Re: Locking password view

2021-09-02 Thread Alejandro Hernandez 

Thanks Mike!

I wasn't aware of point 2, actually that covers mi situation even 
better!


Have a great day everyone!

El 2021-09-01 18:55, Mike Jumper escribió:

On Wed, Sep 1, 2021 at 4:29 PM Alejandro Hernandez 
 wrote:



Hello!

I have 2 admins for Guacamole (GUI level, not Linux level).

Outside Guacamole those 2 persons do not share all of their passwords 
(ie. just one knows the domain admin password).


Using Guacamole one could create a session so the other can use the 
domain admin.


Since both are Guacamole admins, if the user that doesn't know the 
password edits the respective connection would be able to see and then 
know such password by simply, easily and quickly pressing the lock 
icon next to it.


May I disable such lock icon? So they are able to enter any password 
anywhere but then unable to see such password so easily...


I know that's doesn't make it entirely secure, but in that particular 
case I think it would be enough.


No, and you definitely SHOULD NOT do this. You should only grant full 
admin-level access to users that truly should be able to see and edit 
everything. The "administer system" permission is identical in 
principle to the root user on Linux systems.


Your options here would be:

* Integrate Guacamole with your Active Directory using LDAP and use 
parameter tokens to pass through the user's own credentials, that way 
no credentials are stored: 
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
* Do not grant these users full admin permission, but rather only any 
relevant "create" permissions. They will only be able to see, edit, and 
manage the connections or users that they create. Despite having admin 
access to _their_ connections, they won't be able to see or touch the 
connections created by the other.
* Separate the systems, giving one admin access to one and the other 
admin access to the other.
* Leverage the upcoming vault support, when it's ready: 
https://issues.apache.org/jira/browse/GUACAMOLE-641


Do not grant full admin access to users unless those users truly need 
and should have that kind of access. If they shouldn't have that kind 
of access, or you feel the need to restrict that access, then that 
means they definitely should not be given that level of access.


Michael Jumper

CEO, Lead Developer
Glyptodon Inc [1].



Links:
--
[1] https://glyp.to/

Re: Locking password view

2021-09-01 Thread Mike Jumper 
On Wed, Sep 1, 2021 at 4:29 PM Alejandro Hernandez 
wrote:

> Hello!
>
> I have 2 admins for Guacamole (GUI level, not Linux level).
>
> Outside Guacamole those 2 persons do not share all of their passwords (ie.
> just one knows the domain admin password).
>
> Using Guacamole one could create a session so the other can use the domain
> admin.
>
> Since both are Guacamole admins, if the user that doesn't know the
> password edits the respective connection would be able to see and then know
> such password by simply, easily and quickly pressing the lock icon next to
> it.
>
> May I disable such lock icon? So they are able to enter any password
> anywhere but then unable to see such password so easily...
>
> I know that's doesn't make it entirely secure, but in that particular case
> I think it would be enough.
>

No, and you definitely *SHOULD NOT* do this. You should only grant full
admin-level access to users that truly should be able to see and edit
everything. The "administer system" permission is identical in principle to
the root user on Linux systems.

Your options here would be:

   1. Integrate Guacamole with your Active Directory using LDAP and use
   parameter tokens to pass through the user's own credentials, that way no
   credentials are stored:
   
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
   2. Do not grant these users full admin permission, but rather only any
   relevant "create" permissions. They will only be able to see, edit, and
   manage the connections or users that they create. Despite having admin
   access to *their* connections, they won't be able to see or touch the
   connections created by the other.
   3. Separate the systems, giving one admin access to one and the other
   admin access to the other.
   4. Leverage the upcoming vault support, when it's ready:
   https://issues.apache.org/jira/browse/GUACAMOLE-641

Do not grant full admin access to users unless those users truly need and
should have that kind of access. If they shouldn't have that kind of
access, or you feel the need to restrict that access, then that means they
definitely should not be given that level of access.

Michael Jumper
CEO, Lead Developer
Glyptodon Inc .

Locking password view

2021-09-01 Thread Alejandro Hernandez 

Hello!

I have 2 admins for Guacamole (GUI level, not Linux level).

Outside Guacamole those 2 persons do not share all of their passwords 
(ie. just one knows the domain admin password).


Using Guacamole one could create a session so the other can use the 
domain admin.


Since both are Guacamole admins, if the user that doesn't know the 
password edits the respective connection would be able to see and then 
know such password by simply, easily and quickly pressing the lock icon 
next to it.


May I disable such lock icon? So they are able to enter any password 
anywhere but then unable to see such password so easily...


I know that's doesn't make it entirely secure, but in that particular 
case I think it would be enough.