Adding users and connections
Prev Chapter 4. Configuring Guacamole Next

Adding users and connections

The default authentication provider used by Guacamole reads all username, password, and configuration information from a file called the "user mapping" (typically named user-mapping.xml). Other authentication providers can be written which read authentication information from other sources, but those are not documented here. To learn how to configure an authentication provider not included in the main Guacamole bundle, consult the documentation provided with that authentication provider.

When using BasicFileAuthenticationProvider, username/password pairs are specified with <authorize> tags, which each have a username and password attribute. Each <authorize> tag authorizes a specific username/password pair to access all connections within the tag.

To specify a connection within an <authorize> tag, you can either list a single protocol and set of parameters (specified with a <protocol> tag and any number of <param> tags), in which case that user will have access to only one connection named "DEFAULT", or you can specify one or more connections with one or more <connection> tags, each of which can be named and contains a <protocol> tag and any number of <param> tags.

Both of these possibilities are shown in the example user-mapping.xml below. A similar example is included with Guacamole.

Example 4.2. A simple user-mapping.xml

<user-mapping>
	
    <!-- Per-user authentication and config information -->
    <authorize username="USERNAME" password="PASSWORD">
        <protocol>vnc</protocol>
        <param name="hostname">localhost</param>
        <param name="port">5900</param>
        <param name="password">VNCPASS</param>
    </authorize>

    <!-- Another user, but using md5 to hash the password
         (example below uses the md5 hash of "PASSWORD") -->
    <authorize 
            username="USERNAME2"
            password="319f4d26e3c536b5dd871bb2c52e3178"
            encoding="md5">

        <!-- First authorized connection -->
        <connection name="localhost">
            <protocol>vnc</protocol>
            <param name="hostname">localhost</param>
            <param name="port">5901</param>
            <param name="password">VNCPASS</param>
        </connection>

        <!-- Second authorized connection -->
        <connection name="otherhost">
            <protocol>vnc</protocol>
            <param name="hostname">otherhost</param>
            <param name="port">5900</param>
            <param name="password">VNCPASS</param>
        </connection>

    </authorize>

</user-mapping>

Prev Up Next
Authentication Home Protocols