guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Couchman (JIRA)" <>
Subject [jira] [Commented] (GUACAMOLE-272) Alternative to Duo
Date Tue, 06 Jun 2017 13:34:18 GMT


Nick Couchman commented on GUACAMOLE-272:

So, my gut feeling here is that we could do a native 2FA authentication system, but I'd suggest
*not* an e-mail- (or SMS-) based one.  I would be more tempted to go with something like Google
Authenticator with a rotating token.  If you really want to do 2FA with e-mail or SMS, there's
a RADIUS extension that should be available, soon, and you can use that plus RADIUS plus your
favorite OTP implementation (LinOTP, OpenOTP) to do the e-mail or SMS-based authentication.

There are a couple of Java libraries available for generating OTPs, we would just need to
figure out the best place to implement it (bolt on to JDBC modules, separate module, etc.)
and do the work.  If you have any experience coding Java and want to jump in and help, we
welcome the contributions!

> Alternative to Duo
> ------------------
>                 Key: GUACAMOLE-272
>                 URL:
>             Project: Guacamole
>          Issue Type: Improvement
>            Reporter: Chris Wheeler
> I love the fact that you support 2 factor authentication, but I am disappointed it costs
money when you have more than 10 users. I would like to propose that you implement a simple
native 2FA option. All you would need to do is add a configurable email field for each user,
and configurable SMTP settings. When the user logs in, it would prompt for a pin, then send
that pin to their email address.

This message was sent by Atlassian JIRA

View raw message