i36>
From: Dave Kempe
Sent: Friday, May 8, 2020 1:32:05 PM
To: spec...@rz.uni-frankfurt.de
Cc: user@guacamole.apache.org
Subject: Re: Want some Salsa with your guacamole?
On Fri, May 8, 2020, 9:25 PM Sven Specker
mailto:spec...@rz.uni-frankfurt.de>> wrote:
On
Your setu
On Fri, May 8, 2020, 9:25 PM Sven Specker
wrote:
> On
>
> Your setup with salsa:
>
> haproxy(auth)->guacamole-appserver(maybe cas/shib,mfa)->guacd
>
> So..3 factor authentication? /If/ you can pull that off with your users
> and force them to use different passwords and disable sso, yes. That
>
On 2020-05-08 13:07, Dave Kempe wrote:
You have it about right. You should run Salsa on seperate machine btw. We
connect them together with spiped.
This simply increases the barrier to entry by one more step. Like any
security control it's only part of the picture. Allowing direct access to
On Fri, May 8, 2020, 9:09 PM Sven Specker
wrote:
> Hi!
>
> > Or what am I missing?
>
> You could of course proxy to completely different guacamole instances
> (with different databases) by virtue of your username/group and that
> enables you to "route" access to networks of different security
On Fri, May 8, 2020 at 7:08 AM Dave Kempe wrote:
>
>
> On Fri, May 8, 2020, 8:52 PM Joachim Lindenberg
> wrote:
>
>> Hi Dave,
>>
>> I am trying to understand what it does and what it is good for. My take
>> is: the user has to authenticate first to salsa, with LDAP credentials,
>> which
Hi!
Or what am I missing?
You could of course proxy to completely different guacamole instances
(with different databases) by virtue of your username/group and that
enables you to "route" access to networks of different security levels
without having to resort to a VPN, effectively making
On Fri, May 8, 2020, 8:52 PM Joachim Lindenberg
wrote:
> Hi Dave,
>
> I am trying to understand what it does and what it is good for. My take
> is: the user has to authenticate first to salsa, with LDAP credentials,
> which whitelists the IP used, and then authenticate again to Guacamole,
>
you think the Guacamole login screen is less secure
then the one of Salsa?
Or what am I missing?
Thanks, Joachim
Von: Dave Kempe
Gesendet: Friday, 8 May 2020 12:12
An: user@guacamole.apache.org
Betreff: Want some Salsa with your guacamole?
Hey all,
Hopefully this is helpful to someone
Hey all,
Hopefully this is helpful to someone, but we have released our Haproxy
whitelisting tool, which helps with securing guacamole. We built it protect
the guacamole login screen behind an Haproxy ACL.
https://github.com/sol1/salsa
Salsa is a simple web interface which interacts with HAProxy