[jira] [Commented] (GUACAMOLE-1428) Allow connection authentication prompt responses to be temporarily saved

Sun, 27 Feb 2022 16:25:07 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498671#comment-17498671
 ] 

Nick Couchman commented on GUACAMOLE-1428:
------------------------------------------

[~guactester]: Well, I think that would be possible; however, I'm not sure it's 
any easier than any of the other options. To be secure you'd want said device 
to exist only on the client-side (the browser), and that means supporting USB 
device pass-through from the browser to the end Windows system, which is going 
to take some doing, and that's already covered in GUACAMOLE-522.

> Allow connection authentication prompt responses to be temporarily saved
> ------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1428
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1428
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole
>    Affects Versions: 1.3.0
>            Reporter: guacamole tester
>            Priority: Minor
>
> Currently I'm using Guacamole with OIDC-SSO. so I don't have the 
> "${GUAC_PASSWORD}"-Variable at hand.
>  
> The only Option to give the user a true SSO-experience is to integrate an 
> external System which can provide the cleartext-password. I don't like this 
> idea..
> So if it's only possible to do this with a system saving the cleartext 
> password.. why not keep this only in guacamole?
>  
> A working system could be like this:
> when there is no pre-configured Password provide a selectable field that 
> defines that the password for the user is stored. This password should then 
> be stored for all connections (which have the field "shared password" 
> activated) of the user on the guacamole server until it is wrong and then 
> overwritten with the new password that the user enters.
>  
> this would be very easy to implement for the admin as there is no additional 
> configuration. and it would also only keep the password in cleartext ont he 
> guacamole system which in my case is the only system, that needs a cleartext 
> password.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to