SQL Server Configuration Properties

Advanced configuration properties for SQL Server

The properties listed here are only applicable if SQL Server authentication is being used. Support for SQL Server authentication is installed using the kcm-guacamole-auth-jdbc-sqlserver package. If using the keeper/guacamole Docker image, support for SQL Server authentication is instead configured using environment variables.

TCP connection information
Database name and credentials
Database password policies
- Minimum password length and complexity
- Minimum/maximum password age
- Password reuse prevention
Database concurrent connection limits
- General connection concurrency limits
- Per-user concurrency limits
- Absolute concurrency limits
Database user account requirements

TCP connection information

The TCP connection details for the SQL Server database.

Property name Default value Description

Property name	Default value	Description
`sqlserver-hostname`	localhost	The hostname of the database server.
`sqlserver-port`	1433	The port of the SQL Server service running on the database server.

sqlserver-hostname

localhost

The hostname of the database server.

sqlserver-port

1433

The port of the SQL Server service running on the database server.

Database name and credentials

The name of the database to use, as well as the credentials to use when connecting to the database. These properties are required if one of the database authentication extensions will be used.

Property name Description

Property name	Description
`sqlserver-database`	The name of the database that Guacamole should issue queries against.
`sqlserver-username`	The username of the user that Guacamole should use to connect to the database.
`sqlserver-password`	The password Guacamole should provide when authenticating with the database.

sqlserver-database

The name of the database that Guacamole should issue queries against.

sqlserver-username

The username of the user that Guacamole should use to connect to the database.

sqlserver-password

The password Guacamole should provide when authenticating with the database.

Database password policies

Restrictions that should be applied to all database users with respect to password complexity, length, change frequency, and reuse.

These properties do not affect users defined outside the database.

Minimum password length and complexity

Property name Default value Description

Property name	Default value	Description
`sqlserver-user-password-min-length`	0	The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed.
`sqlserver-user-password-require-multiple-case`	false	If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case.
`sqlserver-user-password-require-symbol`	false	If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols.
`sqlserver-user-password-require-digit`	false	If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits.
`sqlserver-user-password-prohibit-username`	false	If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented.

sqlserver-user-password-min-length

The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed.

sqlserver-user-password-require-multiple-case

false

If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case.

sqlserver-user-password-require-symbol

false

If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols.

sqlserver-user-password-require-digit

false

If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits.

sqlserver-user-password-prohibit-username

false

If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented.

Minimum/maximum password age

Property name Description

Property name	Description
`sqlserver-user-password-min-age`	The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted.
`sqlserver-user-password-max-age`	The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire.

sqlserver-user-password-min-age

The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted.

sqlserver-user-password-max-age

The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire.

Password reuse prevention

Property name Description

Property name	Description
`sqlserver-user-password-history-size`	The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented.

sqlserver-user-password-history-size

The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented.

Database concurrent connection limits

Concurrent usage restrictions that should be enforced by default across all connections. With the exception the absolute concurrency limit, each of these restrictions may be overridden by the administrator on a per-connection basis by editing the connection.

General connection concurrency limits

Property name Default value Description

Property name	Default value	Description
`sqlserver-default-max-connections`	0	The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections.
`sqlserver-default-max-group-connections`	0	The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups.

sqlserver-default-max-connections

The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections.

sqlserver-default-max-group-connections

The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups.

Per-user concurrency limits

Property name Default value Description

Property name	Default value	Description
`sqlserver-default-max-connections-per-user`	0	The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections.
`sqlserver-default-max-group-connections-per-user`	1	The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group..

sqlserver-default-max-connections-per-user

The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections.

sqlserver-default-max-group-connections-per-user

The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group..

Absolute concurrency limits

Property name Default value Description

Property name	Default value	Description
`sqlserver-absolute-max-connections`	0	The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced.

sqlserver-absolute-max-connections

The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced.

Database user account requirements

Whether authentication via other extensions is allowed for users that do not exist within the SQL Server database. If set to "true", authentication attempts will be denied unless the authenticated user has been defined within the database.

Property name Default value Description

Property name	Default value	Description
`sqlserver-user-required`	false	If set to "true", require that all successful authentication attempts be associated with a user defined within SQL Server. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding SQL Server user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within SQL Server.

sqlserver-user-required

false

If set to "true", require that all successful authentication attempts be associated with a user defined within SQL Server. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding SQL Server user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within SQL Server.

PreviousPostgreSQL Configuration Properties NextLogin Attempts Properties

Last updated 2 years ago