Hi Dave, I am trying to understand what it does and what it is good for. My take is: the user has to authenticate first to salsa, with LDAP credentials, which whitelists the IP used, and then authenticate again to Guacamole, likely using with LDAP credentials again?
Which causes me to ask: do you think the Guacamole login screen is less secure then the one of Salsa? Or what am I missing? Thanks, Joachim Von: Dave Kempe <[email protected]> Gesendet: Friday, 8 May 2020 12:12 An: [email protected] Betreff: Want some Salsa with your guacamole? Hey all, Hopefully this is helpful to someone, but we have released our Haproxy whitelisting tool, which helps with securing guacamole. We built it protect the guacamole login screen behind an Haproxy ACL. https://github.com/sol1/salsa Salsa is a simple web interface which interacts with HAProxy to grant and revoke access to backends via HAproxy's built in ACL feature. ACLs can be managed with a Salsa admin user. Groups can then be created with a list of ACLs to unlock to users. Users can be added and removed to multiple groups. Once a user successfully logs in, that user's IP address with be added to the ACL (whitelisted). We built it protect the guacamole login screen behind an Haproxy ACL. Feel free to follow up via github if need help or information, and I hope this helps someone. Keep up the great work Guacamole team! thanks Dave Kempe
