You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Peter Burdine <pb...@gmail.com> on 2016/09/21 03:21:44 UTC
Forgetting Credentials
We are currently using guacamole, and it is great!
For our environment, we use LDAP authentication to authenticate against AD,
which is great. However, we have some requirements where if the RDP
session has been disconnected due to error or session timeout, the user
should have to reauthenticate to get back into the RDP session. Since we
are currently passing ${GUAC_USERNAME} and ${GUAC_PASSWORD}, it allows the
user to reconnect without authenticating, even hours later.
Are there any options to have the system "forget" the credentials after a
certain time period or being used? We would really like to keep the only
having to login once (at least of the first RDP connection attempt),
especially since most of our users only have one connection setup so they
login and sent right to the desktop, but if their session times out, they
should be asked for credentials again.
Thanks,
Peter
Re: Forgetting Credentials
Posted by Peter Burdine <pb...@gmail.com>.
I've spend a little time looking into the code, it seems like the password
may be stored in a StandardTokens object. Is that correct?
Could this be as simple as writing a Authentication extension that set
GUAC_PASSWORD to be null after the user has been logged in for XX minutes?
Or is something that would be much more complicated?
On Tue, Sep 20, 2016 at 8:21 PM, Peter Burdine <pb...@gmail.com> wrote:
> We are currently using guacamole, and it is great!
>
> For our environment, we use LDAP authentication to authenticate against
> AD, which is great. However, we have some requirements where if the RDP
> session has been disconnected due to error or session timeout, the user
> should have to reauthenticate to get back into the RDP session. Since we
> are currently passing ${GUAC_USERNAME} and ${GUAC_PASSWORD}, it allows the
> user to reconnect without authenticating, even hours later.
>
> Are there any options to have the system "forget" the credentials after a
> certain time period or being used? We would really like to keep the only
> having to login once (at least of the first RDP connection attempt),
> especially since most of our users only have one connection setup so they
> login and sent right to the desktop, but if their session times out, they
> should be asked for credentials again.
>
> Thanks,
> Peter
>