diff --git a/apps/assets/serializers/system_user.py b/apps/assets/serializers/system_user.py
index 0fcff5b1d..c412641da 100644
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -149,6 +149,7 @@ class SystemUserListSerializer(SystemUserSerializer):
     class Meta(SystemUserSerializer.Meta):
         fields = [
             'id', 'name', 'username', 'protocol',
+            'password', 'public_key', 'private_key',
             'login_mode', 'login_mode_display',
             'priority', "username_same_with_user",
             'auto_push', 'sudo', 'shell', 'comment',
@@ -157,6 +158,12 @@ class SystemUserListSerializer(SystemUserSerializer):
             'sftp_root',
         ]
 
+        extra_kwargs = {
+            'password': {"write_only": True},
+            'public_key': {"write_only": True},
+            'private_key': {"write_only": True},
+        }
+
     @classmethod
     def setup_eager_loading(cls, queryset):
         """ Perform necessary eager loading of data. """
diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py
index dc6bf5e27..4c49f5d55 100644
--- a/apps/authentication/signals_handlers.py
+++ b/apps/authentication/signals_handlers.py
@@ -4,6 +4,7 @@ from django.conf import settings
 from django.contrib.auth import user_logged_in
 from django.core.cache import cache
 from django.dispatch import receiver
+from django_cas_ng.signals import cas_user_authenticated
 
 from jms_oidc_rp.signals import openid_user_login_failed, openid_user_login_success
 
@@ -29,3 +30,8 @@ def on_oidc_user_login_success(sender, request, user, **kwargs):
 @receiver(openid_user_login_failed)
 def on_oidc_user_login_failed(sender, username, request, reason, **kwargs):
     post_auth_failed.send(sender, username=username, request=request, reason=reason)
+
+
+@receiver(cas_user_authenticated)
+def on_cas_user_login_success(sender, request, user, **kwargs):
+    post_auth_success.send(sender, user=user, request=request)
\ No newline at end of file
diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html
index a6dec7d9d..1f9a2cb51 100644
--- a/apps/authentication/templates/authentication/login.html
+++ b/apps/authentication/templates/authentication/login.html
@@ -82,12 +82,27 @@
         return jsencrypt.encrypt(password); //加密
     }
     function doLogin() {
-        //公钥加密
-        var rsaPublicKey = "{{ rsa_public_key }}"
-        var password =$('#password').val(); //明文密码
-        var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
-        $('#password').val(passwordEncrypted); //返回给密码输入input
-        $('#form').submit();//post提交
-    }
+        var rsaPublicKey = "{{ rsa_public_key }}";
+        var password =$('#password').val();
+        var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
+        var serialize_array = $('#form').serializeArray();
+        $.each(serialize_array, function(index,obj){
+            if(obj.name=='password'){
+                obj.value=passwordEncrypted};
+        });
+
+        $.ajax({
+            type: 'POST',
+            url: '',
+            data: serialize_array,
+            success: function(data){
+                $('body').html(data);
+            },
+            error: function(data){
+                alert('服务器异常');
+            },
+        });
+    };
+
     </script>
 {% endblock %}
diff --git a/apps/authentication/templates/authentication/xpack_login.html b/apps/authentication/templates/authentication/xpack_login.html
index 32f12e9b5..16fccb71d 100644
--- a/apps/authentication/templates/authentication/xpack_login.html
+++ b/apps/authentication/templates/authentication/xpack_login.html
@@ -153,13 +153,28 @@
         return jsencrypt.encrypt(password); //加密
     }
     function doLogin() {
-        //公钥加密
-        var rsaPublicKey = "{{ rsa_public_key }}"
-        var password =$('#password').val(); //明文密码
-        var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey)
-        $('#password').val(passwordEncrypted); //返回给密码输入input
-        $('#contact-form').submit();//post提交
-    }
+        var rsaPublicKey = "{{ rsa_public_key }}";
+        var password =$('#password').val();
+        var passwordEncrypted = encryptLoginPassword(password, rsaPublicKey);
+        var serialize_array = $('#contact-form').serializeArray();
+        $.each(serialize_array, function(index,obj){
+            if(obj.name=='password'){
+                obj.value=passwordEncrypted};
+        });
+
+        $.ajax({
+            type: 'POST',
+            url: '',
+            data: serialize_array,
+            success: function(data){
+                $('body').html(data);
+            },
+            error: function(data){
+                alert('服务器异常');
+            },
+        });
+    };
+
 </script>
 </html>
 
