You should not use the NoAuth plugin. There's a reason we deprecated it - disabling Guacamole's security completely - which is effectively what the NoAuth module did - is a bad idea.
(I was once asking similar questions, trying to get the NoAuth module to work, so I do understand some of the situations where it seems like a good idea - e.g. I'm connecting to a RDP server also requires authentication, why should I have Guacamole do it for me and have users have to go through two layers of authentication? There are better answers to these questions than, "I don't need Guacamole security.") If you want to get your upstream proxy - like Apache httpd or nginx - to do the authentication, and pass that through to Guacamole, you should use the header plugin, which accepts an HTTP header (by default REMOTE_USER) with the name of a user and treats that as a valid authentication. https://guacamole.apache.org/doc/gug/header-auth.html You can combine the header authentication extension with some other extension - like JDBC - to store connections and then grant access to the connections to users who successfully authenticate via the header module, or something like the QuickConnect module to allow users to put in their own connection URIs and connect directly to a server (but be aware of the security risks of allowing that). If there's something else you're trying to do, or some reason you think that you need/want the NoAuth module, feel free to post back with that information and maybe we can suggest other ways to work with Guacamole's security rather than completely disabling it. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
