0

I'm trying to setup a guacamole instance to manage my servers accounts. It's working well when I'm using my MySQL database to manage connection user ID and user password.

But I would like to get my password from my keepass like container through REST API, the idea is to store my password in one and secure location !

I have several ideas to do it, but to be honnest this is not very "beautiful"

  1. Hack the JDBC extension to replace my password when guacamole try to access it. So I store in my password field something like "MY_KEEPASS:password_id" and I will do a request to my API, get the value and replace MY_KEEPASS:password_id by the password
  2. Use the token extension to execute my api call when password will find the token ${PASS}. But I'm not sure this is possible without hack the token extension...

Do someone have a better idea to do that ?

Thanks

root
  • 1
  • 2

1 Answers1

0

You can create an authentication extension for Guacamole, this is a regular way to provide more authentication mechanism to the Guacamole. The extension is essentially a .jar that can be registered to the Guacamole as an authenticator.

In your case, it would be probably sufficient to extend some of the JDBC authentication plugins and add your specific auth method.

You can find some documentation about this on the Guacamole site: http://guacamole.apache.org/doc/gug/custom-auth.html. There are also examples in the examples directory of the guacamole-client.

mnikolic
  • 572
  • 1
  • 5
  • 9
  • Hello mnikolic and thanks for your answer. This is not for authentification to guacamole but authentification to server from guacamole (so already auth). Did you understand that ? And is it possible ? Thanks. – root Apr 01 '19 at 07:34