options
* You can try and use a token instead of a password. Also you can
implement certificates with MySQL communication locally on the
back-end.
* You can also create a LUKS NFS and place the Guacamole.properties
inside it to encrypt it at rest and the host system can use the
certificate from LUKS to read the file to MySQL over TLS (127.0.0.1).
Script example.
sc.Append($"Server={endpoint.Host};");
sc.Append($"Database={schema};");
sc.Append("SslMode=Required;");
sc.Append($"user={username};");
sc.Append($"password={token};");
Dynamic password update every 10 minutes
if (Expires <= DateTime.UtcNow)
{
onExpiration(this); // requests a new token & updates the password
currentConnectionString = builder.ToString();
}
return currentConnectionString;
Hope this helps!
*Thank You*
Sean
Aero Tech wrote:
I'll give the MYSQL DB a shot. Anyway around the plain text passwords
in the guac.props and other config files? I saw something about MD5
hashes. I've been researching a few things but not 100 percent sure
what all the guacamole config files can handle as far as encryption.
On Fri, Nov 3, 2023 at 5:34 PM Ivanmarcus
<[email protected]> wrote:
As Mark Li has also suggested my post was really just to give you
some
pointers as to how to get a working system, and from there you could
modify it as you wanted.
To answer some of your questions:
I haven't used PostGres with Guacamole myself, so am unable to
directly
comment on performance comparison with MySQL or MariaDB, however I've
had no issue with the latter and up to 150 users.
You will see the first command I used was 'su', which changes you
to the
root superuser. If you do that you don't need to sudo, however some
people may disagree with doing that. Along with the placement of .war
files it's why I said you may wish to make some changes :) That
said if
you follow the commands more or less exactly you should end up with
something that works.
The 'ln' command provides a symlink in the specified directory to the
listed file that resides elsewhere. Some information on symlinks
may be
found here:
https://linuxize.com/post/how-to-create-symbolic-links-in-linux-using-the-ln-command/
A good explanation for the '-p' flag in mkdir may be seen here:
https://superuser.com/questions/165157/what-does-the-p-flag-do-in-mkdir-p
Again (with these latter commands) this is just the way I've done
it in
the past, you could do things differently as you wish and still
end up
with a working system. If you do, and you find a better way to
achieve a
result, it would be useful if you could post that back to the
community.
On 4/11/23 05:43, Aero Tech wrote:
> My good sir Ivan Marcus, These directions are very helpful. I am
wondering
> if you are able to send an example with PSQL if PSQL provides better
> performance? I am assuming every command should be run sudo? For
this
> symbolic link portion below, what does that do exactly? ln -s
> /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/
>
> mkdir -p /usr/lib/$(dpkg-architecture -qDEB_BUILD_GNU_TYPE)/freerdp
>
> ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$(dpkg-architecture
> -qDEB_BUILD_GNU_TYPE)/freerdp/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
