I've spend a little time looking into the code, it seems like the password may be stored in a StandardTokens object. Is that correct?
Could this be as simple as writing a Authentication extension that set GUAC_PASSWORD to be null after the user has been logged in for XX minutes? Or is something that would be much more complicated? On Tue, Sep 20, 2016 at 8:21 PM, Peter Burdine <[email protected]> wrote: > We are currently using guacamole, and it is great! > > For our environment, we use LDAP authentication to authenticate against > AD, which is great. However, we have some requirements where if the RDP > session has been disconnected due to error or session timeout, the user > should have to reauthenticate to get back into the RDP session. Since we > are currently passing ${GUAC_USERNAME} and ${GUAC_PASSWORD}, it allows the > user to reconnect without authenticating, even hours later. > > Are there any options to have the system "forget" the credentials after a > certain time period or being used? We would really like to keep the only > having to login once (at least of the first RDP connection attempt), > especially since most of our users only have one connection setup so they > login and sent right to the desktop, but if their session times out, they > should be asked for credentials again. > > Thanks, > Peter >
