guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: report of activities on the server
Date Sat, 23 Dec 2017 20:40:51 GMT
On Fri, Dec 22, 2017 at 3:51 PM, mniehren <michael@niehren.de> wrote:

> Hi Erik,
>
> i tried out jetty and tomcat but in the log of both, i found the real
> username
> and the connection name, not more .
>
> In the guacd.log i only have the encrypted ones.
>
>
guacd has no concept of user accounts. The values you're seeing in guacd's
logs are not encrypted usernames, but unique identifiers generated upon
connecting to identify the current connection (such that it can be joined)
and to identify the logical user accessing that connection (to distinguish
them from other usages of the same connection).

Is there a possiblity that either jetty/tomcat logs the encrypted username
> or the pid of the guacd-process which handles the connection or that
> guacd logs the real username and/or connection name ?
>

Logging the unique identifier of the guacd connection would be an easy
change, and would allow some degree of correlation there. Though guacd
already logs the connection identifier once per connection, logging it for
each connection-specific message would probably be a good idea, as well.

Exposing the unique identifier of the logical user would require protocol
and API changes, but may be reasonable.

Providing some means for the webapp to assign an arbitrary informational
tag to be included in log messages (like the username and unique value to
allow things to be correlated on a 1-to-1 basis) might also be reasonable,
but would also require protocol and API changes.

- Mike

Mime
View raw message