In setting up a multisite configuration in a Linux environment, our primary site, www.site.com has been using the CAS module for authentication. (https://www.drupal.org/project/cas)

We stood up a new site, www.subsite.site.com (following standard Drupal multsite practice) and wonder if...

1) Do we have to enable the CAS module for subsite? Or does authentication cascasde down somehow?
2) How can we redirect visitors back www.site.com for them to authenticate? (we don't want any users logging in at subsite.site.com)
3) What other considerations do I need to think about?