On Wed, Sep 1, 2021 at 4:29 PM Alejandro Hernandez <a...@safedataserver.com> wrote:
> Hello! > > I have 2 admins for Guacamole (GUI level, not Linux level). > > Outside Guacamole those 2 persons do not share all of their passwords (ie. > just one knows the domain admin password). > > Using Guacamole one could create a session so the other can use the domain > admin. > > Since both are Guacamole admins, if the user that doesn't know the > password edits the respective connection would be able to see and then know > such password by simply, easily and quickly pressing the lock icon next to > it. > > May I disable such lock icon? So they are able to enter any password > anywhere but then unable to see such password so easily... > > I know that's doesn't make it entirely secure, but in that particular case > I think it would be enough. > No, and you definitely *SHOULD NOT* do this. You should only grant full admin-level access to users that truly should be able to see and edit everything. The "administer system" permission is identical in principle to the root user on Linux systems. Your options here would be: 1. Integrate Guacamole with your Active Directory using LDAP and use parameter tokens to pass through the user's own credentials, that way no credentials are stored: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens 2. Do not grant these users full admin permission, but rather only any relevant "create" permissions. They will only be able to see, edit, and manage the connections or users that they create. Despite having admin access to *their* connections, they won't be able to see or touch the connections created by the other. 3. Separate the systems, giving one admin access to one and the other admin access to the other. 4. Leverage the upcoming vault support, when it's ready: https://issues.apache.org/jira/browse/GUACAMOLE-641 Do not grant full admin access to users unless those users truly need and should have that kind of access. If they shouldn't have that kind of access, or you feel the need to restrict that access, then that means they definitely should not be given that level of access. Michael Jumper CEO, Lead Developer Glyptodon Inc <https://glyp.to/>.
