guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Storey <daniel.sto...@rededucation.com>
Subject Re: Using Public/Private key based authenication with LDAP
Date Thu, 15 Nov 2018 12:12:33 GMT
Thanks, Nick!

Cheers,

Daniel Storey


From: Nick Couchman <vnick@apache.org>
Reply-To: "user@guacamole.apache.org" <user@guacamole.apache.org>
Date: Thursday, 15 November 2018 at 10:41 pm
To: "user@guacamole.apache.org" <user@guacamole.apache.org>
Subject: Re: Using Public/Private key based authenication with LDAP

On Thu, Nov 15, 2018 at 5:33 AM Daniel Storey <daniel.storey@rededucation.com<mailto:daniel.storey@rededucation.com>>
wrote:

Hi Guys,



I'm wondering if I can set up ssh key authentication by storing the private keys in LDAP for
guacamole? With a parameter type of guacConfigParameter, what keyword would I use to describe
it?

Yes, you can do this, though I'd caution you to be very careful and make sure that the permissions
on the objects in your LDAP directory that have the private keys are very locked down.  Basically
only the users who are going to run the connection should have any access to that Guacamole
connection object.




Here's an excerpt from the LDIF file I'm using to create the object inside the LDAP directory:



guacConfigParameter: hostname=172.30.7.117

guacConfigParameter: port=22

guacConfigParameter: username=admin

guacConfigProtocol: ssh


See:
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#ssh

Basically, any of the parameters on that page can be put into the configuration, so you can
use the "private-key" parameter as well as the "passphrase" parameter (if required).

-Nick
Mime
View raw message