On Thu, May 7, 2020 at 4:11 PM Lander, Howard Michael <[email protected]> wrote:
> Hi Nick > > Thanks for the reply. I've been playing around with the header-auth > module and I can login to guacamole using the REMOTE_USER header. So that > part is working great. But I use a user-mapping.xml file that looks like > this: > > <user-mapping> > > <!-- Example user configurations are given below. For more information, > see the user-mapping.xml section of the Guacamole configuration > documentation: http://guac-dev.org/Configuring%20Guacamole --> > > <!-- Per-user authentication and config information --> > <authorize username="fakename" password="fakepassword"> > <protocol>vnc</protocol> > <param name="hostname">localhost</param> > <param name="port">5901</param> > <param name="password">fakepassword</param> > </authorize> > </user-mapping> > > and the upshot of this is when the user logged in, they were taken > immediately to the VNC service. That's not happening any more. Instead I > get a screen like the following. I couldn't find anything about this in the > header-auth documentation. Any suggestions or ideas? > > Yes, the basic user-mapping.xml authentication extension does not usually work with the other authentication extensions. It's intended to be a very basic extension for testing your installation. It *might* work, but at least one of the isues is that, in your user-mapping.xml file above you have a "password" specified for the "fakename" user - and the Header authentication extension will never pass through this password (or any password, for that matter), so the user won't be authenticated to the user-mapping.xml extension. If you put an entry in with no password then you lack any security on that connection. You probably want to consider setting up the JDBC module to store your connections... -Nick >
