On Thu, Jul 12, 2018, 01:07 smoke <nik...@wikieye.com> wrote: > Hello! > > I am a little put off by the unhashed password in ldap-search-bind-password > (guacamole.properties). Is there a way to use the hash instead of the > visible pass? The same thing goes for the postgresql-password. >
No - they're not that kind of password. Hashing only makes sense for passwords which will be verified by Guacamole - passwords which Guacamole does not need to know verbatim. In this case, those passwords must be sent by Guacamole to the LDAP or PostgreSQL server to authenticate, thus it must have the actual raw password, not a hash. Your best option is to set filesystem permissions appropriately such that only Guacamole can read guacamole.properties. - Mike
