[jira] [Commented] (GUACAMOLE-538) Add the ability to specify separate permissions for "History" and "Active sessions" tabs
[ https://issues.apache.org/jira/browse/GUACAMOLE-538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16428447#comment-16428447 ] Fabian Rodriguez commented on GUACAMOLE-538: The current ADMINISTER permission is all inclusive as I understand it. This issue is about having the choice to assign more granular permissions to the "History" and "Acrives sessions" tabs. Another use case is giving a junior tech the ability to manage connections while not having access to active sessions and/or history. > Add the ability to specify separate permissions for "History" and "Active > sessions" tabs > > > Key: GUACAMOLE-538 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-538 > Project: Guacamole > Issue Type: Improvement > Components: guacamole >Reporter: Fabian Rodriguez >Priority: Minor > > In Settings > Users > $USER > Permissions, I'd like to be able to set two > extra permissions: > * access sessions History tab > * access Active Sessions tab. > This would help when it's required to provide a manager access to history and > active sessions, while avoiding giving them full admin rights (change/add > users/connections). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-538) Add the ability to specify separate permissions for "History" and "Active sessions" tabs
[ https://issues.apache.org/jira/browse/GUACAMOLE-538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16428254#comment-16428254 ] Nick Couchman commented on GUACAMOLE-538: - This is at least related to, if not a duplicate of GUACAMOLE-460. > Add the ability to specify separate permissions for "History" and "Active > sessions" tabs > > > Key: GUACAMOLE-538 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-538 > Project: Guacamole > Issue Type: Improvement > Components: guacamole >Reporter: Fabian Rodriguez >Priority: Minor > > In Settings > Users > $USER > Permissions, I'd like to be able to set two > extra permissions: > * access sessions History tab > * access Active Sessions tab. > This would help when it's required to provide a manager access to history and > active sessions, while avoiding giving them full admin rights (change/add > users/connections). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-527) Add parameter for specifying known SSH/SFTP server fingerprint
[ https://issues.apache.org/jira/browse/GUACAMOLE-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16428216#comment-16428216 ] Nick Couchman commented on GUACAMOLE-527: - Server and client PRs submitted and waiting for review. > Add parameter for specifying known SSH/SFTP server fingerprint > -- > > Key: GUACAMOLE-527 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-527 > Project: Guacamole > Issue Type: New Feature > Components: Documentation, RDP, SSH, VNC >Reporter: Michael Jumper >Assignee: Nick Couchman >Priority: Major > > Guacamole's SSH support (used for both SSH terminal connections and SFTP) > currently does not provide a mechanism for verifying the identity of the SSH > server. In case Guacamole is used to access computers across untrusted > networks (or using hostnames queried from untrusted DNS), additional > parameters should be provided allowing the administrator to explicitly > specify the known key fingerprint of the SSH server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (GUACAMOLE-527) Add parameter for specifying known SSH/SFTP server fingerprint
[ https://issues.apache.org/jira/browse/GUACAMOLE-527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-527: Component/s: Documentation > Add parameter for specifying known SSH/SFTP server fingerprint > -- > > Key: GUACAMOLE-527 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-527 > Project: Guacamole > Issue Type: New Feature > Components: Documentation, RDP, SSH, VNC >Reporter: Michael Jumper >Assignee: Nick Couchman >Priority: Major > > Guacamole's SSH support (used for both SSH terminal connections and SFTP) > currently does not provide a mechanism for verifying the identity of the SSH > server. In case Guacamole is used to access computers across untrusted > networks (or using hostnames queried from untrusted DNS), additional > parameters should be provided allowing the administrator to explicitly > specify the known key fingerprint of the SSH server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (GUACAMOLE-537) Implement a "connection event tracker" note or comment
[ https://issues.apache.org/jira/browse/GUACAMOLE-537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-537: Priority: Minor (was: Major) > Implement a "connection event tracker" note or comment > -- > > Key: GUACAMOLE-537 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-537 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-client >Reporter: Fabian Rodriguez >Priority: Minor > > I'd like to suggest implementing an optional "connection event tracker" to > log a reference, note, comment or reason to connect when doing so. > This would be a question asked before each connection, where the user would > have to indicate why the connection is being established,for logging > purposes. This information would then be visible in the history report. > Windows servers implement this, I can't seem to be able to attach an image > here, lots of example can be found doing an image search for "windows > shutdown event tracker". -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (GUACAMOLE-537) Implement a "connection event tracker" note or comment
[ https://issues.apache.org/jira/browse/GUACAMOLE-537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Couchman updated GUACAMOLE-537: Component/s: (was: guacamole) guacamole-client > Implement a "connection event tracker" note or comment > -- > > Key: GUACAMOLE-537 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-537 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-client >Reporter: Fabian Rodriguez >Priority: Minor > > I'd like to suggest implementing an optional "connection event tracker" to > log a reference, note, comment or reason to connect when doing so. > This would be a question asked before each connection, where the user would > have to indicate why the connection is being established,for logging > purposes. This information would then be visible in the history report. > Windows servers implement this, I can't seem to be able to attach an image > here, lots of example can be found doing an image search for "windows > shutdown event tracker". -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (GUACAMOLE-536) Enhance restrictive LDAP authentication configuration requirements
[
https://issues.apache.org/jira/browse/GUACAMOLE-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-536:
Priority: Minor (was: Blocker)
> Enhance restrictive LDAP authentication configuration requirements
> --
>
> Key: GUACAMOLE-536
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-536
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-ldap
>Reporter: Joseph L. Casale
>Priority: Minor
>
> The current LDAP authentication scheme can recursively search the base DN
> only when a bind DN is used. When biding with the user attempting to log on,
> the bind DN format pattern is not exposed through configuration which imposes
> unnatural restrictions forcing the user to exist in a single container.
> If the format pattern was exposed for configuration, for DSA's which allow
> flexible bind patterns such as Active Directory, configuration could allow
> "DOMAIN
> %s" or "%s...@domain.com" and for those DSA's which do not, you would simply
> configure the restrictive full DN as the pattern.
> The use case is that we use Active Directory anddo not allow bind accounts so
> the restriction prevents all users from accessing the application as our
> topology is not flat (we need to pick a single container therefor excluding
> everyone else).
> A working Java implementation of an LDAP auth scheme that facilitates this is
> [Gitblit|http://gitblit.com/properties.html], see theĀ realm.ldap.*
> configuration properties. Setting the bind pattern to the UPN such as:
> {code:java}
> realm.ldap.bindpattern = ${username}@domain.com
> {code}
> allows the flexible configuration in our Active Directory environment.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
