PostgreSQL
Advanced configuration of PostgreSQL / Redshift connection type
Last updated
Advanced configuration of PostgreSQL / Redshift connection type
Last updated
The PostgreSQL implementation in Keeper Connection Manager utilizes the PostgreSQL client library as well as an internal terminal library which renders the user interface. Guacamole's PostgreSQL support emulates a terminal on the server side, and draws the screen of this terminal remotely on the client.
This document is intended to cover all supported parameters, grouped in the same way they are grouped within the web interface. The field headings which would appear in the web interface are provided for each parameter, along with each parameter's internal name and a thorough description of the behavior and legal values for that parameter.
PostgreSQL connections are established over TCP to a specific port and a specific hostname or IP address. The hostname/address must be specified for all PostgreSQL connections, but you only need to specify a port if you are not using the standard port (5432).
Keeper Connection manager supports PostgreSQL authentication through username and password parameters. Both fields are required to establish a connection.
The default database can be specified when establishing the connection. You can also disable the ability to perform CSV import and export of data.
Guacamole's PostgreSQL support provides a display, but not in the same sense as a remote desktop protocol like VNC or RDP. The display is a terminal emulator, and thus provides options for configuring the font used and its size.
If selecting a different font for a PostgreSQL connection, the chosen font must be installed on the server running guacd. It is the server that will handle rendering of characters to the terminal display, not the client.
Custom color schemes may be provided for the terminal emulator used by PostgreSQL connections. Custom schemes mimic the format used by Xterm and consist of a semicolon-separated series of name-value pairs. Each name-value pair is separated by a colon and assigns a value to a color in the terminal emulator palette.
For example, to use blue text on white background by default, and change the red color to a purple shade, you would specify:
Legal color names are:
"foreground
" - the default foreground color.
"background
" - the default background color.
"colorN
" - the color at index N within the Xterm 256-color palette. For example, "color9" refers to the color at palette index 9, normally red.
Legal color values are:
"rgb:RR/GG/BB" - a color in RGB format, with each component in hexadecimal. For example, "rgb:ff/00/00
" specifies the color red. Each hexadecimal component may be one to four digits, but the effective values are always zero-extended or truncated to two digits; for example, "rgb:f/8/0
", "rgb:f0/80/00
", and "rgb:f0f/808/00f
" all refer to the same effective color.
"colorN
" - the color currently assigned to index N within the Xterm 256-color palette. For example, "color9
" specifies the color currently assigned to palette index 9. Note that the current color value is used rather than a reference to that color. If the referenced color is changed later in the color scheme configuration, that new color value will not be reflected in this assignment.
"NAME
" - the color with human-readable name "NAME
", where "NAME
" is one of the standard color names supported by X11. These names generally correspond to the names standardized by the W3C for CSS.
Guacamole provides bidirectional access to the clipboard by default for PostgreSQL connections. This behavior can be overridden on a per-connection basis, restricting access to the clipboard.
The full, raw text content of PostgreSQL sessions, including timing information, can be recorded automatically to a specified directory. This recording, also known as a "typescript", will be written to two files within the directory specified: one file contains the raw text data, and the other contains timing information. Where "NAME
" is the value provided for the typescript name, these files will be named "NAME
" and "NAME.timing
" respectively.
This format is compatible with the format used by the standard UNIX script
command, and can be replayed using scriptreplay
(if installed). For example, to replay a typescript called "NAME
", you would run:
PostgreSQL sessions can be recorded graphically. These recordings take the form of Guacamole protocol dumps and are recorded automatically to a specified directory. Recordings can be subsequently played back using the Glyptodon Enterprise Session Recording Player application hosted at player.glyptodon.com (or using a local deployment of this application).
The player is a static web application, using only JavaScript to play back provided recordings. This functionality is implemented strictly locally; the recordings are not uploaded to a remote service for processing. If you would prefer to use your own deployment of this application, or would like to investigate the source, the full source of the Glyptodon Enterprise Session Recording Player can be found on GitHub, along with instructions for local deployment: https://github.com/glyptodon/glyptodon-enterprise-player
The latest version of Keeper Connection Manager supports on-screen playback of recorded sessions. See the Session Recording documentation page.
Field header | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Field header (web interface) | Parameter name | Description |
---|---|---|
Allow user-provided KSM configuration:
ksm-user-config-enabled
If set to "true", each Keeper Connection Manager user profile can be assigned to a Keeper Secrets Manager configuration for any connection. See the Multiple Vaults Integration screen for more information.
Hostname
hostname
REQUIRED: The hostname or IP address of the PostgreSQL server Guacamole should connect to.
Port
port
The port the PostgreSQL server is listening on. By default, the standard port of 5432 will be used.
Username
username
REQUIRED: The username to authenticate as when connecting to the specified PostgreSQL server.
Password
password
REQUIRED: The password to use when authenticating with the specified PostgreSQL server.
Default Database
database
The database schema selected when connecting to the specified PostgreSQL server.
Disable CSV Export
disable-csv-export
Set this value to "true" to disable CSV export of data when using the SQL export statement "COPY..."
Disable CSV Import
disable-csv-import
Set this value to "true" to disable CSV import of data when using the SQL import statement "COPY..."
