@@ -102,7 +102,7 @@ question should be able to access.
102102 ZENCdmJtVWdjMlZsYlhNZ2RHOGdZbVV1IiwKICAiYXBwS2V5IjogIlYyVnNZMjl0WlNFZ1JXNXFi
103103 M2tnUVhCaFkyaGxJRWQxWVdOaGJXOXNaU0U9IiwKICAiaG9zdG5hbWUiOiAia2VlcGVyc2VjdXJp
104104 dHkuY29tIiwKICAic2VydmVyUHVibGljS2V5SWQiOiAiMTAiCn0K
105- $
105+ $
106106 ```
107107
108108(guac-vault-config)=
@@ -163,7 +163,7 @@ administrator always has ultimate control over the behavior of a connection:
163163 connection group is used to reattempt retrieving the secret.
164164
1651653. **User-specific vault:** If a particular secret is not available within
166- any other administator -controlled vault, the connection in question has
166+ any other administrator -controlled vault, the connection in question has
167167 been configured to allow user-specific vault use, and the current user has
168168 configured such a vault, that vault will be used to reattempt retrieving the
169169 secret.
@@ -244,12 +244,31 @@ The following `CRITERIA` names are supported:
244244 the `hostname` parameter of the connection. If the record has no "login" field,
245245 a "text" or "password" custom field will be used if the label of that field
246246 contains the word "hostname", "address", or "IP address" (case-insensitive,
247- ignoring any spaces between "IP" and "address").
247+ ignoring any spaces between "IP" and "address"). If the record is a KeeperPAM
248+ resource with linked credentials, it will use the linked administrative credentials.
249+
250+ `SERVER_ADMIN`
251+ : The administrative credentials record linked from a KeeperPAM resource record
252+ whose "Hostname or IP Address" field contains a hostname that matches the
253+ value of the `hostname` parameter of the connection.
254+
255+ `SERVER_LAUNCH`
256+ : The launch credentials record linked from a KeeperPAM resource record
257+ whose "Hostname or IP Address" field contains a hostname that matches the
258+ value of the `hostname` parameter of the connection.
248259
249260`GATEWAY`
250261: Identical to `SERVER`, except that the value of the `gateway-hostname`
251262 parameter is used. This is only applicable to RDP connections.
252263
264+ `GATEWAY_ADMIN`
265+ : Identical to `SERVER_ADMIN`, except that the value of the `gateway-hostname`
266+ parameter is used. This is only applicable to RDP connections.
267+
268+ `GATEWAY_LAUNCH`
269+ : Identical to `SERVER_LAUNCH`, except that the value of the `gateway-hostname`
270+ parameter is used. This is only applicable to RDP connections.
271+
253272`GATEWAY_USER`
254273: Identical to `USER`, except that the value of the `gateway-username`
255274 parameter is used. This is only applicable to RDP connections.
0 commit comments