Joseph Gullo commented on GUACAMOLE-221:

Awesome, I hadn't seen that.


Still, the workflow I'm thinking of is the following:

1) I authenticate into guacamole as my regular user account

2) I connect to my normal desktop using a parameter, no issue.

3) I see a connection to a domain controller, I want to connect to that session 
with a separate domain admin account.  I'd like to be able to enter credentials.

4) I see a connection to a switch.  I want to connect to that session with 
separate network admin credentials.

5) I see a connection to a server, I want to connect to that session with 
separate server admin credentials.


In theory, the only possible credentials that can successfully authenticate 
from the internet are my un-privileged ones, then you would need to know 
additional credentials once inside the network.  I don't like the idea of 
storing my admin credentials, and I don't like the idea of my admin accounts 
accessible to a WAN login.  I know I can bounce from RDP once inside my regular 
session, but RDP-through-RDP starts to feel sloppy. 

> Parameter prompting within client interface
> -------------------------------------------
>                 Key: GUACAMOLE-221
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-221
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole
>            Reporter: Michael Jumper
>            Assignee: Nick Couchman
>            Priority: Major
> {panel:bgColor=#FFFFEE}
> *The description of this issue was copied from 
> [GUAC-335|https://glyptodon.org/jira/browse/GUAC-335], an issue in the JIRA 
> instance used by the Guacamole project prior to its acceptance into the 
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance 
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some parameters, such as the username/password for VNC or RDP, are better 
> entered manually within the client when connecting rather than stored on the 
> server in MySQL or {{user-mapping.xml}}.
> Storing secure data within parameters on the server side has security 
> implications that don't fit well with all use cases.
> Further, some connections would benefit if their settings can be modified 
> locally before connecting. A user could change the color depth or screen size 
> of their RDP session, for example, for the sake of a slower connection.

This message was sent by Atlassian Jira

Reply via email to