7631 – Web Access logins can fail in HA setup

Bug 7631 - Web Access logins can fail in HA setup

Summary: Web Access logins can fail in HA setup

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Web Access (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	LowPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-25 16:30 CET by Pierre Ossman
Modified:	2021-03-11 12:52 CET (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2021-01-25 16:30:23 CET

The current Web Access architecture does not work reliably if using a active-active (or load balancing) high availability setup for the ThinLinc Master. In some circumstances the authentication can fail for users.

The problem is that the authentication can involve multiple requests, and we assume that all of those requests will be handled by the same system. In a HA setup that might not be the case as every other request will be switched between the two master systems. The second request will then fail to find the PAM session and things will fail.

For most systems this is not an issue as a single request is sufficient. But a OTP setup, or a password change, can trigger this.

Note You need to log in before you can comment on or make changes to this bug.