Bug 7631 - Web Access logins can fail in HA setup
Summary: Web Access logins can fail in HA setup
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
Depends on:
Reported: 2021-01-25 16:30 CET by Pierre Ossman
Modified: 2021-03-11 12:52 CET (History)
0 users

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2021-01-25 16:30:23 CET
The current Web Access architecture does not work reliably if using a active-active (or load balancing) high availability setup for the ThinLinc Master. In some circumstances the authentication can fail for users.

The problem is that the authentication can involve multiple requests, and we assume that all of those requests will be handled by the same system. In a HA setup that might not be the case as every other request will be switched between the two master systems. The second request will then fail to find the PAM session and things will fail.

For most systems this is not an issue as a single request is sufficient. But a OTP setup, or a password change, can trigger this.

Note You need to log in before you can comment on or make changes to this bug.