On Mon, Jun 2, 2025 at 9:44 AM Raphaël CAUDRON <[email protected]> wrote:
> Hi, > > > > I have come across and studied the Jira issue “GUACAMOLE-2057 > <https://issues.apache.org/jira/browse/GUACAMOLE-2057>” to use Kerberos > authentication and protocol (I managed to make it work). However my initial > issue was related to “ > https://lists.apache.org/thread/94jo1mhgxkwcxdypm609rxwy37scsvcn” which > is about transparent connection to RDP connections using the SSO identity > through Kerberos tickets and cache. Does anyone have any piece of > information about whether it is in the roadmap or planned for the 1.6.x ? I > did some testing using the freerdp binary available at > /opt/guacamole/bin/sfreerdp (docker container) and managed to use the cache > I manually mounted. > > I used it this way : /opt/guacamole/bin/sfreerdp /v:**machine-name** > /u:**username** /remoteGuard /auth-pkg-list:!ntlm,kerberos /sec:nla > +auth-only /cert:ignore /p:dummy /log-level:INFO > > There is a password because +auth-only expects one even if it uses the > cache. > > > Thanks for confirming that the changes in 2057 have allowed you to get Kerberos authentication with Windows systems over RDP to work. Regarding Kerberos pass-through authentication, this is not yet planned for any version of Guacamole - it should be doable, but will require an authentication extension to be implemented for Guacamole Client that performs Kerberos authentication on the client-side, and then is able to share the required information with guacd to pass the Kerberos tickets on. I would not expect to see this in any 1.6.x version. -Nick