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 0e186726e..107c8889e 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -163,7 +163,7 @@ class Config(dict):
         'AUTH_LDAP_SEARCH_FILTER': '(cn=%(user)s)',
         'AUTH_LDAP_START_TLS': False,
         'AUTH_LDAP_USER_ATTR_MAP': {"username": "cn", "name": "sn", "email": "mail"},
-        'AUTH_LDAP_CONNECT_TIMEOUT': 30,
+        'AUTH_LDAP_CONNECT_TIMEOUT': 10,
         'AUTH_LDAP_SEARCH_PAGED_SIZE': 1000,
         'AUTH_LDAP_SYNC_IS_PERIODIC': False,
         'AUTH_LDAP_SYNC_INTERVAL': None,
@@ -267,7 +267,8 @@ class Config(dict):
         'LANGUAGE_CODE': 'zh',
         'TIME_ZONE': 'Asia/Shanghai',
         'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True,
-        'USER_LOGIN_SINGLE_MACHINE_ENABLED': False
+        'USER_LOGIN_SINGLE_MACHINE_ENABLED': False,
+        'TICKETS_ENABLED': True
     }
 
     def compatible_auth_openid_of_key(self):
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
index 92c0d82f1..7d8cecd28 100644
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -32,7 +32,8 @@ if os.path.isfile(LDAP_CERT_FILE):
 #    AUTH_LDAP_GROUP_SEARCH_OU, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
 # )
 AUTH_LDAP_CONNECTION_OPTIONS = {
-    ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT
+    ldap.OPT_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT,
+    ldap.OPT_NETWORK_TIMEOUT: CONFIG.AUTH_LDAP_CONNECT_TIMEOUT
 }
 AUTH_LDAP_CACHE_TIMEOUT = 1
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py
index 5149c3d9c..e30eae850 100644
--- a/apps/jumpserver/settings/custom.py
+++ b/apps/jumpserver/settings/custom.py
@@ -101,3 +101,5 @@ LOGO_URLS = DYNAMIC.LOGO_URLS
 CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED = CONFIG.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED
 
 DATETIME_DISPLAY_FORMAT = '%Y-%m-%d %H:%M:%S'
+
+TICKETS_ENABLED = CONFIG.TICKETS_ENABLED
diff --git a/apps/orgs/serializers.py b/apps/orgs/serializers.py
index c36d67d89..21b695996 100644
--- a/apps/orgs/serializers.py
+++ b/apps/orgs/serializers.py
@@ -52,9 +52,9 @@ class OrgReadSerializer(OrgSerializer):
 
 
 class OrgMemberSerializer(BulkModelSerializer):
-    org_display = serializers.CharField()
-    user_display = serializers.CharField()
-    role_display = serializers.CharField(source='get_role_display')
+    org_display = serializers.CharField(read_only=True)
+    user_display = serializers.CharField(read_only=True)
+    role_display = serializers.CharField(source='get_role_display', read_only=True)
 
     class Meta:
         model = OrganizationMember
diff --git a/apps/settings/api.py b/apps/settings/api.py
index 2c7c31d13..c1692d329 100644
--- a/apps/settings/api.py
+++ b/apps/settings/api.py
@@ -279,6 +279,7 @@ class PublicSettingApi(generics.RetrieveAPIView):
                 "SECURITY_MFA_VERIFY_TTL": settings.SECURITY_MFA_VERIFY_TTL,
                 "SECURITY_COMMAND_EXECUTION": settings.SECURITY_COMMAND_EXECUTION,
                 "LOGO_URLS": settings.LOGO_URLS,
+                "TICKETS_ENABLED": settings.TICKETS_ENABLED,
                 "PASSWORD_RULE": {
                     'SECURITY_PASSWORD_MIN_LENGTH': settings.SECURITY_PASSWORD_MIN_LENGTH,
                     'SECURITY_PASSWORD_UPPER_CASE': settings.SECURITY_PASSWORD_UPPER_CASE,
diff --git a/apps/terminal/serializers/terminal.py b/apps/terminal/serializers/terminal.py
index b643dd16a..896c44440 100644
--- a/apps/terminal/serializers/terminal.py
+++ b/apps/terminal/serializers/terminal.py
@@ -1,8 +1,10 @@
 from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
 
 from common.drf.serializers import BulkModelSerializer, AdaptedBulkListSerializer
+from common.utils import is_uuid
 from ..models import (
-    Terminal, Status, Session, Task
+    Terminal, Status, Session, Task, CommandStorage, ReplayStorage
 )
 
 
@@ -18,6 +20,31 @@ class TerminalSerializer(BulkModelSerializer):
             'is_alive', 'date_created', 'command_storage', 'replay_storage'
         ]
 
+    @staticmethod
+    def get_kwargs_may_be_uuid(value):
+        kwargs = {}
+        if is_uuid(value):
+            kwargs['id'] = value
+        else:
+            kwargs['name'] = value
+        return kwargs
+
+    def validate_command_storage(self, value):
+        kwargs = self.get_kwargs_may_be_uuid(value)
+        storage = CommandStorage.objects.filter(**kwargs).first()
+        if storage:
+            return storage.name
+        else:
+            raise serializers.ValidationError(_('Not found'))
+
+    def validate_replay_storage(self, value):
+        kwargs = self.get_kwargs_may_be_uuid(value)
+        storage = ReplayStorage.objects.filter(**kwargs).first()
+        if storage:
+            return storage.name
+        else:
+            raise serializers.ValidationError(_('Not found'))
+
     @staticmethod
     def get_session_online(obj):
         return Session.objects.filter(terminal=obj, is_finished=False).count()