[
https://issues.apache.org/jira/browse/GUACAMOLE-2130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper updated GUACAMOLE-2130:
-----------------------------------
Component/s: Documentation
> Support for Linked Records in KSM
> ---------------------------------
>
> Key: GUACAMOLE-2130
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2130
> Project: Guacamole
> Issue Type: Improvement
> Components: Documentation, guacamole-vault-ksm
> Reporter: Stephen Schiffli
> Priority: Major
>
> KeeperPAM's [linked
> records|https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/record-linking]
> are not currently compatible with the guacamole KSM integration. As of the
> release of KeeperPAM, new records types for "PAM Machine", "PAM Directory",
> and "PAM Database" can link to other records in the following ways:
> # Admin Credential - the credential used to perform admin operations OR to
> launch sessions.
> # Launch Credential - the credential used to launch sessions.
>
> To support these new linked records, we propose adding some new "[CRITERIA]"
> names to be automatically injected.
> 1. SERVER_ADMIN - Identical to SERVER but explicitly uses "admin" credentials.
> 2. SERVER_LAUNCH - Identical to SERVER but explicitly uses "launch"
> credentials.
> 3. GATEWAY_ADMIN - Identical to GATEWAY but explicitly uses "admin"
> credentials.
> 4. GATEWAY_LAUNCH - Identical to GATEWAY but explicitly uses "launch"
> credentials.
> Additionally, for compatibility and to ensure things work regardless of
> whether the customer has a PAM license, the default behavior of the
> established "SERVER" and "GATEWAY" criteria should be to pull the "admin"
> credentials where available.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
