guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Menadue <ben.mena...@nci.org.au>
Subject Disable database authentication but keep connection info there
Date Fri, 18 Jan 2019 04:16:15 GMT
Hi,

I have Guacamole set up for LDAP authentication with Postgres storing connection info. To
do this, I need equivalent user entities in the database, with usernames matching LDAP. That’s
working fine. However, I can’t work out how to stop it also attempting to authenticate against
the database users.

For example, suppose I have an LDAP user “ben” with password “abc123” and a database
user “ben" with password “def456” (the schema appears to require a password to be set).
I can then login as “ben” using either of the passwords!!

How do I make it _only_ try to authenticate users against the LDAP directory, and ignore whatever
password is in the database? The best I’ve been able to come up with so far is to set a
random password in the database, which is still a significant security hole.

Thanks,
Ben


Mime
View raw message