You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2021/08/17 18:53:00 UTC
[jira] [Closed] (GUACAMOLE-1400) Allow docker container to
optionally use a database connector without the database authentication
provider
[ https://issues.apache.org/jira/browse/GUACAMOLE-1400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman closed GUACAMOLE-1400.
------------------------------------
Resolution: Invalid
[~Toaster_Chicken]: I think there may be some confusion as to what it means to have the database extension be an "authentication provider". Authentication providers in Guacamole can provide user authentication and storage, group membership information, and/or connection configurations. So, if you want to use the JDBC provider as a place to store connection and user information, it has to be enabled as an authentication provider. For the JDBC module, in particular, there's no way to enable it for storage and not authenticate against it.
In most cases this will be harmless - you'll have your users defined in the DB and they'll authenticate through LDAP, and the users in the DB will have random passwords associated with them that will never be checked because other providers will succeed.
If you have further questions about that, please feel free to subscribe and post to the mailing list.
> Allow docker container to optionally use a database connector without the database authentication provider
> ----------------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-1400
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1400
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole
> Affects Versions: 1.2.0, 1.3.0
> Reporter: James Scott
> Priority: Minor
>
> In the guacamole/guacamole start.sh script, if a database type is configured for user, it automatically includes the authentication library associated on startup.
> When enabling both the LDAP and database options with the Docker container, both authentication methods are enabled.
> Users are able to authenticate using either their LDAP credentials or Database credentials due to the authentication failback process.
> It appears the mysql-connector-.jar can be enabled with out an associated guacamole-auth-jdbc.jar allowing for users and connections to exist in the database with out database authentication, and still use the external authentication methods like LDAP, SAML etc.
> *Use case:*
> -Using LDAP for just authentication and MYSQL for the user and connection data
> -Automate user creation, new connections and associating them using REST API which is stored in the database.
> *Problem*:
> When using the Docker images there's no granular control over the authentication methods being enabled. When configuring a SQL database for user connections/groups it would be preferable if the database authentication is optional. Creating users in the database the user have a password associated with their account that could be used to authenticate with if that password was known.
> [Associating LDAP with a database|#ldap-and-database]]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)