On Fri, Feb 1, 2019 at 8:07 PM brian mullan <bmullan.m...@gmail.com> wrote:
> Thanks Nick > > In regards to pam & using the guac parameters... I'd never actually > looked into /etc/pam.d before a couple days ago. > > There are alot of app entries there. > > For instance... XRDP ? > Yes, if you have XRDP installed, it would be an app in there. To be clear, though, in the case where you're using PAM to authenticate Guacamole, Guacamole would also be an app in there - that is, the authentication module is going to go look for the /etc/pam.d/guacamole entry and step through the various PAM modules specified in that file to determine authentication. If it succeeds, the items that constitute a successful authentication - username and password, for example - would then be available as parameter tokens. It may also be possible to read back information into tokens that PAM makes available to the authentication extension. Looking at the libpam4j library, the UnixUser object has methods that return the following information: - Home Directory - Gecos - GID - Groups - Shell - UID - Username Beyond that, I'm not sure what you'd be able to retrieve from PAM to use as a token in the Guacamole configuration. > > But you are right that maybe asking someone smart on pam intent would be a > good idea. > > I'm basically a Luddite in that area. > > Overall tho I thought the general idea was simple and to me simpker is > good 😊 > > Yes, I think it's great - would be really cool if the author would submit a PR to have it added to the main code in the project, but that's completely up to them. PAM is very powerful, to be sure. -Nick
