Hello all, I'm beginning to think we should look to moving away from using the old "user-mapping.xml" mechanism, and migrate toward some non-XML (JSON? YAML? both?) format with more modern guac features.
The "user-mapping.xml" mechanism has existed for almost as long as Guacamole itself, but suffers from some problems: 1) It's XML, and as such is a bit overly verbose. 2) It relies on unsalted MD5 for password storage, which is questionable at best. 3) It's not recommended for production use, aimed mainly at getting things running quickly for a proof-of-concept that will eventually be migrated to the database, etc. ... but this is only known anecdotally. Our documentation still demonstrates the use of "user-mapping.xml" as if it's the main way to configure things. 4) It's built off the SimpleAuthenticationProvider version of the extension API, which lacks support for the newer objects and cannot delegate authentication to something else. There have been a few cases where users have tried to combine "user-mapping.xml" with LDAP or similar, and have ran into problems as a result. I'd like for things to move in a direction where the default, built-in authentication mechanism is one which *can* be used in a production environment, with the use of that authentication mechanism actually being recommendable for cases not needing the complexity of a database or LDAP, and which is built upon a format which is more practical than XML. Thoughts? - Mike
