CAS and DMZ network topology
Rickard Oberg
rickard.oberg at senselogic.se
Sat Nov 11 17:35:07 EST 2006
Scott Battaglia wrote:
> Why is server B in the DMZ zone but server A is not if people on the
> internal network need to access B? What happens in the scenario where
> people on the non-internal network need to access B? They wouldn't be
> able to log in as A is internal. So if people on the outside can't
> actually access B anyway (since its secured by CAS which is on the
> internal network), why isn't B also on the internal network?
Excellent question, and the reason is that our product is a content
management system, and the editors are located on an internal network,
the CMS is in the DMZ, the LDAP for authenticating the editors is on the
internal network, and all anonymous users who will only be reading the
information on server B. That's what makes the network topology such a
headache for me.
If I can authenticate internal users with the internal LDAP for the
services in the DMZ, that would be a great thing!! From what I have seen
so far CAS does not seem to solve this, at least not without the
distributed ticket registry.
/Rickard
More information about the cas
mailing list