Hi, I'm new to guacamole, so please bear with me...
I am trying to set it up for a multi-user site where each user can have their own VNC desktop. I would like to do authentication via PAM. I have guacamole-auth-pam working (https://github.com/voegelas/guacamole-auth-pam). And I see that by adding entries to /etc/guacamole/unix-user-mapping.xml, I can connect a user with an existing VNC connection. So far, so good. Next, what I want to do is: - when a user logs in to Guacamole, if they already have a VNC server, use that. - if they don't, then create a new VNC server (ie, run "vncserver" to create the VNC server; remember its address), and *somehow* tell guacamole to use that new connection. It looks like I can do this with an Event listener. But this feels like a super-obvious thing to want to do, so I'm surprised it isn't already supported out of the box....?? Or with an existing extension? Anyway, once I've got my Event listener listening for successful PAM logins, I can go off and find/create the VNC server, but then I need to tell guacamole about it. I was *hoping* to do this by using the Database auth system, but my quick test suggests that this won't work. (That is, when the PAM authenticator doesn't find anything, it doesn't seem to fall back to looking for a connection in the Database extension.) I was hoping to do *auth* with the PAM extension, but connection lookup using the Database extension. In the manual, it seems to be suggested that LDAP + Database can be made to work in this way. Is this not the case for PAM + Database? An alternative seems to be to update the /etc/guacamole/unix-user-mapping.xml file, which the PAM authenticator is supposed to re-read when it is updated, but then I need to completely re-write that file on each user login, which means I have to find and report all existing VNC sessions all the time, or keep my own stinkin' database... yuck! I would very much appreciate any guidance. Thanks! --dustin
