OS: CentOS/RHEL 8.x Guac 1.1.0 Regarding extensions, there are a few things I want to clear up and make sure I understand.
I see the extensions as basically being in 2 categories: Primary authentication and Secondary auth. Ex: LDAP would be a primary auth method as it can, itself*, be used. On the other hand, TOTP cannot be used alone and must be combined with something like database/ldap, etc. To clarify my intent, I will always use a mariaDB (JDBC mysql) for storing user meta data regardless of primary auth used. IE: its possible I may use just mariaDB, its possible I might use mariaDB with LDAP such that LDAP handles users/auth and mariaDB is just storing stuff. I am going to ignore user mapping via xml, header auth and quickconnect. So I see primary as: mariaDB and possibly one of the following: LDAP, RADIUS, CAS or OpenID. I then see secondary options as: none, DUO or TOTP. So... 1. Is there any reasonable setup in which case one may use mariadb with 2 or more primary auth extensions? Ex: mariaDB, LDAP & RADIUS. Next, my understanding is extensions are loaded in alphabetical order. The documentation touches on this here: https://guacamole.apache.org/doc/gug/radius-auth.html. Essentially saying renaming extensions may be needed for 1 to load before the other. However, it does not say what the proper ordering is. Maybe I missed this someplace else in the docs? 1. Should JDBC mysql be loaded before everything? IE: JDBC, then LDAP, then TOTP? Or should the primary auth like LDAP or RADIUS be renamed to load before JDBC? 2. Is there ever a reason to load the secondary auth (TOTP or DUO) before other extensions? Or should these always be the last extension loaded? I am going to guess its something like: JDBC -> Primary auth/ext -> Secondary auth/ext Would that be the right thinking? Thanks PS - I am asking for a script I am writing for installing Guac, so the methods of authentication will vary and I need to account for all possible/reasonable configurations (as well as I can) others may want. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
