[pubcookie-users] (no subject)
dors at cac.washington.edu
Thu Jan 13 16:30:08 PST 2005
Yes, this scenario is supported. The login server can operate in a
clustered environment, and the Apache module can too. (We do this
quite a bit with both for the obvious capacity and redundancy
reasons.) The respective installation guides provide guidelines
for this under "Clustered Host Configuration".
One caveat, however, because you seem to suggest that your login
server and application server will be hosted on the same domain
(test.com) rather than separate domains (login.test.com and
frames sent from the host might be able to steal the user's login
cookie and possibly even the user's password keystroke. This is a
browser thing: the only reliable security boundary is the domain.
So the login server should really be on it's own virtual host name
On Thu, 13 Jan 2005, EXT-Bailey, Travis L wrote:
> I want to be sure I am clear on the use of pubcookie before I try to install a test platform.
> Here are my thoughts:
> I would like to set up a domain (test.com) that will be using DNS round robin to send users to either the real machine test1.com or test2.com.
> Both machines will be running apache and the web applications hosted will handle any data replication issues. Each machine will be in separate geographical locations and will each need to be a key server/and client. Also the machines will have the same SSL keys with the name test.com.
> I want the users to only have to login once no matter how often they jump between the two machines. I believe this is what pubcookie can offer.
> Please advise.
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
More information about the pubcookie-users