ToadMan8 writes: My large public
.edu is moving to http://en.wikipedia.org/wiki/Central_Authentication_Service for single sign-on. User information is stored in Open LDAP, Active Directory and other back-ends, none of which are considered authoritative. We are currently using a 10+ year old home-grown solution in between CAS and the directories to force users to change passwords, enforce password policy, provide password change/recovery self-service, display user agreements, etc. We wish to improve our password recovery self-service, and are trying to decide whether to request bids for custom programming or to find a commercial product. So, how do others handle this?