Hello,
I went through architecture and as far as I understand, guacamole BE sends kind of request to guacd to make connection to the remote client (for example VNC). Guacamole Webserver can be secured with different options (in our case reverse proxy + LDAP). But what prevents another “not secured” client to connect to guacd and request connection to some remote client? The guacd can be accessible from only internal network (where guacamole server is hosted). But still guacd is vulnerable if there is access to the same network? I did not find in documentation the correct way to make everything secure. So, the question is: How to make guacd recognize valid guacamole server requests?
