add warning if tls is disabled but basic auth is used.

2026-02-10 18:07:44 +00:00 · 2025-02-28 10:12:08 +08:00 · 2025-02-28 10:12:08 +08:00 · 3492f1d36e
commit 3492f1d36e
parent a0732f42d0
1 changed files with 4 additions and 0 deletions
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@ -221,6 +221,10 @@ func Load(configFile string) Configuration {
 		log.Fatalf("host selection is set to `signed` but `querytokensigningkey` is not set")
 	}

+	if Conf.Server.BasicAuthEnabled() && Conf.Server.Tls == "disable" {
+		log.Printf("Warning: Basic Auth transfers in plain text but TLS is disabled - rdp gw connections require tls, make sure to have a terminator")
+	}
+
 	if Conf.Server.NtlmEnabled() && Conf.Server.KerberosEnabled() {
 		log.Fatalf("ntlm and kerberos authentication are not stackable")
 	}