On Sat, Mar 2, 2019 at 3:50 PM Robert Dinse <[email protected]> wrote:
> > If there were an NIS / Unix / Pam authentication module then I'd use > that but I am unwilling to have to have users register yet another password > and I can't get their existing passwords since they are encrypted. And > since all the servers they are going to are already accessible via ssh and > x2go an additional layer of authentication does nothing but inconvenience > the customer. Since it does pass through the real IP in the header, I > should > be able to write fail2ban rules to cover brute force password guessing. > > I think someone posted a link a while back to a PAM authentication module for Guacamole, so that might be an option. I'm guessing the servers they log into are not configured to authenticate with LDAP? -Nick
