[jira] [Commented] (GUACAMOLE-272) Add 2FA Support to JDBC Authentication

Mon, 25 Sep 2017 19:56:47 -0700 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16180128#comment-16180128
 ] 

Nick Couchman commented on GUACAMOLE-272:
-----------------------------------------

{quote}
I have some ideas in that regard. I was thinking of taking up the TOTP / Google 
Authenticator work in the near future, and was looking into possible ways that 
would integrate with existing things like the JDBC auth. I think it should be 
possible, through minor changes to the extension API, to allow extensions to 
augment/decorate the objects returned by other extensions, or to voluntarily 
store and retrieve custom attributes added by other extensions.
{quote}

Okay, sounds good.  I was thinking that, based on the current layout of the 
authentication extensions, JDBC is the place that makes the most sense for 
this, since it's really the only one that's "integrated" with Guacamole - the 
rest of them, even LDAP, it seems to me, rely on the authentication happening 
outside of Guacamole and then the result of that being passed back.  So, while 
other extensions might do some sort of challenge-response in talking to the 
server, it seems like the JDBC one is where it makes the most sense to add 
another table, field, user property, etc., for a TOTP/2FA token.

That was my thought process in changing the title/direction of this JIRA 
issue...

> Add 2FA Support to JDBC Authentication
> --------------------------------------
>
>                 Key: GUACAMOLE-272
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-272
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-jdbc
>    Affects Versions: 0.9.13-incubating
>            Reporter: Chris Wheeler
>            Priority: Minor
>
> I love the fact that you support 2 factor authentication, but I am 
> disappointed it costs money when you have more than 10 users. I would like to 
> propose that you implement a simple native 2FA option. All you would need to 
> do is add a configurable email field for each user, and configurable SMTP 
> settings. When the user logs in, it would prompt for a pin, then send that 
> pin to their email address.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to