Plaintext passwords in guacamole.properties

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Plaintext passwords in guacamole.properties

smoke
    Hello!

I am a little put off by the unhashed password in ldap-search-bind-password
(guacamole.properties). Is there a way to use the hash instead of the
visible pass? The same thing goes for the postgresql-password.

I searched for a solution to this problem to no avail.

Thank you!



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Plaintext passwords in guacamole.properties

Mike Jumper
On Thu, Jul 12, 2018, 01:07 smoke <[hidden email]> wrote:
    Hello!

I am a little put off by the unhashed password in ldap-search-bind-password
(guacamole.properties). Is there a way to use the hash instead of the
visible pass? The same thing goes for the postgresql-password.

No - they're not that kind of password.

Hashing only makes sense for passwords which will be verified by Guacamole - passwords which Guacamole does not need to know verbatim. In this case, those passwords must be sent by Guacamole to the LDAP or PostgreSQL server to authenticate, thus it must have the actual raw password, not a hash.

Your best option is to set filesystem permissions appropriately such that only Guacamole can read guacamole.properties.

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: Plaintext passwords in guacamole.properties

Erik Berndt
>Your best option is to set filesystem permissions appropriately such that only Guacamole can read guacamole.properties.

I had a similar thought a few months ago and this is your best best. Yes, the password is stored in plain text on a publicly available server, but it's not being transmitted externally, so locking it down should be sufficient. We use smtp relay on a couple of servers and have the config files storing the credentials set to 644. I just checked and guacamole.properties is set to 604, which from what I can recall was the most restrictive mode without the service becoming inaccessible.

Erik Berndt / Systems Administrator
5551 Wellington Rd, Gainesville, VA 20155
703.631.0004 x520 (Phone) / 703.257.1725 (Fax)
http://www.superiorpaving.net

Need to open an IT support ticket?  
http://FixIT.superiorpaving.net/portal or [hidden email]

On Thu, Jul 12, 2018 at 4:19 AM, Mike Jumper <[hidden email]> wrote:
On Thu, Jul 12, 2018, 01:07 smoke <[hidden email]> wrote:
    Hello!

I am a little put off by the unhashed password in ldap-search-bind-password
(guacamole.properties). Is there a way to use the hash instead of the
visible pass? The same thing goes for the postgresql-password.

No - they're not that kind of password.

Hashing only makes sense for passwords which will be verified by Guacamole - passwords which Guacamole does not need to know verbatim. In this case, those passwords must be sent by Guacamole to the LDAP or PostgreSQL server to authenticate, thus it must have the actual raw password, not a hash.

Your best option is to set filesystem permissions appropriately such that only Guacamole can read guacamole.properties.

- Mike



This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you have received this e-mail in error, please immediately notify Superior Paving Corp. by telephone at (703) 631-0004.  You will be reimbursed for reasonable costs incurred in notifying us.

Reply | Threaded
Open this post in threaded view
|

Re: Plaintext passwords in guacamole.properties

Mike Jumper-2
On Thu, Jul 12, 2018 at 9:36 AM, Erik Berndt
<[hidden email]> wrote:

>>Your best option is to set filesystem permissions appropriately such that
>> only Guacamole can read guacamole.properties.
>
> I had a similar thought a few months ago and this is your best best. Yes,
> the password is stored in plain text on a publicly available server, but
> it's not being transmitted externally, so locking it down should be
> sufficient. We use smtp relay on a couple of servers and have the config
> files storing the credentials set to 644. I just checked and
> guacamole.properties is set to 604, which from what I can recall was the
> most restrictive mode without the service becoming inaccessible.
>

In general, I'd recommend creating a group specific to Guacamole (like
"guacamole"), adding the Tomcat user to that group, and ensuring
guacamole.properties is owned by "root:guacamole" with 640 permissions
(read/write for root, read-only to guacamole, unreadable to all
others). That should lock things down nicely.

- Mike