You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Lee Doughty <le...@virginiacyberrange.org> on 2022/05/19 10:11:46 UTC

Feature idea for guacamole

I was told this might be a good place to protist a feature idea to gauge
interest before making a ticket.

Would it be difficult to add a feature/option to fall back to user input on
connections.. or to disable features that are unavailable if they are not
available?

When our users log in, we set up auto login RDP with file transfer support
to try and make the users experience more friendly... However, this is
fragile to users changing their password or, in the case of file transfer,
modifying their authorized keys.

It would be nice if we could allow the connection to continue if the user
breaks these features

-Lee

Re: Feature idea for guacamole

Posted by Nick Couchman <vn...@apache.org>.

On Thu, May 19, 2022 at 6:12 AM Lee Doughty <le...@virginiacyberrange.org>
wrote:

> I was told this might be a good place to protist a feature idea to gauge
> interest before making a ticket.
>
> Would it be difficult to add a feature/option to fall back to user input
> on connections.. or to disable features that are unavailable if they are
> not available?
>
>
One of the design decisions we have intentionally made, particularly when
soliciting user input, is that user input is _never_ allowed to override
what an administrator has entered for the connection. Doing so could
present security risks that administrators may be intentionally trying to
guard against.


> When our users log in, we set up auto login RDP with file transfer support
> to try and make the users experience more friendly... However, this is
> fragile to users changing their password or, in the case of file transfer,
> modifying their authorized keys.
>
>
Allowing a RDP or VNC connection to continue even if SFTP fails has been
discussed in the past. I guess it doesn't tend to be an issue very often or
for very many people, because it doesn't come up often, but I think there's
already a Jira issue out there for it. The question really becomes, do you
want a half-working connection, where something is broken, or do you want
the connection to fail?

That said, we have some pending changes that allow guacd to deliver
messages back to the client, so maybe we could look into allowing this, but
warning the user that file transfer will not work because of a failure.

-Nick

>