You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2019/03/22 14:59:00 UTC

[jira] [Commented] (GUACAMOLE-762) Add field on login screen for 3rd party OTP value

    [ https://issues.apache.org/jira/browse/GUACAMOLE-762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799080#comment-16799080 ] 

Nick Couchman commented on GUACAMOLE-762:
-----------------------------------------

Not sure about your particular configuration; however, I am familiar with RADIUS + LinOTP, and I know that you *can* combine the password and OTP into one, but you can also enter the password and then get prompted for OTP.  The Guacamole RADIUS module can handle this scenario, and pops up a secondary prompt that will allow you to enter the OTP value separate from the password.  I believe in this scenario that the password gets saved in the token, which should operate the way you want it to, but I've actually never tried it, so not 100% certain about that.

I kind of doubt we'd want to modify the default Guacamole login box to add that prompt; however, it may be possible in a separate extension to come up with a way to change what fields are presented at the login box (this is essentially what we do for SSO extensions).

> Add  field on login screen for 3rd party OTP value
> --------------------------------------------------
>
>                 Key: GUACAMOLE-762
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-762
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-client
>    Affects Versions: 1.0.0
>            Reporter: Not Speedy
>            Priority: Minor
>
> when using radius/ and privacyidea/linotp for OTP, I'm unable to use NLA with RDP.. This is because the password and OTP are combined, which will authenticate fine with radius, but of doesn't with the windows/ldap.  Would it be possible to create an option to enable a OTP field on sign on like GUAC_radiusOTP.  Then we could authenticate to guacamole using GUAC_USERNAME. GUAC_PASSWORD+GUAC_radiusOTP.  Then we could simple continue to pass GUAC_USERNAME and GUAC_PASSWORD to NLA.
> Thanks for your consideration



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)