You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by International Security Providers <in...@protonmail.com.INVALID> on 2021/09/29 07:57:33 UTC

save a shared Password when using SSO

I just thought.. If it's only possible to do this with a system saving the cleartext password.. why not keep this only in guacamole?

A working system could be like this:
a selectable field that defines that the password for the user is stored. This password should then be stored for all connections (which have the field "shared password" activated) of the user on the guacamole server until it is wrong and then overwritten with the new password that the user enters.

this would be very easy to implement for the admin as there is no additional configuration. and it would also only keep the password in cleartext ont he guacamole system which in my case is the only system, that needs a cleartext password.

Re: save a shared Password when using SSO

Posted by Nick Couchman <vn...@apache.org>.

On Wed, Sep 29, 2021 at 10:03 AM International Security Providers <
internationalsecurityproviders@protonmail.com> wrote:

> it's similar to "2)" but the difference is that there isn't an external
> system needed just to get the passwords.
>

Okay, but how does this differ from the existing ability to store passwords
that already exists in Guacamole?

-Nick

Re: save a shared Password when using SSO

Posted by Nick Couchman <vn...@apache.org>.

On Wed, Sep 29, 2021 at 3:57 AM International Security Providers
<in...@protonmail.com.invalid> wrote:

> I just thought.. If it's only possible to do this with a system saving the
> cleartext password.. why not keep this only in guacamole?
>
> A working system could be like this:
> a selectable field that defines that the password for the user is stored.
> This password should then be stored for all connections (which have the
> field "shared password" activated) of the user on the guacamole server
> until it is wrong and then overwritten with the new password that the user
> enters.
>
> this would be very easy to implement for the admin as there is no
> additional configuration. and it would also only keep the password in
> cleartext ont he guacamole system which in my case is the only system, that
> needs a cleartext password.
>

How is this any different from either 1) saving the password in Guacamole,
the way you can today, or 2) implementing the key vault support
(GUACAMOLE-641) allowing the passwords to be brought in from an external
system?

-Nick