Theme
color-scheme
The color scheme to use for the terminal emulator used by SSH connections. Each color scheme dictates the default foreground and background color for the terminal. Programs which specify colors when printing text will override these defaults. Legal values are:
"black-white
" - Black text over a white background
"gray-black
" - Gray text over a black background (the default)
"green-black
" - Green text over a black background
"white-black
" - White text over a black background
A custom color scheme (as described below)
By default, Guacamole will render text as gray over a black background.
Font name
font-name
The name of the font to use. If not specified, the default of "monospace" will be used instead. This must be the name of a font installed on the server running guacd, and should be a monospaced font. If a non-monospaced font is used, individual glyphs may render incorrectly.
Font size
font-size
The size of the font to use, in points. By default, the size of rendered text will be 12 point.
Maximum scrollback size:
scrollback
The maximum number of rows to allow within the terminal scrollback buffer. By default, the scrollback buffer will be limited to a maximum of 1000 rows.
Read-only:
read-only
Whether this connection should be read-only. If set to "true", no input will be accepted on the connection at all. Users will be able to see the terminal (or the application running within the terminal) but will be unable to interact.
Disable copying from terminal:
disable-copy
If set to "true", text copied within the PostgreSQL session will not be accessible by the user at the browser side of the Guacamole session, and will be usable only within the remote desktop. By default, the user will be given access to the copied text.
Disable pasting from client:
disable-paste
If set to "true", text copied at the browser side of the Guacamole session will not be accessible within the PostgreSQL session. By default, the user will be able to paste data from outside the browser within the PostgreSQL session.
Typescript path
typescript-path
The directory in which typescript files should be created. If a typescript needs to be recorded, then this parameter is required. Specifying this parameter enables typescript recording. If this parameter is omitted, no typescript will be recorded.
Typescript name
typescript-name
The base filename to use for any created recordings. If omitted, the base filename "typescript" will be used.
Guacamole will never overwrite an existing typescript. If necessary, a numeric suffix like ".1", ".2", ".3", etc. will be appended to the base filename to avoid overwriting an existing recording. If even appending a numeric suffix does not help, the typescript will not be recorded, and an error will be logged.
This parameter only has an effect if typescript recording is enabled, which is controlled by specifying a typescript path. If the typescript path is not specified, recording of typescripts will not be enabled, and this parameter will be ignored.
Automatically create typescript path
create-typescript-path
If set to "true", the final directory within the specified typescript path will automatically be created if it does not yet exist. By default, no part of the typescript path will be automatically created, and any attempt to use a non-existent directory will result in the typescript not being recorded and an error being logged.
Only the final directory in the path will be automatically created. If other directories earlier in the path do not exist, the typescript will not be recorded, and an error will be logged.
This parameter only has an effect if typescript recording is enabled, which is controlled by specifying a typescript path. If the typescript path is not specified, recording of typescripts will not be enabled, and this parameter will be ignored.
Recording path
recording-path
The directory in which screen recording files should be created. If a graphical recording needs to be created, then this parameter is required. Specifying this parameter enables graphical screen recording. If this parameter is omitted, no graphical recording will be created.
Recording name
recording-name
The filename to use for any created recordings. If omitted, the filename of each recording will simply be "recording".
Guacamole will never overwrite an existing recording. If necessary, a numeric suffix like ".1", ".2", ".3", etc. will be appended to the filename to avoid overwriting an existing recording. If even appending a numeric suffix does not help, the session will not be recorded, and an error will be logged.
This parameter only has an effect if graphical recording is enabled, which is controlled by specifying a recording path. If the recording path is not specified, graphical session recording will not be enabled, and this parameter will be ignored.
Exclude graphics/streams
recording-exclude-output
If set to "true", graphical output and other data normally streamed from server to client will be excluded from the recording, producing a recording which contains only user input events. By default, graphical output will be included in the recording.
This parameter only has an effect if graphical recording is enabled, which is controlled by specifying a recording path. If the recording path is not specified, graphical session recording will not be enabled, and this parameter will be ignored.
Exclude mouse
recording-exclude-mouse
If set to "true", user mouse events will be excluded from the recording, producing a recording which lacks a visible mouse cursor. By default, mouse events will be included in the recording.
This parameter only has an effect if graphical recording is enabled, which is controlled by specifying a recording path. If the recording path is not specified, graphical session recording will not be enabled, and this parameter will be ignored.
Include key events
recording-include-keys
If set to "true", user key events will be included in the recording. The recording can subsequently be passed through the guaclog
utility to produce a human-readable interpretation of the keys pressed during the session. By default, for privacy's sake, key events will be NOT included in the recording.
This parameter only has an effect if graphical recording is enabled, which is controlled by specifying a recording path. If the recording path is not specified, graphical session recording will not be enabled, and this parameter will be ignored.
Automatically create recording path
create-recording-path
If set to "true", the final directory within the specified recording path will automatically be created if it does not yet exist. By default, no part of the recording path will be automatically created, and any attempt to use a non-existent directory will result in the session not being recorded and an error being logged.
Only the final directory in the path will be automatically created. If other directories earlier in the path do not exist, the session will not be recorded, and an error will be logged.
This parameter only has an effect if graphical recording is enabled, which is controlled by specifying a recording path. If the recording path is not specified, graphical session recording will not be enabled, and this parameter will be ignored.