在 <a href="https://www.361way.com/guacamole/5919.html" target="_blank" rel="noopener">guacamole web网关平台的使用</a> 篇中提到了其于user-mapping.xml 配置的认证,除此之外其还支持多种认证方式。这里主要提下guacamole与mysql的集成。
一、安装扩展包
这里主要涉及两个文件,一个是guacamole-auth-jdbc-mysql jar包(guacamole官方下载),另一个是mysql-connector-java jar包。并将其放到/etc/guacamole/ 目录下,结构如下:
<br />
# tree /etc/guacamole/
/etc/guacamole/
├── extensions
│ └── guacamole-auth-jdbc-mysql-0.9.14.jar
└── lib
└── mysql-connector-java-5.1.37-bin.jar
二、数据库的配置
在guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/ 目录,可以找到对应的sql 文件。先使用如下命令创建对应的数据库:
<br />
mysql> CREATE DATABASE guacamole_db; Query OK, 1 row affected (0.00 sec) mysql> CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'some_password'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.02 sec) mysql> quit Bye
接下来使用如下命令导入相应的数据:
<br />
$ ls schema/ 001-create-schema.sql 002-create-admin-user.sql upgrade $ cat schema/*.sql | mysql -u root -p guacamole_db Enter password: password
配置完mysql后,还需要在/etc/guacamole/guacamole.properties 里增加数据的相关配置,如下:
<br />
mysql-hostname: localhost mysql-port: 3306 mysql-database: guacamole_db mysql-username: guacamole_user mysql-password: some_password mysql-user-password-min-length: 8 mysql-user-password-require-multiple-case: true mysql-user-password-require-symbol: true mysql-user-password-require-digit: true mysql-user-password-prohibit-username: true mysql-user-password-min-age: 7 mysql-user-password-max-age: 90 mysql-user-password-history-size: 6 mysql-default-max-connections: 1 mysql-default-max-group-connections: 1 mysql-default-max-connections-per-user: 0 mysql-default-max-group-connections-per-user: 0 mysql-absolute-max-connections: 0 mysql-user-required: true
以上配置根据自己需要进行增加,默认最上面前五行就行了。
增加用户
<br />
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO guacamole_user (username, password_salt, password_hash)
VALUES ('myuser', @salt, UNHEX(SHA2(CONCAT('mypassword', HEX(@salt)), 256)));
增加主机连接信息
<br />
<br />
-- Create connection
INSERT INTO guacamole_connection (connection_name, protocol) VALUES ('test', 'vnc');
-- Determine the connection_id
SELECT * FROM guacamole_connection WHERE connection_name = 'test' AND parent_id IS NULL;
-- Add parameters to the new connection
INSERT INTO guacamole_connection_parameter VALUES (1, 'hostname', 'localhost');
INSERT INTO guacamole_connection_parameter VALUES (1, 'port', '5901');
三、web管理
<br />
默认登陆完成后,会有一个默认的用户名和密码为guacadmin(密码相同),使用该用户登陆后,会发现界面和简单认证是不同的:
<img src="https://www.361way.com/wp-content/uploads/2018/12/gacuadmin.png" width="881" height="315" title="gacuadmin" alt="gacuadmin" />
这里会涉及的功能有用户授权,session查杀等。
<strong>参考页面:</strong>
<a href="http://guacamole.apache.org/doc/gug/jdbc-auth.html" target="_blank" rel="noopener">http://guacamole.apache.org/doc/gug/jdbc-auth.html</a>
<a href="http://guacamole.apache.org/doc/gug/administration.html" target="_blank" rel="noopener">http://guacamole.apache.org/doc/gug/administration.html</a>
<br />