You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by "Michael Jumper (JIRA)" <ji...@apache.org> on 2018/04/02 05:36:00 UTC
[jira] [Commented] (GUACAMOLE-529) Despite the fact user account is
disabled, user account can access to a welcome blank screen
[ https://issues.apache.org/jira/browse/GUACAMOLE-529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421947#comment-16421947 ]
Michael Jumper commented on GUACAMOLE-529:
------------------------------------------
Thanks for confirming, Nick.
The issue is due to the way GUACAMOLE-284 tied the "disabled" flag to the "*-user-required" properties. You can work around the issue for the time being by setting the applicable property to true:
http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-restrict
I'm now modifying the authentication-specific part of the JDBC auth to properly check this flag. This will correct the behavior such that:
* The database auth will not authenticate a user with the "disabled" flag set.
* If a user is authenticated by other means, that user will not received data from the database auth if the "disabled" flag is set (part of GUACAMOLE-284).
* If a user is authenticated by other means, and the appropriate "*-user-required" property is set to true, the authentication attempt will be rejected entirely (GUACAMOLE-284).
> Despite the fact user account is disabled, user account can access to a welcome blank screen
> --------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-529
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-529
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 0.9.14, 1.0.0
> Environment: Ubuntu 16.04.3, mysql, git version guacamole 1.0.0
> CentOS 7, PostgreSQL, Guacamole Client 0.9.14
> CentOS 7, SQL Server, Guacamole Client 1.0.0 (git)
> Reporter: emma
> Assignee: Michael Jumper
> Priority: Major
> Attachments: Account_Blank_Screen.png, Account_Disable.png
>
>
> Hi,
> I've made an upgrade from 0.9.12 to 1.0.0 git version (dev) and also an upgrade from 0.9.14 to 1.0.0 git version (dev) everything works fine without any issues then i realized than despite my users account were disabled i can logon to Guacamole and access to a welcome blank screen.
> I've also checked in mysql database and users account are Disabled '1'.
> So far when a user account was disabled, it was unable to logon and access to any screen. User got a message onto the logon screen like "invalid credential" or something similar.
> Guess that "issue" is probably due to developpement version but quite strange for that module managing credential and logon.
> Thank you
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)