I just thought.. If it's only possible to do this with a system saving the cleartext password.. why not keep this only in guacamole?
A working system could be like this: a selectable field that defines that the password for the user is stored. This password should then be stored for all connections (which have the field "shared password" activated) of the user on the guacamole server until it is wrong and then overwritten with the new password that the user enters. this would be very easy to implement for the admin as there is no additional configuration. and it would also only keep the password in cleartext ont he guacamole system which in my case is the only system, that needs a cleartext password.
