In setting up a multisite configuration in a Linux environment, our primary site, has been using the CAS module for authentication. (

We stood up a new site, (following standard Drupal multsite practice) and wonder if...

1) Do we have to enable the CAS module for subsite? Or does authentication cascasde down somehow?
2) How can we redirect visitors back for them to authenticate? (we don't want any users logging in at
3) What other considerations do I need to think about?