Return-Path: <user-return-578-archive-asf-public=cust-asf.ponee.io@guacamole.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 8E1CE200BAA
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 27 Oct 2016 20:40:49 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 8CB39160AE6; Thu, 27 Oct 2016 18:40:49 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id ABC73160AF6
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 27 Oct 2016 20:40:48 +0200 (CEST)
Received: (qmail 44448 invoked by uid 500); 27 Oct 2016 18:40:47 -0000
Mailing-List: contact user-help@guacamole.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@guacamole.incubator.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@guacamole.incubator.apache.org>
List-Post: <mailto:user@guacamole.incubator.apache.org>
List-Id: <user.guacamole.incubator.apache.org>
Reply-To: user@guacamole.incubator.apache.org
Delivered-To: mailing list user@guacamole.incubator.apache.org
Received: (qmail 44438 invoked by uid 99); 27 Oct 2016 18:40:47 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Oct 2016 18:40:47 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 84A85C0ABA
	for <user@guacamole.apache.org>; Thu, 27 Oct 2016 18:40:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.629
X-Spam-Level: **
X-Spam-Status: No, score=2.629 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id HWg8qZDp0e6h for <user@guacamole.apache.org>;
	Thu, 27 Oct 2016 18:40:44 +0000 (UTC)
Received: from mail-qk0-f177.google.com (mail-qk0-f177.google.com [209.85.220.177])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D26665FBF7
	for <user@guacamole.incubator.apache.org>; Thu, 27 Oct 2016 18:40:43 +0000 (UTC)
Received: by mail-qk0-f177.google.com with SMTP id v138so3406742qka.0
        for <user@guacamole.incubator.apache.org>; Thu, 27 Oct 2016 11:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=db7pelsELN9XfMDK1vLEn95ypgcDPAqoOKRJuwL6R4A=;
        b=SZDrW5r4uYIQ7g384W3aYCZ/xhiq4S5FrGs8LrEjzTEgNV/IcwqrqoI+fIrCJhFoPr
         7RcMpDTBvkpSKI1ljeXDDIF5DnE5G9hVgm2DFaODvLk6cugzuKKmiw3VTbpCKyuhClw3
         f3df8NdRhfPBQirIgo7vgyryUPpIGXX4/T/+K93BAYmcJjEJhuaouG4RotsgClceIw95
         OiIaiBRvYltjPL3WlbXGP0YJT6zUXd+caEjEtLOcz61O1BamjW6Dy+eyABci5JVTzJ/F
         ur37pqIvmuIBn/AGzbzTx1acrfT7eZlZrm+hqcvQkPb5QQ7Xu3K7Pw1tFYJ2CUNbiS3e
         M6Tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=db7pelsELN9XfMDK1vLEn95ypgcDPAqoOKRJuwL6R4A=;
        b=AUt86LIVOPdeavdqVzFD/RojbksC2dP2y4Ar6e0EBmDBmVcgVNMqNRTeEjtTItZx+K
         ZuhxN1E/J6kgQg2UvdDHs8myLU9cu52HKE0EPCK0K2Iai1hvSCX86IBRW07yUw9xDMQ2
         eCzN1s9H0s4/Rv56gTIW2EWAgmbxlFWX+nKYGz/ke3c3IqGgamb3zW44wT0ARbMp9tE9
         a5j/DqiXNIQdTQIX+Zv7hXjPeRDboPxcaByaBfpu/aOPvO+cYLa8OfKygd0DzEumqbxw
         Hi3C4h4izh99CfuhXuFoP8o8H5nNe/nuRfxYAaDcMnA0bnrbFuF5nMbzRmITV/Q/d44+
         YUKw==
X-Gm-Message-State: ABUngvcy33EvXsQIKymXaIwTWxY+oBxAC5tbnzODmSylOh0aupvoAxmIE6SqMEwE3n94vBnmVn+y6YtKZpI6cA==
X-Received: by 10.55.106.131 with SMTP id f125mr7151249qkc.254.1477593639679;
 Thu, 27 Oct 2016 11:40:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.165.4 with HTTP; Thu, 27 Oct 2016 11:40:39 -0700 (PDT)
In-Reply-To: <OFA6EF6BBA.B4C67F8D-ON85258059.0060C01B-85258059.006160F1@simard.ca>
References: <OFA6EF6BBA.B4C67F8D-ON85258059.0060C01B-85258059.006160F1@simard.ca>
From: Joao Alexandre <jalexandre1964@gmail.com>
Date: Thu, 27 Oct 2016 19:40:39 +0100
Message-ID: <CAAt0rnHRXro8kVobp36EtdKSDc=6Q+mrEsZ+d24is8mdMbvg-g@mail.gmail.com>
Subject: Re: TFA
To: user@guacamole.incubator.apache.org
Content-Type: multipart/alternative; boundary=001a114fe75804066d053fdd14bf
archived-at: Thu, 27 Oct 2016 18:40:49 -0000

