--- cas-HEAD/cas.module	2009-08-11 14:52:24.000000000 +0000
+++ cas-UpdateEmail/cas.module	2009-10-23 17:03:43.000000000 +0000
@@ -11,6 +11,9 @@ require_once ('CAS/CAS.php');
 define('CAS_NO_VERIFY', 'none');
 define('CAS_VERIFY', 'verify');
 define('CAS_CA_VERIFY', 'ca_verify');
+define('CAS_EMAIL_FIELD_NO',       0);
+define('CAS_EMAIL_FIELD_REMOVE',   1);
+define('CAS_EMAIL_FIELD_DISABLE',  2);
 
 /**
  * Invokes hook_auth_transform() in every module.
@@ -547,11 +550,18 @@ function cas_admin_settings() {
     '#description' => t('Append this domain name to each new user in order generate his email address.'),
   );
   
+ $options_email_field = array(
+    CAS_EMAIL_FIELD_NO => t('Do nothing'),
+    CAS_EMAIL_FIELD_REMOVE => t('Remove email field from form'),
+    CAS_EMAIL_FIELD_DISABLE => t('Disable email field on form'),
+  );
   $form['account']['cas_hide_email'] = array(
-    '#type' => 'checkbox',
-    '#title' => t('Users canot change email address'),
-    '#default_value' => variable_get('cas_hide_email', 0),
-    '#description' => t('Hide email address field on the edit user form.'),
+    '#type' => 'radios',
+    '#title' => t('Alter email field on user edit form'),
+    '#description' => t('Remove or disable email field from user edit form for CAS authenticated users.'),
+    '#default_value' => variable_get('cas_hide_email', CAS_EMAIL_FIELD_DISABLE),
+    '#options' => $options_email_field,
+    '#required' => TRUE,
   );
   
   $form['account']['cas_hide_password'] = array(
@@ -897,38 +907,47 @@ function cas_form_alter(&$form, $form_st
   //drupal_set_message($form_id.'<pre>'.print_r($form,1).'</pre>');
   switch ($form_id) {
     case 'user_profile_form':
-      //make the email field hidden and force the value to the default.
-      if (variable_get('cas_hide_email', 0)) {
-        if (variable_get('cas_domain', '')) {
-          $form['account']['mail']['#type'] = 'hidden';
-          $form['account']['mail']['#value'] = $form['account']['mail']['#default_value']; 
-          if (!$form['account']['mail']['#default_value']) {
-            $form['account']['mail']['#value'] = $form['account']['name']['#default_value'] .'@'. variable_get('cas_domain', '');
-          }
-          
-        }
+      // force the value to the default.
         
-        /*
-        ** LDAPAuth interfacing - BEGIN
-        */
-        if (variable_get('cas_useldap', '')) {
-          global $ldapauth_ldap, $user;
-          if ($ldap_config_name = _get_ldap_config_name($user->name)) {
-            _ldapauth_init($ldap_config_name);
-            _ldapauth_user_lookup($user->name);
-            $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute', 'mail');
-            $ldap_entries = $ldapauth_ldap->search($ldapauth_ldap->getOption('basedn'), $ldapauth_ldap->getOption('user_attr') .'='. $user->name, array($cas_ldap_email_attribute));
-            if ($ldap_entries['count'] == 1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0])) if (trim($ldap_entries[0][$cas_ldap_email_attribute][0]) != '') {
+      if (variable_get('cas_domain', '')) {
+	$form['account']['mail']['#value'] = $form['account']['mail']['#default_value']; 
+	if (!$form['account']['mail']['#default_value']) {
+	  $form['account']['mail']['#value'] = $form['account']['name']['#default_value'] .'@'. variable_get('cas_domain', '');
+	}
+      }
+      
+      /*
+       ** LDAPAuth interfacing - BEGIN
+       */
+      if (variable_get('cas_useldap', '')) {
+	global $ldapauth_ldap, $user;
+	if ($ldap_config_name = _get_ldap_config_name($user->name)) {
+	  _ldapauth_init($ldap_config_name);
+	  _ldapauth_user_lookup($user->name);
+	  $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute', 'mail');
+	  $ldap_entries = $ldapauth_ldap->search($ldapauth_ldap->getOption('basedn'), $ldapauth_ldap->getOption('user_attr') .'='. $user->name, array($cas_ldap_email_attribute));
+	  if ($ldap_entries['count'] == 1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0])) if (trim($ldap_entries[0][$cas_ldap_email_attribute][0]) != '') {
               $form['account']['mail']['#type'] = 'hidden';
               $form['account']['mail']['#value'] = $ldap_entries[0][$cas_ldap_email_attribute][0];
-              }
-          }
-        }
-        
-        /*
-        ** LDAPAuth interfacing - END
-        */
+	    }
+	}
+      }
+      
+      /*
+       ** LDAPAuth interfacing - END
+       */
+      
+      //make the email field hidden or disabled
+      switch (variable_get('cas_hide_email', 0)) {
+      case CAS_EMAIL_FIELD_REMOVE :
+	$form['account']['mail']['#type'] = 'hidden';
+	$form['account']['mail']['#attributes']['READONLY'] = 'READONLY';
+	break;
+      case CAS_EMAIL_FIELD_DISABLE :
+	$form['account']['mail']['#attributes']['READONLY'] = 'READONLY';
+	break;
       }
+      $form['account']['mail']['#description'] = t('All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive certain news or notifications by e-mail. You could not change your password, please see your system administrator.') ;
       
       //Remove the password fields from the form.
       if (variable_get('cas_hide_password', 0))unset($form['account']['pass']);
