SQL Server Configuration Properties
Advanced configuration properties for SQL Server
The properties listed here are only applicable if SQL Server authentication is being used. Support for SQL Server authentication is installed using the kcm-guacamole-auth-jdbc-sqlserver package. If using the keeper/guacamole Docker image, support for SQL Server authentication is instead configured using environment variables.

TCP connection information

The TCP connection details for the SQL Server database.
Property name
Default value
Description
sqlserver-hostname
localhost
The hostname of the database server.
sqlserver-port
1433
The port of the SQL Server service running on the database server.

Database name and credentials

The name of the database to use, as well as the credentials to use when connecting to the database. These properties are required if one of the database authentication extensions will be used.
Property name
Description
sqlserver-database
The name of the database that Guacamole should issue queries against.
sqlserver-username
The username of the user that Guacamole should use to connect to the database.
sqlserver-password
The password Guacamole should provide when authenticating with the database.

Database password policies

Restrictions that should be applied to all database users with respect to password complexity, length, change frequency, and reuse.
These properties do not affect users defined outside the database.

Minimum password length and complexity

Property name
Default value
Description
sqlserver-user-password-min-length
0
The minimum length of each password, in characters. If specified, users will not be able to change their passwords to values that are not at least this length. By default, no minimum length is enforced. Empty passwords are never allowed.
sqlserver-user-password-require-multiple-case
false
If set to "true", require that all passwords contain at least one uppercase character and one lowercase character. By default, passwords are not required to contain mixed case.
sqlserver-user-password-require-symbol
false
If set to "true", require that all passwords contain at least one symbol, where a "symbol" is any non-alphanumeric character. By default, passwords are not required to contain symbols.
sqlserver-user-password-require-digit
false
If set to "true", require that all passwords contain at least one digit, where a "digit" is any numeric character. By default, passwords are not required to contain digits.
sqlserver-user-password-prohibit-username
false
If set to "true", prohibit passwords from containing the user's own username, regardless of case. By default, use of the user's own username within their password is not prevented.

Minimum/maximum password age

Property name
Description
sqlserver-user-password-min-age
The minimum number of days that must elapse between password changes (preventing users from changing passwords too frequency and defeating password reuse protections). By default, frequency of password changes is not restricted.
sqlserver-user-password-max-age
The maximum number of days that may elapse before users are required to change their passwords. By default, users passwords do not automatically expire.

Password reuse prevention

Property name
Description
sqlserver-user-password-history-size
The number of past passwords that should be remembered for each user. If specified, users will be prevented from reusing any of these passwords. By default, reuse of past passwords is not prevented.

Database concurrent connection limits

Concurrent usage restrictions that should be enforced by default across all connections. With the exception the absolute concurrency limit, each of these restrictions may be overridden by the administrator on a per-connection basis by editing the connection.

General connection concurrency limits

Property name
Default value
Description
sqlserver-default-max-connections
0
The maximum number of concurrent connections to allow to any particular connection, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connections.
sqlserver-default-max-group-connections
0
The maximum number of concurrent connections to allow to any particular balancing connection group, where "0" represents unlimited. By default, no overall concurrency limits are enforced on connection groups.

Per-user concurrency limits

Property name
Default value
Description
sqlserver-default-max-connections-per-user
0
The maximum number of concurrent connections to allow to any individual user to establish to a connection, where "0" represents unlimited. By default, no per-user concurrency limits are enforced on connections.
sqlserver-default-max-group-connections-per-user
1
The maximum number of concurrent connections to allow to any individual user to establish to a balancing connection group, where "0" represents unlimited. By default, no each user is limited to a single connection for each balancing connection group, to avoid allowing any one user to exhaust the available connections within that group..

Absolute concurrency limits

Property name
Default value
Description
sqlserver-absolute-max-connections
0
The absolute maximum number of concurrent connections to allow to the Guacamole server as a whole, regardless of which users are establishing those connections and which connections or groups are being accessed, where "0" represents unlimited. By default, no absolute concurrent restrictions are enforced.

Database user account requirements

Whether authentication via other extensions is allowed for users that do not exist within the SQL Server database. If set to "true", authentication attempts will be denied unless the authenticated user has been defined within the database.
Property name
Default value
Description
sqlserver-user-required
false
If set to "true", require that all successful authentication attempts be associated with a user defined within SQL Server. If a user authentications successfully via another mechanism (such as LDAP), that attempt will still be denied if no corresponding SQL Server user exists. By default, successful authentication attempts will be considered successful regardless of whether an account for that user exists within SQL Server.
Export as PDF
Copy link
On this page
TCP connection information
Database name and credentials
Database password policies
Database concurrent connection limits
Database user account requirements