--001a114fe75804066d053fdd14bf
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Daniel,

Instead of Nginx, I've used Apache SSL with Google Authenticator and Apache
moth-authn-otp

Take a look at:

pierrejean.wp.mines-telecom.fr/2016/01/14/authentification-one-time-passwor=
d/
github.com/archiecobbs/mod-authn-otp/wiki/Configuration

Hope it helps.

Regards,

Jo=C3=A3o

On Thu, Oct 27, 2016 at 6:43 PM, <DMoscovitch@simard.ca> wrote:

> Well, I'm still looking for an easy way to get TFA or some form of "googl=
e
> authenticator" type access for the system. Right now I have guacamole
> behind nginx on https only.
>
> I found this, and atleast menu wise, it's what I would love to see inside
> the default guacamole Admin screen.
> Screen shots can be seen at the Arno0x/TwoFactorAuth project at github. I=
t
> has a nice simple user management screen.
> https://github.com/Arno0x/TwoFactorAuth
>
> Has anyone setup anything similar to this on their system? If so, details
> or direction would be nice.
> I'd even live with registering people manually from ssh and a google url
> to a phone, but the nicer the better .
>
>
> daniel
>

--001a114fe75804066d053fdd14bf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div>Hi Daniel,<br><br></div>Instead o=
f Nginx, I&#39;ve used Apache SSL with Google Authenticator and Apache moth=
-authn-otp<br><br></div>Take a look at:<br><br><a href=3D"http://pierrejean=
.wp.mines-telecom.fr/2016/01/14/authentification-one-time-password/">pierre=
jean.wp.mines-telecom.fr/2016/01/14/authentification-one-time-password/</a>=
<br><a href=3D"http://github.com/archiecobbs/mod-authn-otp/wiki/Configurati=
on">github.com/archiecobbs/mod-authn-otp/wiki/Configuration</a><br><br></di=
v>Hope it helps.<br><br></div>Regards,<br><br></div>Jo=C3=A3o<br><div><div>=
<div><div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Thu,=
 Oct 27, 2016 at 6:43 PM,  <span dir=3D"ltr">&lt;<a href=3D"mailto:DMoscovi=
tch@simard.ca" target=3D"_blank">DMoscovitch@simard.ca</a>&gt;</span> wrote=
:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex"><font size=3D"2" fac=
e=3D"sans-serif">Well, I&#39;m still looking for an easy way
to get TFA or some form of &quot;google authenticator&quot; type access
for the system. Right now I have guacamole behind nginx on https only.</fon=
t>
<br>
<br><font size=3D"2" face=3D"sans-serif">I found this, and atleast menu wis=
e,
it&#39;s what I would love to see inside the default guacamole Admin screen=
.</font>
<br><font size=3D"2" face=3D"sans-serif">Screen shots can be seen at the Ar=
no0x/TwoFactorAuth
project at github. It has a nice simple user management screen.</font>
<br><a href=3D"https://github.com/Arno0x/TwoFactorAuth" target=3D"_blank"><=
font color=3D"blue" size=3D"2" face=3D"sans-serif">https://github.com/Arno0=
x/<wbr>TwoFactorAuth</font></a>
<br>
<br><font size=3D"2" face=3D"sans-serif">Has anyone setup anything similar =
to
this on their system? If so, details or direction would be nice.</font>
<br><font size=3D"2" face=3D"sans-serif">I&#39;d even live with registering=
 people
manually from ssh and a google url to a phone, but the nicer the better
.</font>
<br>
<br>
<br><font size=3D"2" face=3D"sans-serif">daniel</font>
<br></blockquote></div><br></div></div></div></div></div></div>

--001a114fe75804066d053fdd14bf--