guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: HTTP header auth with groups
Date Wed, 03 Apr 2019 13:07:51 GMT
On Wed, Apr 3, 2019 at 8:45 AM Will Payne <will@mugwump.net> wrote:

>
> I'm assuming groups should work with users authenticated via HTTP
> headers?
>
> If I put a user in a group and allow that group access to a connection,
> the user cannot see the connection.
>
> Is this a bug?
>

Not really a bug, no, but it is something we are looking at changing.  The
issue is described, here:

https://issues.apache.org/jira/browse/GUACAMOLE-696

Basically, the way it was (intentionally) implemented in 1.0.0, group
membership is *only* factored in from the module which logs the user in.
Since the header module does not actually process or support groups, users
logged in with the header module will not inherit any group membership or
permissions based on the groups.

This is slated to be addressed in 1.1.0 - I have a pull request out for it,
and hopefully the behavior will get a tweak to work a little more as people
seem to expect it to.

-Nick

Mime
View raw message