Client configuration parameters¶
The Windows, Linux, and macOS version of the ThinLinc client all use the same names for their configuration parameters, although the storage technique used is different. In this section we will list the parameters and explain their possible values. See Configuration storage for information about where client configuration is stored on different systems.
- ALLOW_HOSTKEY_UPDATE¶
Set to
1
if SSH host key updates should be allowed. This parameter cannot be changed from the GUI. The result of settingALLOW_HOSTKEY_UPDATE
to0
is that the client cannot connect to the server if the host key is wrong. This enhances security if there is a risk for a man in the middle attack.
- AUTHENTICATION_METHOD¶
This parameter can be set to
password
,publickey
,scpublickey
orkerberos
to select the authentication mode used by the client.
- AUTOLOGIN¶
If this parameter is set to
1
, the client will automatically log in at startup, using the server name, username and password specified in the configuration.
- CERTIFICATE¶
Specifies the smart card certificate to use when authenticating.
- CERTIFICATE_NAMING¶
Controls how the client presents a certificate to the user. The parameter consists of a comma separated list of naming tokens that represent bits of information from each card or certificate. Possible tokens:
card_label
The label specified on the smart card.
pin_label
The label associated with the PIN protecting this certificate.
subject_*
A field from the subject in the certificate. Can for example be the common name by specifying
subject_cn
orsubject_commonName
. Any registered object identifier descriptor can be used (see IANA for a full list).issuer_*
A field from the issuer in the certificate, in the same manner as for
subject_*
.
The client will use as many of the tokens as necessary to give each certificate a unique name. That means that certificates on two different cards can be presented with a different number of tokens depending on how much the information between the certificates overlap. An index number will be added to the name if the names are still not unique when all tokens are used.
- CUSTOM_COMPRESSION¶
Set to
1
if a custom compression method is selected.
- CUSTOM_COMPRESSION_LEVEL¶
The selected compression level. An integer between 1 and 9.
- DISPLAY_MODE¶
The display mode. It can be set to values
SIMPLE
andADVANCED
, or be left empty. In the latter case, the default behavior is to use simple mode if a server name is given as a parameter and advanced mode otherwise.
- EMULATE_MIDDLE_BUTTON¶
Set to
1
if the client should emulate middle mouse button when pressing left and right mouse buttons simultaneously.
- FULL_SCREEN_MODE¶
Set to
1
if the client should run in full-screen mode.
- FULL_SCREEN_MONITOR_MODE¶
This parameter selects which monitors the client should be used when in full-screen mode and can be set to one of the following:
current
Use the monitor the client window is currently displayed on.
all
Use all available monitors.
selected
Use the monitors specified in
FULL_SCREEN_SELECTED_MONITORS
.
- FULL_SCREEN_SELECTED_MONITORS¶
This parameter specifies a comma separated list of monitor numbers that should be used in full-screen mode when
FULL_SCREEN_MONITOR_MODE
is set toselected
. Monitors are numbered from left to right, based on their top-left corner, starting from one. If two monitors are perfectly aligned vertically then the top-most monitor is considered first.
- HOST_ALIASES¶
This parameter specifies a list of hostname and port translations. This translation list is consulted whenever the client is about to initiate a network connection. This includes the SSH connection to the ThinLinc agent machine. The syntax for this parameter is:
[fromhost][:fromport]=[tohost][:toport] ...
If
fromhost
is omitted, the translation will apply to all hosts. The same principle is used for ports. Iftohost
ortoport
is omitted, the original host or port will be used. Multiple translations are separated with whitespace. The translation stops as soon as one match is found.
- JPEG_COMPRESSION¶
Set to
1
if JPEG compression is wanted.
- JPEG_COMPRESSION_LEVEL¶
The wanted compression level.
- KILL_EXISTING_SESSIONS¶
Set to
1
if existing sessions should be ended.Note
It makes little sense to change this value. The client never saves this setting.
- LOGIN_NAME¶
The username.
- LOWERCASE_LOGIN_NAME¶
Set to
1
if the client should convert the entered username to lowercase before logging into the server. This affects both the login username and the name of the user to shadow (if applicable).
- NEW_PASSWORD_REGEXP¶
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, the response is taken as a new password. The new password will be used for the SSH connection to the agent machine. It will also be sent to the server to enable Single Sign-On.
- NFS_EXPORTS¶
A list of local drive paths and permissions. The syntax for this parameter is:
[path1],[permissions1],[path2],[permissions2] ...
As seen above, each path should be followed by the desired permissions
disabled
(not exported),ro
(read only) orrw
(read and write). See Advanced tab for their meaning. This list specifies local drives to be exported.
- NFS_ROOT_WARNING¶
Set to
1
to enable a warning if running as root and exporting local drives.
- NFS_SERVER_ENABLED¶
Set to
1
if local drives should be exported.
- OPTIONS_POPUP_KEY¶
Key code for key to activate option pop-up menu.
- PASSWORD¶
This parameter allows you to specify a password in the configuration file. It must be specified using a hexadecimal ASCII notation, which means that every character is specified by its hexadecimal value.
Warning
The password value is not encrypted. It should be treated as a clear text password. Avoid storing configuration files with a
PASSWORD
parameter on disk or transmit such files over networks without encryption.
- PKCS11_MODULE¶
Specifies the PKCS#11 module that will be used to communicate with the smart card. The path can be relative to the base prefix of the ThinLinc client or an absolute path.
- PRINTER_ENABLED¶
Set to
1
if local printers should be enabled.
