guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brian mullan <bmullan.m...@gmail.com>
Subject Are there or could there be more Parameter Tokens than are in the Documentation?
Date Sat, 02 Feb 2019 00:15:35 GMT
In Chapter 5 are listed 6 Parameter Tokens.

By chance are there more?

If not could there be?

The reason I am asking is that I found a very useful Guacamole Auth
Extension
for Linux PAM:

https://github.com/voegelas/guacamole-auth-pam

But to utilize this his GitHub README describes creating a
/etc/guacamole/unix-user-mapping.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<unix-user-mapping serviceName="guacamole">
    <config name="RDP Connection" protocol="rdp">
        <param name="hostname" value="client.example.com" />
        <param name="username" value="${GUAC_USERNAME}" />
        <param name="password" value="${GUAC_PASSWORD}" />
        <param name="domain" value="EXAMPLE" />
        <param name="security" value="nla" />
        <param name="server-layout" value="en-us-qwerty" />
    </config>

    <config name="VNC Connection" protocol="vnc">
        <param name="hostname" value="localhost" />
        <param name="port" value="5901" />
        <param name="password" value="secret" />
    </config>

    <user name="andreas">
        <config-ref name="RDP Connection" />
        <config-ref name="VNC Connection" />
    </user>

    <group name="users">
        <config-ref name="RDP Connection" />
    </group>
</unix-user-mapping>

Note this /etc/guacamole/unix-user-mapping.xml make use of two
of the existing Parameter Tokens:

>
> ${GUAC_USERNAME}
> ${GUAC_PASSWORD}


If there existed PARAMETER TOKENS for:
hostname "value"
security "value"
connection "protocol"
etc

then you could configure Guacamole Connections have 1 *generic*
*/etc/guacamole/unix-user-mapping.xml* file where all connections are
processed and users validated against the linux PAM to authenticate the
Guacamole Users for an automatic login?

This would seem to work especially well if you combined it with the Google
Authenticator TOTP on the front-end of Guacamole login?

example:

<?xml version="1.0" encoding="UTF-8"?>
<unix-user-mapping serviceName="guacamole">
    <config name="RDP Connection" protocol="${GUAC_PROTOCOL}">
        <param name="hostname" value="${GUAC_CONNECTION_NAME}" />
        <param name="username" value="${GUAC_USERNAME}" />
        <param name="password" value="${GUAC_PASSWORD}" />
        <param name="domain" value="$GUAC_DOMAIN}" />
        <param name="security" value="$GUAC_RDP_SECURITY}" />
        <param name="server-layout" value="$GUAC_SERVER_LAYOUT}" />
    </config>

    <config name="VNC Connection" protocol="${GUAC_PROTOCOL}">
        <param name="hostname" value="$GUAC_CONNECITON_NAME}" />
        <param name="port" value="5901" />
        <param name="password" value="${GUAC_VNC_SECRET}" />
    </config>

    <user name="andreas">
        <config-ref name="RDP Connection" />
        <config-ref name="VNC Connection" />
    </user>

    <group name="users">
        <config-ref name="RDP Connection" />
    </group>
</unix-user-mapping>

Mime
View raw message