[pubcookie-users] (no subject)

[Nathan Dors]

Yes, this scenario is supported. The login server can operate in a 
clustered environment, and the Apache module can too. (We do this 
quite a bit with both for the obvious capacity and redundancy 
reasons.) The respective installation guides provide guidelines 
for this under "Clustered Host Configuration".

One caveat, however, because you seem to suggest that your login 
server and application server will be hosted on the same domain 
(test.com) rather than separate domains (login.test.com and 
apps.test.com).

We wouldn't advise this because Javascript, hidden windows, and 
frames sent from the host might be able to steal the user's login 
cookie and possibly even the user's password keystroke. This is a 
browser thing: the only reliable security boundary is the domain. 
So the login server should really be on it's own virtual host name 
at least.

-Nathan



On Thu, 13 Jan 2005, EXT-Bailey, Travis L wrote:

> Hello,
>
>     I want to be sure I am clear on the use of pubcookie before I try to install a test platform.
>
> Here are my thoughts:
>
> I would like to set up a domain (test.com) that will be using DNS round robin to send users to either the real machine test1.com or test2.com.
> Both machines will be running apache and the web applications hosted will handle any data replication issues. Each machine will be in separate geographical locations and will each need to be a key server/and client. Also the machines will  have the same SSL keys with the name test.com.
>
> I want the users to only have to login once no matter how often they jump between the two machines. I believe this is what pubcookie can offer.
>
>
> Please advise.
>
> Thanks
>
> Travis
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>