On Sun, May 13, 2018, 04:49 Suncatcher16 <[email protected]> wrote:
> Just a matter of taste. Both use-cases require extensions anyway. LAN/WAN > differentiation seems more important for me. > > BTW, how can single user connect from different IPs simultaneously? It's a > great breach for attacker, which could mask malicious activity. I cannot > imagine such use-case where that might be needed. Do you? > Off the top of my head: * You step away from the computer and need to check something via your phone. * You lock your screen at work without logging out from guac, head home, and need to log in again. * You are using an anonymizing service which changes IP occasionally. etc. Different IPs means that you provided your user to smb else who connects > from different location, this is what users were created for, imho. > Nope. It might mean that, but this isn't guaranteed (see above). Regardless, the fact that a user may choose to share their password isn't a potential breach in the system; it's a poor choice on the user's part. If you wish to make doubly sure that a user is who they claim to be, that's exactly the use case behind 2FA. - Mike
