guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brian mullan <bmullan.m...@gmail.com>
Subject Re: Are there or could there be more Parameter Tokens than are in the Documentation?
Date Sat, 02 Feb 2019 02:26:29 GMT
If he's not monitoring the alias I'll let him know that some collaboration
might be beneficial.m

Brian

On Fri, Feb 1, 2019, 8:34 PM Nick Couchman <vnick@apache.org wrote:

> On Fri, Feb 1, 2019 at 8:07 PM brian mullan <bmullan.mail@gmail.com>
> wrote:
>
>> Thanks Nick
>>
>> In regards to pam & using the guac parameters...  I'd never actually
>> looked into /etc/pam.d before a couple days ago.
>>
>> There are alot of app entries there.
>>
>> For instance... XRDP ?
>>
>
> Yes, if you have XRDP installed, it would be an app in there. To be clear,
> though, in the case where you're using PAM to authenticate Guacamole,
> Guacamole would also be an app in there - that is, the authentication
> module is going to go look for the /etc/pam.d/guacamole entry and step
> through the various PAM modules specified in that file to determine
> authentication.  If it succeeds, the items that constitute a successful
> authentication - username and password, for example - would then be
> available as parameter tokens.  It may also be possible to read back
> information into tokens that PAM makes available to the authentication
> extension.  Looking at the libpam4j library, the UnixUser object has
> methods that return the following information:
> - Home Directory
> - Gecos
> - GID
> - Groups
> - Shell
> - UID
> - Username
>
> Beyond that, I'm not sure what you'd be able to retrieve from PAM to use
> as a token in the Guacamole configuration.
>
>
>>
>> But you are right that maybe asking someone smart on pam intent would be
>> a good idea.
>>
>> I'm basically a Luddite in that area.
>>
>> Overall tho I thought the general idea was simple and to me simpker is
>> good 😊
>>
>>
> Yes, I think it's great - would be really cool if the author would submit
> a PR to have it added to the main code in the project, but that's
> completely up to them.  PAM is very powerful, to be sure.
>
> -Nick
>

Mime
View raw message