You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Chris Misztur <cm...@mriiot.com> on 2020/04/01 12:11:39 UTC
User bypassing auth
I have one user who is able to close the browser (tried Chrome and FF), and evening reboot his PC, go to Guac URL and is allowed back in without auth. I have it set up for LDAP and TOTP.
Is something getting cached server side?
Chris
Re: User bypassing auth
Posted by sciUser <sh...@securitycentric.net>.
Sent you a private message with the code.
-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole installations
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: User bypassing auth
Posted by Chris Misztur <cm...@mriiot.com>.
@sciUser: I do not see any source to include in index.html... Can you
resend?
Thanks
Chris
On Wed, Apr 1, 2020 at 11:55 AM sciUser <sh...@securitycentric.net>
wrote:
> This may get some back lash, but we ran in to this issue and we add this
> line
> of code in the header and body. This resolved the issue. Be warned, this
> means that anytime the page is refreshed you will have to re-login. This
> issues the cookie then expires it, leaving your current session intact.
>
> Add this to the index.html page at the top level
> webapps/guacamole/index.html
>
>
>
>
>
> -----
> A Cybersecurity Enablement Company
> We don't just run you through the motions, Our labs teach you how to
> think!
> Known good Guacamole installations
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
Re: User bypassing auth
Posted by sciUser <sh...@securitycentric.net>.
This may get some back lash, but we ran in to this issue and we add this line
of code in the header and body. This resolved the issue. Be warned, this
means that anytime the page is refreshed you will have to re-login. This
issues the cookie then expires it, leaving your current session intact.
Add this to the index.html page at the top level
webapps/guacamole/index.html
-----
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole installations
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: User bypassing auth
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Apr 1, 2020 at 8:11 AM Chris Misztur <cm...@mriiot.com> wrote:
> I have one user who is able to close the browser (tried Chrome and FF),
> and evening reboot his PC, go to Guac URL and is allowed back in without
> auth. I have it set up for LDAP and TOTP.
>
> Is something getting cached server side?
>
>
Guacamole's authentication system issues tokens for the logins. If the
user does not explicitly Log Out (which deletes the token), then it is
possible that, within a reasonable amount of time, they can come back and
expect to not have to log in, again. Guacamole will periodically expire
these tokens, forcing a new login. This is fairly consistent with how most
web sites behave - that is, I don't have to log in to my e-mail every time
I close it out and re-open it - it prompts me periodically, but certainly
not every time.
-Nick