Bakery is not a perfect SSO system so it's important to understand how Bakery works and what it means to use it.
Bakery is built on the ability for cookies to be read by all sites within a domain when a cookie's domain is set with a leading period. The PHP documentation on setcookie says this about cookie domains:
To make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
During authentication for an account, Bakery will issue a cookie with shared domain access. This cookie is known internally as CHOCOLATECHIP and will be used to cause authentication for the user on slave sites.
Shared account properties
For SSO to work, some amount of user account details must be the same. Bakery synchronizes on account name, email address, and a URL to the master account edit page. The Drupal user object properties are:
$user->name; // 'username'
$user->mail; // 'firstname.lastname@example.org'
$user->init; // 'http://example.org/user/929/edit'
Bakery does not synchronize account ID (UID). It was a purposeful decision to not require shared internal numeric identifiers for accounts.
Accounts are synchronized and explicitly shared on username, email, and a URL only. There is optional support for most other account properties and profile values.
Account UIDs will differ between sites.
Most user properties and all profile fields can be synchronized on Drupal 6 Bakery sites, but there is no other supported data synchronization.
Bakery may not be compatible with other modules.
Bakery is hard to debug unless you're comfortable writing Drupal code and can monitor HTTP requests.