在 guacamole web网关平台的使用 篇中提到了其于user-mapping.xml 配置的认证,除此之外其还支持多种认证方式。这里主要提下guacamole与mysql的集成。

一、安装扩展包

这里主要涉及两个文件,一个是guacamole-auth-jdbc-mysql jar包(guacamole官方下载),另一个是mysql-connector-java jar包。并将其放到/etc/guacamole/ 目录下,结构如下:

1# tree /etc/guacamole/
2    /etc/guacamole/
3    ├── extensions
4    │   └── guacamole-auth-jdbc-mysql-0.9.14.jar
5    └──  lib
6        └── mysql-connector-java-5.1.37-bin.jar

二、数据库的配置

在guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/ 目录,可以找到对应的sql 文件。先使用如下命令创建对应的数据库:

 1mysql> CREATE DATABASE guacamole_db;
 2Query OK, 1 row affected (0.00 sec)
 3mysql> CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'some_password';
 4Query OK, 0 rows affected (0.00 sec)
 5mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
 6Query OK, 0 rows affected (0.00 sec)
 7mysql> FLUSH PRIVILEGES;
 8Query OK, 0 rows affected (0.02 sec)
 9mysql> quit
10Bye

接下来使用如下命令导入相应的数据:

1$ ls schema/
2001-create-schema.sql  002-create-admin-user.sql  upgrade
3$ cat schema/*.sql | mysql -u root -p guacamole_db
4Enter password: password

配置完mysql后,还需要在/etc/guacamole/guacamole.properties 里增加数据的相关配置,如下:

 1mysql-hostname: localhost
 2mysql-port: 3306
 3mysql-database: guacamole_db
 4mysql-username: guacamole_user
 5mysql-password: some_password
 6mysql-user-password-min-length: 8
 7mysql-user-password-require-multiple-case: true
 8mysql-user-password-require-symbol: true
 9mysql-user-password-require-digit: true
10mysql-user-password-prohibit-username: true
11mysql-user-password-min-age: 7
12mysql-user-password-max-age: 90
13mysql-user-password-history-size: 6
14mysql-default-max-connections: 1
15mysql-default-max-group-connections: 1
16mysql-default-max-connections-per-user: 0
17mysql-default-max-group-connections-per-user: 0
18mysql-absolute-max-connections: 0
19mysql-user-required: true

以上配置根据自己需要进行增加,默认最上面前五行就行了。

  1. 增加用户
1-- Generate salt
2SET @salt = UNHEX(SHA2(UUID(), 256));
3-- Create user and hash password with salt
4INSERT INTO guacamole_user (username, password_salt, password_hash)
5     VALUES ('myuser', @salt, UNHEX(SHA2(CONCAT('mypassword', HEX(@salt)), 256)));
  1. 增加主机连接信息
1-- Create connection
2INSERT INTO guacamole_connection (connection_name, protocol) VALUES ('test', 'vnc');
3-- Determine the connection_id
4SELECT * FROM guacamole_connection WHERE connection_name = 'test' AND parent_id IS NULL;
5-- Add parameters to the new connection
6INSERT INTO guacamole_connection_parameter VALUES (1, 'hostname', 'localhost');
7INSERT INTO guacamole_connection_parameter VALUES (1, 'port', '5901');

三、web管理

默认登陆完成后,会有一个默认的用户名和密码为guacadmin(密码相同),使用该用户登陆后,会发现界面和简单认证是不同的:

gacuadmin
gacuadmin

这里会涉及的功能有用户授权,session查杀等。

参考页面:

http://guacamole.apache.org/doc/gug/jdbc-auth.html

http://guacamole.apache.org/doc/gug/administration.html