Sounds like you may need to do something similar to what Mike Jumper recommended for me.
https://lists.apache.org/x/thread.html/rfe1fd6c610da35d77c18307e4c19c483170fd5d38e0d8201769fd17d@%3Cuser.guacamole.apache.org%3E On Fri, Oct 8, 2021 at 12:38 PM Dustin Lang <[email protected]> wrote: > Hi, > > I'm new to guacamole, so please bear with me... > > I am trying to set it up for a multi-user site where each user can have > their own VNC desktop. I would like to do authentication via PAM. I have > guacamole-auth-pam working (https://github.com/voegelas/guacamole-auth-pam). > And I see that by adding entries to /etc/guacamole/unix-user-mapping.xml, I > can connect a user with an existing VNC connection. So far, so good. > > Next, what I want to do is: > - when a user logs in to Guacamole, if they already have a VNC server, use > that. > - if they don't, then create a new VNC server (ie, run "vncserver" to > create the VNC server; remember its address), and *somehow* tell guacamole > to use that new connection. > > It looks like I can do this with an Event listener. But this feels like a > super-obvious thing to want to do, so I'm surprised it isn't already > supported out of the box....?? Or with an existing extension? > > Anyway, once I've got my Event listener listening for successful PAM > logins, I can go off and find/create the VNC server, but then I need to > tell guacamole about it. I was *hoping* to do this by using the Database > auth system, but my quick test suggests that this won't work. (That is, > when the PAM authenticator doesn't find anything, it doesn't seem to fall > back to looking for a connection in the Database extension.) I was hoping > to do *auth* with the PAM extension, but connection lookup using the > Database extension. In the manual, it seems to be suggested that LDAP + > Database can be made to work in this way. Is this not the case for PAM + > Database? > > An alternative seems to be to update the > /etc/guacamole/unix-user-mapping.xml file, which the PAM authenticator is > supposed to re-read when it is updated, but then I need to completely > re-write that file on each user login, which means I have to find and > report all existing VNC sessions all the time, or keep my own stinkin' > database... yuck! > > I would very much appreciate any guidance. > > Thanks! > --dustin > > >
