On Mon, Jan 15, 2024 at 11:55 AM Sylvain GUIBERT < sylvain.guib...@siflorence.com> wrote:
> Hi all ! > > I'am using Aapche-Guacamole since 1 years now to remote control devices > RDP / VNC and SSH. > For VNC and SSH, it works great. > > For RDP we recently encoutered a issue when we tryied to force KErberos > authentication instead of NTLM. Kerberos authentication is available for > freerdp since version 2.x but not compiled by default. I made some tests / "hack" to tried to get Kerberos under Apache-Gacamole : > > David replied, already, pointing out that FreeRDP 2.x wasn't really complete/stable with respect to Kerberos, and I'll just add that Guacamole does not support FreeRDP 3.x at the moment. > Tried to use the guacamole.properties files to configure kerberos > authentication realm > Two issues, here: * guacamole.properties is only for Guacamole Client, not for guacd. * I do not know of any options for guacamole.properties that would apply to Kerberos authentication. > Tried to add the guacamole machine to a domain to be able to get Kerberos > Ticket > Yes, I suspect this would be required. > Compilation of freerdp from source with kerberos supports and install > Apache-Gucamole with the compiled libraires : Ko :( > > I would like to get this functionnality avalaible but i don't know how to > do. What is the right way to add it ? Is it possible ? > > I suspect that some changes will need to be made to Guacamole in order to make this work: * Support for FreeRDP 3.x, which contains more stable/complete Kerberos support. * Support for Kerberos authentication in Guacamole Client, allowing users to log in seamlessly from browser to Guacamole with Kerberos. * Ability to pass the Kerberos ticket used for authentication in Guacamole Client on to guacd for RDP authentication. All completely do-able, just some required time/effort to accomplish it :-). -Nick
