[ 
https://issues.apache.org/jira/browse/GUACAMOLE-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18078491#comment-18078491
 ] 

Nick Couchman commented on GUACAMOLE-2269:
------------------------------------------

[~clhedrick] Thanks for reporting this. Can you clarify a bit exactly what 
situations you're seeing where you're getting prompted for the password versus 
not? So, is it:
 * Running guacamole on RHEL 10 and connecting to RHEL 10?
 * Running guacamole on RHEL 10 and connecting to Ubuntu 24?
 * Running guacamole on Ubuntu 24 and connecting to RHEL 10?
 * Running guacamole on Ubuntu 24 and connecting to Ubuntu 24?

Just trying to make sure I understand where you're seeing the issue so that I 
can try to reproduce it.

Also, a couple of asks for you:
 * If you force the Security mode on the RDP connection to TLS, does it work as 
expected and give you the Linux login prompt? Or does it still prompt you from 
Guacamole?
 * In the cases where it fails, could you start gaucd in debug log mode (-L 
debug) and share the output, sanitized of anything sensitive?

> prompting for password on redhat 10.1 but not ubuntu 24.04
> ----------------------------------------------------------
>
>                 Key: GUACAMOLE-2269
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-2269
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 1.6.0
>            Reporter: Charles Hedrick
>            Priority: Minor
>
> I don't know whether this is a bug or not, but I thought you should know. 
> We've been using Guacamole for years on Ubuntu server, most recently 24.04. I 
> recently built it on Redhat 10.1, with Tomcat 10.1. It works fine, but 
> there's an odd different in behavior. (Using Tomcat 10.1 turns out not to be 
> an issue. Just copy the war file to .../webapps-javaee rather than webapps. 
> Tomcat converts it automatically.)
> We configure a lot of hosts to pass on the username, but leave the password 
> null. That's because we're using CAS, so we don't know the password. On 
> Ubuntu, it connects to the host, and we get a Linux login page. On Redhat 
> 10.1, Guacamole prompts for a password.
> The difference matters, because a bad password is much harder to recover from 
> when Guacamole prompts for the password and sends it to RDP.
> I actually copied the binaries from Ubuntu, and it didn't fix the problem, so 
> I assume it's a difference in library versions, perhaps freerdp2 vs freerdp3.
> In /usr/src/guacamole-server-1.6.0/src/protocols/rdp/rdp.c, 
> settings->password is NULL rather than "". I've patched it to turn NULL into 
> guac_strdup("") if the username is set.
> The reason I moved is that I need a copy of tomcat where the vendor patches 
> all the security bugs that our University's security scanner complains about. 
> I don't want to have to watch for notifications and manually update tomcat. 
> It doesn't look like any vendor is committed to maintaining tomcat 9 past 
> this May, even though the community is maintaining it until May 2027.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to