanced
> error message when using Ez proxy? For example:
> User name is right password is wrong
> Password is expired
> Username locked out
> Just curious!