You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by billib <bi...@makerslounge.de> on 2022/05/01 10:58:20 UTC
problem with default authentication and encoded passwords
Morning everybody,
I cannot log in to my server if I try and use an encrypted password in
user-mapping.xml:
<authorize
username="testuser1"
password="passwort1">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">vncpass1</param>
</authorize>
works fine, while
<authorize
username="testuser2"
password="631b0ef29792ae5e5813b2ae4dd7aa25"
encoding="md5">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5902</param>
<param name="password">vncpass</param>
</authorize>
leaves me with a "WARN o.a.g.r.auth.AuthenticationService -
Authentication attempt from 95.191.24.244 for user "testuser2" failed"
in catalina.out. Nothing in syslog.
The same is true for sha256 instead of md5.
This is a Guacamole 1.4.0 install on a Debian11 virtual server from
hetzner.com.
Any hints about where to look for what would be greatly appreciated.
Thanks in advance,
Billib
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: problem with default authentication and encoded passwords
Posted by Michael Jumper <mj...@apache.org>.
On Sun, May 1, 2022, 09:11 billib <bi...@makerslounge.de> wrote:
> My script comes up with a password, GUAC_PASS. The next line gives the
> text that is written into user-mapping.xml:
>
> GUAC_PASS_ENC=$(echo ${GUAC_PASS} | openssl md5 | cut -d' ' -f2)
>
>
> I tried
>
> echo "mypassword" | openssl md5
>
>
> (with and without double quotes) and
>
> echo "mypassword" | md5sum
>
>
> on the command line as well which gave the same results as the script,
> respectively.
>
Use echo -n instead. The "echo" command will otherwise include a newline
character at the end, which is causing the checksum to not match. You are
currently actually hashing "mypassword\n", not "mypassword".
- Mike
Re: problem with default authentication and encoded passwords
Posted by Michael Jumper <mj...@apache.org>.
On Sun, May 1, 2022, 03:58 billib <bi...@makerslounge.de> wrote:
> Morning everybody,
>
> I cannot log in to my server if I try and use an encrypted password in
> user-mapping.xml:
>
> <authorize
> username="testuser1"
> password="passwort1">
> <protocol>vnc</protocol>
> <param name="hostname">localhost</param>
> <param name="port">5901</param>
> <param name="password">vncpass1</param>
> </authorize>
>
>
> works fine, while
>
> <authorize
> username="testuser2"
> password="631b0ef29792ae5e5813b2ae4dd7aa25"
> encoding="md5">
> <protocol>vnc</protocol>
> <param name="hostname">localhost</param>
> <param name="port">5902</param>
> <param name="password">vncpass</param>
> </authorize>
>
> leaves me with a "WARN o.a.g.r.auth.AuthenticationService -
> Authentication attempt from 95.191.24.244 for user "testuser2" failed"
> in catalina.out. Nothing in syslog.
> The same is true for sha256 instead of md5.
>
What exact command(s) are you using to generate the hashed password?
- Mike