[
https://issues.apache.org/jira/browse/GUACAMOLE-2057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Axel D'Olislager updated GUACAMOLE-2057:
----------------------------------------
Description:
Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
currently no way to make use of the new kerberos authentication functionality
within FreeRDP.
As per deprication of NTLM and security issues the demand for it is becoming
reasonably high, as in a Active Directory domain, your users cannot be part of
the Protected Users security group which blocks legacy protocols.
[https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/]
I've personally been playing around with this.
Manually I am able to create a connection using the FreeRDP package using the
following command and modifying my krb5.conf file:
{code:java}
xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
/d:<domainname> /cert:ignore{code}
krb5.conf:
{code:java}
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LEXAPHIX.LAB
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
LEXAPHIX.LAB = {
kdc = besnlexdc03.lexaphix.lab
admin_server = besnlexdc03.lexaphix.lab
}[domain_realm]
.lexaphix.lab = LEXAPHIX.LAB
lexaphix.lab = LEXAPHIX.LAB{code}
I've been trying to get this to work, but because I do not have the knowledge
of this code base, I'm unable to add these things.
was:
Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
currently no way to make use of the new kerberos authentication functionality
within FreeRDP.
As per deprication of NTLM and security issues the demand for it is becoming
reasonably high, as in a Active Directory domain, your users cannot be part of
the Protected Users security group which blocks legacy protocols.
https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/
I've personally been playing around with this.
Manually I am able to create a connection using the FreeRDP package using the
following command and modifying my krb5.conf file:
{code:java}
xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
/d:<domainname> /cert:ignore{code}
krb5.conf:
{code:java}
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LEXAPHIX.LAB
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
LEXAPHIX.LAB = {
kdc = besnlexdc03.lexaphix.lab
admin_server = besnlexdc03.lexaphix.lab
}[domain_realm]
.lexaphix.lab = LEXAPHIX.LAB
lexaphix.lab = LEXAPHIX.LAB{code}
I've been trying to get this to work, but because I do not have the knowledge
of this code base, I'm unable to add these things.
> No support for kerberos authentication using FreeRDP3
> -----------------------------------------------------
>
> Key: GUACAMOLE-2057
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2057
> Project: Guacamole
> Issue Type: New Feature
> Components: RDP
> Affects Versions: 1.6.0
> Environment: Active Directory?
> Reporter: Axel D'Olislager
> Priority: Critical
> Labels: security
>
> Since in Guacamole 1.6.0 there will be support for FreeRDP3.0, there is
> currently no way to make use of the new kerberos authentication functionality
> within FreeRDP.
>
> As per deprication of NTLM and security issues the demand for it is becoming
> reasonably high, as in a Active Directory domain, your users cannot be part
> of the Protected Users security group which blocks legacy protocols.
> [https://www.reddit.com/r/sysadmin/comments/1b5o6kx/apache_guacamole_kerberos_support_or_roadmap_for/]
>
> I've personally been playing around with this.
> Manually I am able to create a connection using the FreeRDP package using the
> following command and modifying my krb5.conf file:
> {code:java}
> xfreerdp /auth-pkg-list:'!ntlm,kerberos' /u:<username> /v:<host_ip>
> /d:<domainname> /cert:ignore{code}
>
> krb5.conf:
> {code:java}
> includedir /etc/krb5.conf.d/
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> default_realm = LEXAPHIX.LAB
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> [realms]
> LEXAPHIX.LAB = {
> kdc = besnlexdc03.lexaphix.lab
> admin_server = besnlexdc03.lexaphix.lab
> }[domain_realm]
> .lexaphix.lab = LEXAPHIX.LAB
> lexaphix.lab = LEXAPHIX.LAB{code}
>
>
> I've been trying to get this to work, but because I do not have the knowledge
> of this code base, I'm unable to add these things.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
