@jhx For writing some kind of "howto", I'll have to find a sane scope ... otherwise there would be just too much to describe I guess 😮

I could of course assume you already have

- network segmentation with a #DMZ
- a working "domain" setup with a directory and #DNS (e.g. #samba, but could be #OpenLDAP with #bind9 as well)
- (virtual) machines providing #RDP (with #xrdp in case of #Linux or #FreeBSD)
- a working mechanism to distribute X.509 #TLS #certificates (I request them from #letsencrypt using #uacme and distribute them with simple shell scripts using special-purpose restricted #SSH keys)

With all that in place, it would "just" be describing the setup of #guacamole in a #FreeBSD #jail, enabling #TLS on all connection paths...

@zirias @jhx I’ve been excitedly following your NFS project because I’m wanting to understand how to integrate with #FreeIPA or #Kanidm as one may with active directory or samba.

Personally I've not loved guac for VNC/RDP when I've got perfectly serviceble client software, but I certainly wouldn't mind proper video-terminal authn too!