I am unsure if I understand what CAS is. Is it connected to Wellesley's SSO system? / Is this at all similar to what the DUO SSO does?

Yes. CAS allows us to tap into an authentication database that LTS maintains.

Do we need to use a VPN every time we use this app, even if we are actually on campus? / Do we have to use the VPN when we're on-campus? You say to start VPN each time, so I'm a little

No, just from off-campus. I think you can't connect to the VPN from on-campus.

Why does Wellesley’s CAS server only allow access from ports 1943-1952? Does that mean that only ten CS 304 students can use CAS at a time?

That's for development purposes — essentially just for CS 304. For deploy apps, they connect from port 443 and that's all fine.

I can confused by url_for('cas.login'). Is there some package called cas with a login method that we are drawing on? Can url_for() direct you to route functions that are in different modules?

That's correct.

How does CAS work with the examples with bcrypt we saw on November 6th? From my understanding, it seems that using CAS replaces the need for us to keep track of user accounts ourselves?

In your projects, CAS would be either a supplement or a replacement for managing your own passwords.

Understanding how to encrypt and manage your own passwords is an essential skill for web applications.

CAS is supplemental but not essential.

Can we go over how CAS can be added to login routes following the code example from passwords/login lecture?

Sure, though the demos don't seem to be working today.

Could you quickly go over how to connect to the VPN for working off-campus?

Sure. LTS has good instructions; I'll help you find them.