Details
-
New Feature
-
Status: Closed
-
Trivial
-
Resolution: Done
-
None
-
None
Description
There are situations where it may be desirable to host a single Guacamole Client instance that provides services to users who are accessing the system via a direct Internet connection, and, at the same time, users who are logging in from "inside" a network - either at a dedicate an office, or through a VPN, where the MFA requirement has already been enforced.
I'm proposing adding options for the Duo and TOTP modules that allow for either bypassing the MFA requirement for users logging in via a list of hosts, or, alternatively, explicitly specifying the hosts from which logins would require MFA, and not requiring it from other hosts.
Pull request to come.