guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: Authentication using http
Date Sun, 05 Nov 2017 21:25:56 GMT
On Fri, Nov 3, 2017 at 6:01 AM, Nick Couchman <vnick@apache.org> wrote:
>
> On Tue, Oct 31, 2017 at 5:43 PM, Thompson, John H. (GSFC-606.2)[PATUXENT TECHNOLOGY PARTNERS]
<john.h.thompson@nasa.gov> wrote:
>>
>> Will storing the allowed connections in LDAP work with HTTP
>> header authentication"?
>>
>> ...
>>
>
> I believe the answer is no.  Mike can correct this if I'm wrong, but my understanding
is that one of the security mechanisms in the LDAP module is that the bind to look for connections
is done with the user who logged in.  So, if the user is logged in through another mechanism
(header authentication), and particularly one that doesn't provide the password to Guacamole
(header will not), then there's not going to be any way for the user who logged in to bind
to the LDAP directory.
>

This is exactly correct. Part of the idea behind the LDAP
authentication is to allow the LDAP directory's own security
constraints to dictate access level. This cannot be done without a
bind.

- Mike

Mime
View raw message