Advanced configuration properties for SQL Server
The properties listed here are only applicable if SQL Server authentication is being used. Support for SQL Server authentication is installed using the kcm-guacamole-auth-jdbc-sqlserver
package. If using the keeper/guacamole Docker image, support for SQL Server authentication is instead configured using environment variables.
Minimum password length and complexity
Minimum/maximum password age
Password reuse prevention
Database concurrent connection limits
General connection concurrency limits
Per-user concurrency limits
Absolute concurrency limits
The TCP connection details for the SQL Server database.
Property name | Default value | Description |
---|---|---|
The name of the database to use, as well as the credentials to use when connecting to the database. These properties are required if one of the database authentication extensions will be used.
Restrictions that should be applied to all database users with respect to password complexity, length, change frequency, and reuse.
These properties do not affect users defined outside the database.
Concurrent usage restrictions that should be enforced by default across all connections. With the exception the absolute concurrency limit, each of these restrictions may be overridden by the administrator on a per-connection basis by editing the connection.
Whether authentication via other extensions is allowed for users that do not exist within the SQL Server database. If set to "true", authentication attempts will be denied unless the authenticated user has been defined within the database.
Property name | Description |
---|---|
Property name | Default value | Description |
---|---|---|
Property name | Description |
---|---|
Property name | Description |
---|---|
Property name | Default value | Description |
---|---|---|
Property name | Default value | Description |
---|---|---|
Property name | Default value | Description |
---|---|---|
Property name | Default value | Description |
---|---|---|
sqlserver-hostname
localhost
The hostname of the database server.
sqlserver-port
1433
The port of the SQL Server service running on the database server.
sqlserver-database
The name of the database that Guacamole should issue queries against.
sqlserver-username
The username of the user that Guacamole should use to connect to the database.
sqlserver-password
The password Guacamole should provide when authenticating with the database.
sqlserver-user-password-min-length
0
The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed.
sqlserver-user-password-require-multiple-case
false
If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case.
sqlserver-user-password-require-symbol
false
If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols.
sqlserver-user-password-require-digit
false
If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits.
sqlserver-user-password-prohibit-username
false
If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented.
sqlserver-user-password-min-age
The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted.
sqlserver-user-password-max-age
The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire.
sqlserver-user-password-history-size
The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented.
sqlserver-default-max-connections
0
The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections.
sqlserver-default-max-group-connections
0
The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups.
sqlserver-default-max-connections-per-user
0
The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections.
sqlserver-default-max-group-connections-per-user
1
The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group..
sqlserver-absolute-max-connections
0
The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced.
sqlserver-user-required
false
If set to "true", require that all successful authentication attempts be associated with a user defined within SQL Server. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding SQL Server user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within SQL Server.