Hi Nick
Thanks so much for the quick reply.
Funny thing is that I tried deleting the password attribute from the
user_mapping file but that didn't work either.. Oh well. I could
actually live with no security on the connection, since this is running
within a secure environment. If I store the connections in the JDBC
module, would I still use the header-auth module? It turns out that this
would be pretty convenient for us since the authentication system we are
using already can easily send the REMOTE_USER header. At first glance I
don't quite see how to use the JDBC module, but I will look into it some
more.
Thanks again
Howard
On 5/7/20 4:39 PM, Nick Couchman wrote:
On Thu, May 7, 2020 at 4:11 PM Lander, Howard Michael
<[email protected] <mailto:[email protected]>> wrote:
Hi Nick
Thanks for the reply. I've been playing around with the
header-auth module and I can login to guacamole using the
REMOTE_USER header. So that part is working great. But I use a
user-mapping.xml file that looks like this:
<user-mapping>
<!-- Example user configurations are given below. For more
information,
see the user-mapping.xml section of the Guacamole
configuration
documentation:
http://guac-dev.org/Configuring%20Guacamole -->
<!-- Per-user authentication and config information -->
<authorize username="fakename" password="fakepassword">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">fakepassword</param>
</authorize>
</user-mapping>
and the upshot of this is when the user logged in, they were taken
immediately to the VNC service. That's not happening any more.
Instead I get a screen like the following. I couldn't find
anything about this in the header-auth documentation. Any
suggestions or ideas?
Yes, the basic user-mapping.xml authentication extension does not
usually work with the other authentication extensions. It's intended
to be a very basic extension for testing your installation. It
*might* work, but at least one of the isues is that, in your
user-mapping.xml file above you have a "password" specified for the
"fakename" user - and the Header authentication extension will never
pass through this password (or any password, for that matter), so the
user won't be authenticated to the user-mapping.xml extension. If you
put an entry in with no password then you lack any security on that
connection.
You probably want to consider setting up the JDBC module to store your
connections...
-Nick
--
Howard Lander <mailto:[email protected]>
Senior Research Software Developer
Renaissance Computing Institute (RENCI) <http://www.renci.org>
The University of North Carolina at Chapel Hill
100 Europa Drive
Suite 540
Chapel Hill, NC 27517
919-445-9651
