Once I had CAS working with our users database, the next step was to support expired user passwords or those in the grace password. CAS supported neither of those cases out of the box. Searching for it landed me on this page describing a solution, but it was old and not compatible with a fairly recent CAS source code. It was also coupled with LDAP which I didn't need.
After spending some time, I finally managed to extend CAS to provide a generic enough support for such cases. With no more ado, I am providing you a patch here that can be applied to the 3.4.11 version (and later version with possibly not much more effort). In order to enjoy this, just download CAS from here and apply the patch provided.
Though, I could extend from CAS Maven module (as described here) but then I had to repeat so many things because of a small change, making things more confusing. I am hoping to get this patch added to the main code, if guys over there are happy with it.