I recently added an auth server to my network. For internal connections, my terminals connect directly to that auth server with the local domain (authdom=hetero). However, for incoming connections from remote clients (outside the local network), instead of using trampoline(1) to forward requests on authsrv from the cpu server to just one auth server, I'd like it if there was some way that the cpu server could decide which auth server in the local network to use (suppose there are multiple auth servers), based on the given authdom. So, if the client-side configuration looks like:
auth=server authdom=auth1 then the CPU server maps "auth1" (perhaps by a /lib/ndb/local entry that looks like: auth=intauth authdom=auth1 where intauth is one of the auth servers, at say, 192.168.1.4). That way, I don't need a new public IP for each auth server; I don't need a new port for each auth server; I can keep my auth servers away from direct access; etc.... Has anything like this ever been implemented? Are there any existing solutions or near-solutions for such a problem? Thanks, ak
