MySQL / MariaDB Configuration Properties
Advanced configuration properties for MySQL
The properties listed here are only applicable if MySQL authentication is being used. Support for MySQL authentication is installed using thekcm-guacamole-auth-jdbc-mysql
package. If using the keeper/guacamole Docker image, support for MySQL authentication is instead configured using environment variables.
Minimum password length and complexity
Minimum/maximum password age
Password reuse prevention
Database concurrent connection limits
General connection concurrency limits
Per-user concurrency limits
Absolute concurrency limits
TCP connection information
The TCP connection details for the MySQL / MariaDB database.
Property name | Default value | Description |
---|---|---|
| localhost | The hostname of the database server. |
| 3306 | The port of the MySQL or MariaDB service running on the database server. |
Database name and credentials
The name of the database to use, as well as the credentials to use when connecting to the database. These properties are required if one of the database authentication extensions will be used.
Property name | Description |
---|---|
| The name of the database that Guacamole should issue queries against. |
| The username of the user that Guacamole should use to connect to the database. |
| The password Guacamole should provide when authenticating with the database. |
Database password policies
Restrictions that should be applied to all database users with respect to password complexity, length, change frequency, and reuse.
These properties do not affect users defined outside the database.
Minimum password length and complexity
Property name | Default value | Description |
---|---|---|
| 0 | The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed. |
| false | If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case. |
| false | If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols. |
| false | If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits. |
| false | If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented. |
Minimum/maximum password age
Property name | Description |
---|---|
| The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted. |
| The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire. |
Password reuse prevention
Property name | Description |
---|---|
| The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented. |
Database concurrent connection limits
Concurrent usage restrictions that should be enforced by default across all connections. With the exception the absolute concurrency limit, each of these restrictions may be overridden by the administrator on a per-connection basis by editing the connection.
General connection concurrency limits
Property name | Default value | Description |
---|---|---|
| 0 | The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections. |
| 0 | The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups. |
Per-user concurrency limits
Property name | Default value | Description |
---|---|---|
| 0 | The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections. |
| 1 | The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group.. |
Absolute concurrency limits
Property name | Default value | Description |
---|---|---|
| 0 | The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced. |
Database user account requirements
Whether authentication via other extensions is allowed for users that do not exist within the MySQL / MariaDB database. If set to "true", authentication attempts will be denied unless the authenticated user has been defined within the database.
Property name | Default value | Description |
---|---|---|
| false | If set to "true", require that all successful authentication attempts be associated with a user defined within MySQL. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding MySQL user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within MySQL. |
Last updated