Marc-Antoine Garrigue wrote: > Hi Rickard, > Could you explain what requirements/limitations of your context leads > to locate the CAS Server A in the internal netword instead of the DMZ?
Very simple: there is NO way that security-minded(/paranoid) people would put their LDAP directory with their authentication information in a DMZ. Since the authentication server needs access to the LDAP directory for login, the whole scheme breaks down. Hasn't this been encountered before? How do other people solve this? > About deploying a ticket manager service in the DMZ, with ticket > replication between A and C, this could be done using a distributed > ticket registry (next release). Alright, sounds good. But as above, I'm really curious how people reason about this problem today. This network topology issues seems kind of critical for the whole idea. /Rickard _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
