tkuhlengel opened a new pull request, #1117:
URL: https://github.com/apache/guacamole-client/pull/1117
# Summary
In my company's business use case for Guacamole, for security and auditing
purposes, we need to be able to ensure that any idle user is disconnected and
logged off within a set period of time of idleness.
In an *ideal* version of such a system, we would do the following.
1. Check if the user has interacted with the connection in the last X
minutes, or if an active SFTP transfer is happening on the connection.
2. If not, terminate the user connection after X minutes of inactivity.
3. If they remain idle, the Guacamole idle timer will log them out after the
pre-configured login idle timeout.
This requires a lot of conditionals and would be more difficult to implement
and maintain in an ongoing project like Guacamole.
A *more practical*, yet sufficient, version is:
1. The Administrator sets a maximum duration for any connection, specified
in minutes.
2. Any connection that exceeds that duration, regardless of activity, is
terminated while the user remains logged in. They are free to reconnect if the
user is still active.
3. The login idle timeout starts when the connection ends.
This second option meets our business needs, and we would like to share it
with others.
# Features
* Add parameter `connection-timeout` in `guacamole.properties`,
disconnecting users after `connection-timeout` minutes. Defaults to 0,
disabling the feature.
* Implement the connection timeout using a Map that stores the creation time
of the connection.
* Integrate the connection timeout check into the existing idle timeout
function.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
