Guacamole normally enforces authentication, requiring all users to have a corresponding set of credentials. If you would rather just type in your server's URL and gain access to your computer, you can do this with the "noauth" extension.
guacamole-auth-noauth removes all authentication, giving anyone that visits your server access to the same set of connections dictated by an XML configuration file. It is an authentication implementation in its own right, and thus doesn't truly "disable" authentication per se. Instead, it grants anyone access without requiring a username or password.
The security implications of this should be obvious - anyone with access to your Guacamole instance will have access to your remote desktops.
The "noauth" authentication module is not included in the main Guacamole bundle nor is it enabled by default. You must use the download link provided in the downloads section of the main Guacamole site.
The downloaded .tar.gz
file will contain several
directories:
lib/
Contains all
.jar
files required for the "noauth" authentication module to work, including the module itself.example/
Contains an example configuration file:
noauth-config.xml
.
The contents of lib/
must be copied into the classpath of
Guacamole, which is the directory specified by the lib-directory
property in guacamole.properties
. If this property is not
specified, simply add it. On Linux servers,
/var/lib/guacamole/classpath
is a good choice, but it can be
whatever you like.
The "noauth" extension is very simple and does not require any external libraries to
function. The contents of the lib/
directory should be simply the
extension itself. After copying this file in place, check that the contents match the
listing shown here:
$
ls/var/lib/guacamole/classpath
guacamole-auth-noauth-0.9.6.jar
$
If there are other .jar
files present beyond the "noauth"
authentication module itself (guacamole-auth-noauth-0.9.6.jar
), it
should still work. You would only have problems if two different versions of "noauth"
were present.
A few properties must be added to guacamole.properties
such
that Guacamole will load the "noauth" extension and locate its configuration
file:
# Auth provider class
auth-provider: net.sourceforge.guacamole.net.auth.noauth.NoAuthenticationProvider
# NoAuth properties
noauth-config: /etc/guacamole/noauth-config.xml
The auth-provider property above is a standard Guacamole property and tells Guacamole which authentication provider to use when authenticating requests.
The noauth-config property defines where the XML
configuration file (documented below) is located. This file describes the
connections available to any user of your Guacamole instance and can be placed
anywhere so long as its location is given in
guacamole.properties
. On Linux servers,
/etc/guacamole
is a good location for Guacamole
configuration files, including the configuration file used by "noauth".
Now just restart Tomcat (or whatever servlet container you are using) and authentication will be effectively disabled.
Although the "noauth" extension does not check credentials, it still requires a
configuration file describing which connections are available and the protocols to use.
This configuration is an XML file, typically called
noauth-config.xml
.
An example noauth-config.xml
file is provided in the
example/
directory of the .tar.gz
file
downloadable from the Guacamole site. The format is fairly straightforward, and it
consists only of a list of connections (configurations) and parameters:
<configs> <config name="myconfig" protocol="rdp"> <param name="hostname" value="rdp-server" /> <param name="port" value="3389" /> </config> </configs>
The file consists of a single <configs>
tag that contains any
number of <config>
tags, each representing a distinct connection
available for use.
Each <config>
tag has a corresponding name
and
protocol
. The name
attribute defines a unique
identifier for the connection and tells Guacamole what text should be displayed when
identifying the connection. The protocol
attribute defines the standard
remote desktop protocol to use, such as VNC, RDP, or SSH. These protocols must be
specified as lowercase due to the naming convention used by the libraries providing
protocol support. If the wrong case is used, Guacamole will be unable to load the
corresponding protocol support and the connection will fail.
The <param> tags are placed within <config> tags, describing a parameter name/value pair. The parameters available, their names, and their allowed values are protocol-specific and documented in Chapter 3, Configuring Guacamole.
The example above creates a new connection called "myconfig" that uses RDP to connect to the server at rdp-server on port 3389.