You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Benjamin Griese <be...@geniorxt.de> on 2019/02/18 15:47:29 UTC
Users get by TOTP authentication
Hello everybody,
this is kind of a uplicate of a post made by someone on guacamole-issues ML[1].
I've setup a Guacamole system in my home environment for remote access.
In order to make things secure, I thought I setup TOTP 2 factor authentication in conjunction with LDAP.
I've found out the local guacadmin is successfully being asked for TOTP init.
Even though LDAP users and even additional local users are not getting asked for TOTP init.
I am using this docker-image in a kubernetes setup, if it does matter.
https://github.com/oznu/docker-guacamole
Is this a bug or a misconfigured setup?
Thank you very much help!
Best regards
Benjamin
1: https://mail-archives.apache.org/mod_mbox/guacamole-issues/201902.mbox/%3cJIRA.13213577.1549199825000.230623.1549199880084@Atlassian.JIRA%3e
Re: Users get by TOTP authentication
Posted by Nick Couchman <vn...@apache.org>.
On Tue, Feb 19, 2019 at 11:23 AM Benjamin Griese <be...@geniorxt.de> wrote:
> Hello Nick,
>
> thanks for clarifying this, even though it was in the manual of how to
> setup LDAP! (RTFM...)
> Got it working now!
>
>
Glad to hear it, Benjamin.
-Nick
Re: Users get by TOTP authentication
Posted by Benjamin Griese <be...@geniorxt.de>.
Hello Nick,
thanks for clarifying this, even though it was in the manual of how to setup LDAP! (RTFM...)
Got it working now!
Best regards
Benjamin
> Nick Couchman <vn...@apache.org> hat am 18. Februar 2019 um 16:59 geschrieben:
>
> On Mon, Feb 18, 2019 at 10:47 AM Benjamin Griese < benni@geniorxt.de mailto:benni@geniorxt.de > wrote:
>
> > > Hello everybody,
> >
> > this is kind of a uplicate of a post made by someone on guacamole-issues ML[1].
> >
> > I've setup a Guacamole system in my home environment for remote access.
> > In order to make things secure, I thought I setup TOTP 2 factor authentication in conjunction with LDAP.
> >
> > I've found out the local guacadmin is successfully being asked for TOTP init.
> > Even though LDAP users and even additional local users are not getting asked for TOTP init.
> >
> > I am using this docker-image in a kubernetes setup, if it does matter.
> > https://github.com/oznu/docker-guacamole
> >
> >
> > Is this a bug or a misconfigured setup?
> >
> > >
> This is perhaps a nuance of the configuration and how it works. First, you need the users to exist in the database authentication module, because that's where the TOTP information gets stored. Second, the users in the DB module need to be allowed to update their own passwords (basically update their own account), as that's what determines whether or not the user can store information about themselves.
>
> -Nick
>
> > >
> >
> > >
Re: Users get by TOTP authentication
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Feb 18, 2019 at 10:47 AM Benjamin Griese <be...@geniorxt.de> wrote:
> Hello everybody,
>
> this is kind of a uplicate of a post made by someone on guacamole-issues
> ML[1].
>
> I've setup a Guacamole system in my home environment for remote access.
> In order to make things secure, I thought I setup TOTP 2 factor
> authentication in conjunction with LDAP.
>
> I've found out the local guacadmin is successfully being asked for TOTP
> init.
> Even though LDAP users and even additional local users are not getting
> asked for TOTP init.
>
> I am using this docker-image in a kubernetes setup, if it does matter.
> https://github.com/oznu/docker-guacamole
>
>
> Is this a bug or a misconfigured setup?
>
This is perhaps a nuance of the configuration and how it works. First, you
need the users to exist in the database authentication module, because
that's where the TOTP information gets stored. Second, the users in the DB
module need to be allowed to update their own passwords (basically update
their own account), as that's what determines whether or not the user can
store information about themselves.
-Nick
>