Scott Battaglia wrote: > Why is server B in the DMZ zone but server A is not if people on the > internal network need to access B? What happens in the scenario where > people on the non-internal network need to access B? They wouldn't be > able to log in as A is internal. So if people on the outside can't > actually access B anyway (since its secured by CAS which is on the > internal network), why isn't B also on the internal network?
Excellent question, and the reason is that our product is a content management system, and the editors are located on an internal network, the CMS is in the DMZ, the LDAP for authenticating the editors is on the internal network, and all anonymous users who will only be reading the information on server B. That's what makes the network topology such a headache for me. If I can authenticate internal users with the internal LDAP for the services in the DMZ, that would be a great thing!! From what I have seen so far CAS does not seem to solve this, at least not without the distributed ticket registry. /Rickard _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
