You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/03/02 02:24:00 UTC
[jira] [Comment Edited] (GUACAMOLE-708) Allow JDBC Users to be
Created Automatically
[ https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17048738#comment-17048738 ]
Mike Jumper edited comment on GUACAMOLE-708 at 3/2/20 2:23 AM:
---------------------------------------------------------------
Can you provide an example of such a case? My impression of the user management UI was that it would inherently allow for automatic creation of database users so long as the available users were exposed by the extension identifying them (such as by LDAP).
Regarding allowing things like TOTP to store arbitrary data, I think there may be additional changes needed to facilitate that, since the database auth will not allow users to store attributes unless those users have {{UPDATE}} permission on themselves (an extension which decorates the {{UserContext}} of another can only act with the permissions granted to the {{UserContext}} being decorated). I have some changes that I've been experimenting with which allow extensions to obtain a {{UserContext}} that is privileged which may be appropriate to be part of this, if the scope can be broadened to cover the problem it's intended to solve (the ability for extensions to work together to store arbitrary data) rather than the specific piece of that solution (automatic user creation).
was (Author: mike.jumper):
Can you provide an example of such a case? My impression of the user management UI was that it would inherently allow for automatic creation of database users so long as the available users were exposed by the extension identifying them (such as by LDAP).
Regarding allowing things like TOTP to store arbitrary data, I think there may be additional changes needed to facilitate that, since the database auth will not allow users to store attributes unless those users have {{UPDATE}} permission on themselves and an extension which decorates another can only act with the permissions granted to the {{UserContext}} being decorated. I have some changes that I've been experimenting with which allow extensions to obtain a {{UserContext}} that is privileged which may be appropriate to be part of this, if the scope can be broadened to cover the problem it's intended to solve (the ability for extensions to work together to store arbitrary data) rather than the specific piece of that solution (automatic user creation).
> Allow JDBC Users to be Created Automatically
> --------------------------------------------
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
> Reporter: Nick Couchman
> Assignee: Nick Couchman
> Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can authenticate from other sources is to enable automatic creation of user accounts within the database assuming the user is successfully authenticated elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or, depending on how the implementation works out, with the other extensions - a property that, disabled by default, could be enabled that would allow users authenticated successfully through other extensions to be automatically created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)