Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-28

Add support for TLS-PSK mutual authentication

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      The description of this issue was copied from GUAC-1344, an issue in the JIRA instance used by the Guacamole project prior to its acceptance into the Apache Incubator.

      Comments, attachments, related issues, and history from prior to acceptance have not been copied and can be found instead at the original issue.

      Given that the authorization is done by the guacamole-client (java) component, there seem to be a need for mutual authentication between guacd and its clients so not anyone could use guacd but only authenticated peers (especially when they do not run on the same machine).

      This could allow to have guacd with one internal leg to communicate with the servers and one leg on DMZ on which is accepts guacd clients but only authenticated ones.

      I've been working on adding support for TLS-PSK with the openssl library to the guacd server side component (as first step) and would like to share this and to possibly integrate it if fit (PR will follow).

      Thanks for this great and opened software.

      Attachments

        Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. GUACAMOLE-1144 Option for guacd require client SSL certificate

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              mjumper Mike Jumper
              Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: