Installing PostgreSQL for Guacamole Authentication
Instructions for installing PostgreSQL in Guacamole for Authentication
CentOS and RHEL both provide a package for the PostgreSQL database server called "postgresql-server". Installing this package will install a version of PostgreSQL that is explicitly supported by Keeper Connection Manager. If you do not have an existing database instance or third-party database hosting provider that you would prefer to use, installing a fresh instance of PostgreSQL for use by Guacamole will work nicely:
As with other standard CentOS / RHEL packages providing a service, the PostgreSQL service will not be started by default after the "postgresql-server" package is installed. However, if you attempt to start the PostgreSQL service now, the service will fail to start as PostgreSQL's database has not yet been created and initialized. This must be done manually with the "postgresql-setup" command:
Once the database has been initialized, the service can be safely started and configured to start automatically if the system is rebooted:
Configuring PostgreSQL to accept password authentication locally
If PostgreSQL is installed locally (on the same server as Apache Guacamole), its default configuration will prevent Guacamole from authenticating. This is because PostgreSQL can be configured to use different authentication mechanisms for connections coming from different networks or addresses, and the default configuration uses "ident" authentication for connections from the local machine. The "ident" method is incompatible with providing a database username and password via TCP, which will result in Guacamole being unable to connect to PostgreSQL.
Edit PostgreSQL's main configuration file, /var/lib/pgsql/data/pg_hba.conf
, looking for the lines which associate IPv4 or IPv6 loopback addresses with "ident":
The keyword ident
should be changed to md5
to allow username/password authentication for local connections:
PostgreSQL will then need to be restarted to apply these changes:
Pointing Guacamole at the new PostgreSQL instance
Once PostgreSQL has been deployed, you should move forward with configuring Guacamole to use your new PostgreSQL instance. This process is documented in its entirety, and the default /etc/guacamole/guacamole.properties
file also contains placeholders and comments to help guide administrators to the correct configuration properties. Overall, the process will involve:
Installing the package providing PostgreSQL support (
kcm-guacamole-auth-jdbc-postgresql
).Creating a new database within your PostgreSQL instance using the provided schema files.
Creating a database user that Guacamole can use to execute queries against your database.
Editing
/etc/guacamole/guacamole.properties
to point Guacamole at your database (and to specify the credentials of the database user it should use).
Last updated