MySQL / MariaDB Configuration Properties

Advanced configuration properties for MySQL

The properties listed here are only applicable if MySQL authentication is being used. Support for MySQL authentication is installed using thekcm-guacamole-auth-jdbc-mysql package. If using the keeper/guacamole Docker image, support for MySQL authentication is instead configured using environment variables.

TCP connection information

The TCP connection details for the MySQL / MariaDB database.

Property nameDefault valueDescription

mysql-hostname

localhost

The hostname of the database server.

mysql-port

3306

The port of the MySQL or MariaDB service running on the database server.

Database name and credentials

The name of the database to use, as well as the credentials to use when connecting to the database. These properties are required if one of the database authentication extensions will be used.

Property nameDescription

mysql-database

The name of the database that Guacamole should issue queries against.

mysql-username

The username of the user that Guacamole should use to connect to the database.

mysql-password

The password Guacamole should provide when authenticating with the database.

Database password policies

Restrictions that should be applied to all database users with respect to password complexity, length, change frequency, and reuse.

These properties do not affect users defined outside the database.

Minimum password length and complexity

Property nameDefault valueDescription

mysql-user-password-min-length

0

The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed.

mysql-user-password-require-multiple-case

false

If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case.

mysql-user-password-require-symbol

false

If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols.

mysql-user-password-require-digit

false

If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits.

mysql-user-password-prohibit-username

false

If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented.

Minimum/maximum password age

Property nameDescription

mysql-user-password-min-age

The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted.

mysql-user-password-max-age

The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire.

Password reuse prevention

Property nameDescription

mysql-user-password-history-size

The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented.

Database concurrent connection limits

Concurrent usage restrictions that should be enforced by default across all connections. With the exception the absolute concurrency limit, each of these restrictions may be overridden by the administrator on a per-connection basis by editing the connection.

General connection concurrency limits

Property nameDefault valueDescription

mysql-default-max-connections

0

The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections.

mysql-default-max-group-connections

0

The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups.

Per-user concurrency limits

Property nameDefault valueDescription

mysql-default-max-connections-per-user

0

The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections.

mysql-default-max-group-connections-per-user

1

The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group..

Absolute concurrency limits

Property nameDefault valueDescription

mysql-absolute-max-connections

0

The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced.

Database user account requirements

Whether authentication via other extensions is allowed for users that do not exist within the MySQL / MariaDB database. If set to "true", authentication attempts will be denied unless the authenticated user has been defined within the database.

Property nameDefault valueDescription

mysql-user-required

false

If set to "true", require that all successful authentication attempts be associated with a user defined within MySQL. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding MySQL user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within MySQL.

Last updated