Re: Select User Connection Restricted by Source IP

2018-05-15 Thread Nick Couchman
> > > > Off the top of my head: > > > > * You step away from the computer and need to check something via your > > phone. > > > > * You lock your screen at work without logging out from guac, head home, > > and need to log in again. > > > > * You are using an anonymizing service which changes IP

Re: Select User Connection Restricted by Source IP

2018-05-14 Thread Suncatcher16
Mike Jumper wrote > On Sun, May 13, 2018, 04:49 Suncatcher16 > suncatcher16@ > wrote: > >> Just a matter of taste. Both use-cases require extensions anyway. LAN/WAN >> differentiation seems more important for me. >> >> BTW, how can single user connect from different IPs simultaneously? It's

Re: Select User Connection Restricted by Source IP

2018-05-13 Thread Mike Jumper
On Sun, May 13, 2018, 04:49 Suncatcher16 wrote: > Just a matter of taste. Both use-cases require extensions anyway. LAN/WAN > differentiation seems more important for me. > > BTW, how can single user connect from different IPs simultaneously? It's a > great breach for

Re: Select User Connection Restricted by Source IP

2018-05-13 Thread Suncatcher16
Just a matter of taste. Both use-cases require extensions anyway. LAN/WAN differentiation seems more important for me. BTW, how can single user connect from different IPs simultaneously? It's a great breach for attacker, which could mask malicious activity. I cannot imagine such use-case where

Re: Select User Connection Restricted by Source IP

2018-05-13 Thread Suncatcher16
vnick wrote > On Mon, Apr 9, 2018 at 11:15 AM, Steven Galante < > steven.galante@ >> wrote: > I don't think it has been implemented by anyone, yet, but should be very > doable - it will require writing a custom Authentication Extension > -Nick Exactly. One need to write an extension. The

Re: Select User Connection Restricted by Source IP

2018-04-10 Thread Nick Couchman
On Mon, Apr 9, 2018 at 12:13 PM, Tom Astle wrote: > I'll add a "me too" for this. I'd also like to use the upcoming TOTP > support with this so that if someone was coming from a certain subnet, say > an RFC1918 private, they would not have to use the 2fa. Presently, we are >

Re: Select User Connection Restricted by Source IP

2018-04-10 Thread Nick Couchman
On Mon, Apr 9, 2018 at 11:15 AM, Steven Galante < steven.gala...@stonybrook.edu> wrote: > I understand this is counter intuitive to Guacamole's purpose. Though, I > have use case were we would like to be able to restrict select connections > for users by source IP. Has anyone come across this?

Re: Select User Connection Restricted by Source IP

2018-04-09 Thread Tom Astle
I'll add a "me too" for this. I'd also like to use the upcoming TOTP support with this so that if someone was coming from a certain subnet, say an RFC1918 private, they would not have to use the 2fa. Presently, we are looking at using Duo for this, which is really expensive in scale. - On

Select User Connection Restricted by Source IP

2018-04-09 Thread Steven Galante
I understand this is counter intuitive to Guacamole's purpose. Though, I have use case were we would like to be able to restrict select connections for users by source IP. Has anyone come across this? and if so, how did you come over it? Thanks, Steve