Stephen Schiffli created GUACAMOLE-2130:
-------------------------------------------
Summary: Support for Linked Records in KSM
Key: GUACAMOLE-2130
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2130
Project: Guacamole
Issue Type: Improvement
Components: guacamole-vault-ksm
Reporter: Stephen Schiffli
KeeperPAM's [linked
records|https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/record-linking]
are not currently compatible with the guacamole KSM integration. As of the
release of KeeperPAM, new records types for "PAM Machine", "PAM Directory", and
"PAM Database" can link to other records in the following ways:
# Admin Credential - the credential used to perform admin operations OR to
launch sessions.
# Launch Credential - the credential used to launch sessions.
To support these new linked records, we propose adding some new "[CRITERIA]"
names to be automatically injected.
1. SERVER_ADMIN - Identical to SERVER but explicitly uses "admin" credentials.
2. SERVER_LAUNCH - Identical to SERVER but explicitly uses "launch" credentials.
3. GATEWAY_ADMIN - Identical to GATEWAY but explicitly uses "admin" credentials.
4. GATEWAY_LAUNCH - Identical to GATEWAY but explicitly uses "launch"
credentials.
Additionally, for compatibility and to ensure things work regardless of whether
the customer has a PAM license, the default behavior of the established
"SERVER" and "GATEWAY" criteria should be to pull the "admin" credentials where
available.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
