You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by billib <bi...@makerslounge.de> on 2022/05/01 10:58:20 UTC

problem with default authentication and encoded passwords

Morning everybody,

I cannot log in to my server if I try and use an encrypted password in 
user-mapping.xml:

     <authorize
         username="testuser1"
         password="passwort1">
             <protocol>vnc</protocol>
             <param name="hostname">localhost</param>
             <param name="port">5901</param>
             <param name="password">vncpass1</param>
     </authorize>


works fine, while

     <authorize
         username="testuser2"
         password="631b0ef29792ae5e5813b2ae4dd7aa25"
         encoding="md5">
             <protocol>vnc</protocol>
             <param name="hostname">localhost</param>
             <param name="port">5902</param>
             <param name="password">vncpass</param>
     </authorize>

leaves me with a "WARN  o.a.g.r.auth.AuthenticationService - 
Authentication attempt from 95.191.24.244 for user "testuser2" failed" 
in catalina.out. Nothing in syslog.
The same is true for sha256 instead of md5.

This is a Guacamole 1.4.0 install on a Debian11 virtual server from 
hetzner.com.

Any hints about where to look for what would be greatly appreciated.


Thanks in advance,
Billib

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: problem with default authentication and encoded passwords

Posted by Michael Jumper <mj...@apache.org>.

On Sun, May 1, 2022, 09:11 billib <bi...@makerslounge.de> wrote:

> My script comes up with a password, GUAC_PASS. The next line gives the
> text that is written into user-mapping.xml:
>
>     GUAC_PASS_ENC=$(echo ${GUAC_PASS} | openssl md5 | cut -d' ' -f2)
>
>
> I tried
>
>     echo "mypassword" | openssl md5
>
>
> (with and without double quotes) and
>
>     echo "mypassword" | md5sum
>
>
> on the command line as well which gave the same results as the script,
> respectively.
>

Use echo -n instead. The "echo" command will otherwise include a newline
character at the end, which is causing the checksum to not match. You are
currently actually hashing "mypassword\n", not "mypassword".

- Mike

Re: problem with default authentication and encoded passwords

Posted by Michael Jumper <mj...@apache.org>.

On Sun, May 1, 2022, 03:58 billib <bi...@makerslounge.de> wrote:

> Morning everybody,
>
> I cannot log in to my server if I try and use an encrypted password in
> user-mapping.xml:
>
>      <authorize
>          username="testuser1"
>          password="passwort1">
>              <protocol>vnc</protocol>
>              <param name="hostname">localhost</param>
>              <param name="port">5901</param>
>              <param name="password">vncpass1</param>
>      </authorize>
>
>
> works fine, while
>
>      <authorize
>          username="testuser2"
>          password="631b0ef29792ae5e5813b2ae4dd7aa25"
>          encoding="md5">
>              <protocol>vnc</protocol>
>              <param name="hostname">localhost</param>
>              <param name="port">5902</param>
>              <param name="password">vncpass</param>
>      </authorize>
>
> leaves me with a "WARN  o.a.g.r.auth.AuthenticationService -
> Authentication attempt from 95.191.24.244 for user "testuser2" failed"
> in catalina.out. Nothing in syslog.
> The same is true for sha256 instead of md5.
>

What exact command(s) are you using to generate the hashed password?

- Mike