- PRINTER_SELECTION¶
Set to
1
if the local printer selection dialog should be displayed on every print on Windows and macOS clients. Otherwise printing jobs will be sent to the default local printer.
- PRIVATE_KEY¶
This parameter specifies the path to the private key to be used to authenticate the user.
- RECONNECT_POLICY¶
This parameter can be set to
single-disconnected
orask
to control the client’s reconnect policy. See Advanced tab for their meaning.
- REMOVE_CONFIGURATION¶
If
1
, the user configuration file (or the file specified by-C
) will be removed after the client has started. Settings changed in the GUI will not be stored to disk. If the client fails to remove the file, it will try to truncate it instead.
- SEND_SYSKEYS¶
Set to
1
if the client should send system keys (like Alt+Tab) to the remote system when in full-screen mode.
- SERIAL1_DAEMON_DEVICE¶
The path to the first local serial port device to be exported.
- SERIAL1_PORT_ENABLED¶
Set to
1
if the first local serial port should be exported.
- SERIAL2_DAEMON_DEVICE¶
The path to the second local serial port device to be exported.
- SERIAL2_PORT_ENABLED¶
Set to
1
if the second local serial port should be exported.
- SERIAL_PORTS_ENABLED¶
Set to
1
if local serial ports should be exported.
- SERVER_NAME¶
The hostname or IP of the ThinLinc server. When using ThinLinc in a cluster setup this should be the hostname or IP of the master server machine.
- SHADOWING_ENABLED¶
Set to
1
if shadowing should be enabled.
- SHADOW_NAME¶
The username of the user whose session should be shadowed.
- SMARTCARD_AUTOCONNECT¶
Set to
1
if the client should automatically attempt a connection when a smart card with a suitable certificate is found, this will only work ifSMARTCARD_SUBJECT_AS_NAME
also is set to1
.
- SMARTCARD_DISCONNECT¶
Set to
1
if the client should disconnect automatically when the smart card used for authentication is removed.
- SMARTCARD_EXPORT_ENABLED¶
Set to
1
if local smart card readers should be exported.
- SMARTCARD_FILTER_n¶
This is a list of certificate filters. Replace
n
with a sequence number that defines the order of the filter in the list.The filter string consists of three fields where each field is separated using a
|
(pipe), the defined three fields are: name, attributes and key usage which are documented below. Here follows an example of a filter string showing its format:SMARTCARD_FILTER_1=Telia|o=TeliaSonera|5
name
The name of the filter which will be displayed in the list of filters defined in the user interface.
attributes
This field holds a comma separated list of certificate attributes that is used when matching against available certificates, for example
O=TeliaSonera
.key usage
This field is a bit mask value used to match against a certificate’s key usage flags. It indicates the intended usage of the certificate, such as identification, signing etc.
Use this to match certificates that are intended to be used for logon. For example, identification certificates will be matched using a value of 5:
digital signature + key encipherment = 5
The values are described in the following table:
1
digital signature
2
non-repudiation
4
key encipherment
8
data enciperment
16
key agreement
32
certificate signing
64
CRL signing
128
enchiper only
256
decipher only
- SMARTCARD_PASSPHRASE_SSO¶
Set to
1
if the client should transmit the smart card passphrase to the ThinLinc server to enable smart card single sign-on. See Security tab for security implications.
- SMARTCARD_SUBJECT_AS_NAME¶
Set to
1
if the certificate subject should be used as logon name, this will hide the name field from login window.
- SOUND_ENABLED¶
Set to
1
if sound redirection should be enabled.
- SOUND_SYSTEM¶
Which local sound system to use. Only used on platforms that have multiple sound systems to choose from. Possible values:
AUTO
Automatically choose the most appropriate sound system of those available.
PULSE
Use the local PulseAudio server as determined by X11 properties or environment variables.
ALSA
Use the default ALSA device.
OSS
Use the default OSS device.
- SSH_ARBITRARY¶
Custom port number for ThinLinc connection.
- SSH_COMPRESSION¶
Set to
1
to use the compression built into SSH.
- SSH_PORT_SELECTION¶
Port selection for ThinLinc connection. Possible values:
0
for port 22 (standard ssh port).1
for port 80.2
for custom port set in theSSH_ARBITRARY
parameter.
- START_PROGRAM_COMMAND¶
Specifies the command to use when starting the session, if
START_PROGRAM_ENABLED
is active.
- START_PROGRAM_ENABLED¶
Specifies if the client should request that the server starts the session with the command supplied by the client.
- UPDATE_ENABLED¶
Set to
1
to enable periodic checks for new versions.
- UPDATE_INTERVAL¶
This parameter specifies the time interval, in seconds, between client update checks.
- UPDATE_LASTCHECK¶
This parameter specifies the time that the last update check was performed.
- UPDATE_MANDATORY¶
If set to
1
, updating to new client versions is mandatory.
- UPDATE_URL¶
The HTTP URL to client update configuration file.
- VNC_AUTOSELECT¶
Set to
1
to dymanically autoselect the compression algorithm during the session.
- VNC_COLOR_LEVEL¶
The color level used for the session.
- VNC_ENCODING_SELECTION¶
The encoding to use for VNC. Possible values:
0
for Raw5
for Hextile7
for Tight16
for ZRLE
- YESNO_PROMPT_REGEXP¶
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, a graphical yes/no dialog will be presented, instead of a dialog for text input. Additionally, if the prompt is known to the client, an alternate text will be used. The dialog buttons Yes and No will send
yes
andno
to the server, respectively.