guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: guacamole admin utility
Date Mon, 01 Jan 2018 01:57:07 GMT
On Sun, Dec 31, 2017 at 12:13 PM, Nick Couchman <vnick@apache.org> wrote:

> On Sun, Dec 31, 2017 at 11:59 AM, Michael Niehren <michael@niehren.de>
> wrote:
>
>> am i right, that the rest-api could only be used with
>> Database-Authentication ?
>>
>> I think, the cmdline-cli should work with all authentication
>> possibilities ...
>>
>
> No, the REST API works with any (or no) authentication extensions.  There
> are parts of the REST API that only work when using the JDBC authentication
> extension, but this is not because of limitations in the REST API, it's
> because those features are only present in the JDBC authentication
> extension.  For example, connection history is only currently tracked in
> the JDBC extensions - none of the other authentication extensions record
> the history of connections anywhere, so trying to retrieve the connection
> history via the REST API without the JDBC extension would fail.  Similar
> things are true of functionality like user management and permissions -
> while the LDAP extension implements some of these features, it relies on
> you managing the LDAP directory outside of the Guacamole Client interface,
> and the JDBC extension is the only place where users and permissions are
> managed directly by Guacamole.
>
> Things like active sessions and logged in users should be available no
> matter what authentication extension(s) you are using.
>
> -Nick
>

So, looks like I misspoke a little - it looks like the JDBC module is the
only module that implements connection tracking at this point in time, so,
yes, doing this through the REST API would require use of the JDBC module.
This can be changed - active connection tracking could be added to the LDAP
module and any other authentication module, but JDBC is currently the only
implementation of it.

However, again, doing anything on the guacd level would require matching up
the UUID to something on the Guacamole client side, or trying to guess the
connection based on the parameters.  The fact that the LDAP module does not
implement active connection tracking also means that there's not really any
way to correlate the UUID from the guacd log file (or guacd internals) to
anything on the Guacamole Client side, which makes doing anything in guacd
less-than-useful.  Unless there's just something I'm missing, but that's my
understanding.

-Nick

Mime
View raw message