The ThinLinc client does not use Hiveconf for its configuration. Instead, the Linux and macOS clients uses a plain text format with key/value pairs and the Windows client stores the values in the Windows registry.
The configuration parameters should seldom be edited by hand. For a system wide configuration, create a parameter set using the client and copy it to the system wide file.
Configuration Parameters Used by the ThinLinc Client
Both the Windows and the Linux version of the ThinLinc client use the same names for their configuration parameters, although the storage technique used is different (text files vs. registry keys). In this section we will list the parameters and explain their possible values.
Set to 1 if SSH host key updates should be allowed. This parameter cannot be changed from the GUI. The result of setting ALLOW_HOSTKEY_UPDATE to 0 is that the client cannot connect to the server if the host key is wrong. This enhances security if there is a risk for a man in the middle attack.
This parameter can be set to "password", "publickey", "scpublickey" or "kerberos" to select the authentication mode used by the client.
If this parameter is set to 1, the client will automatically login at start, using the server name, user name and password specified in the configuration storage.
Specifies the smart card certificate to use when authenticating.
Controls how the client presents a certificate to the user. The parameter consists of a comma separated list of naming tokens that represent bits of information from each card or certificate. Possible tokens:
The label specified on the smart card.
The label associated with the PIN protecting this certificate.
A field from the subject in the certificate. Can for example be the common name by specifying subject_cn or subject_commonName. Any registered object identifier descriptor can be used (see IANA for a full list).
A field from the issuer in the certificate, in the same manner as for subject_*.
The client will use as many of the tokens as necessary to give each certificate a unique name. That means that certificates on two different cards can be presented with a different number of tokens depending on how much the information between the certificates overlap. An index number will be added to the name if the names are still not unique when all tokens are used.
Set to 1 if a custom compression method is selected.
The selected compression level. An integer between 1 and 9.
The display mode. Can be set to values "SIMPLE" and "ADVANCED", or be left empty. In the latter case, the default behaviour is to use simple mode if a server name is given as a parameter and advanced mode otherwise.
Set to 1 if the client should run in fullscreen mode.
Set to 1 if the client should use all monitors in full screen mode, instead of just the current monitor.
This parameter specifies a list of hostname and port translations. This translation list is consulted whenever the client is about to initiate a network connection. This includes the SSH connection to the ThinLinc agent machine. The syntax for this parameter is:
If fromhost is omitted, the translation will apply to all hosts. The same principle is used for ports. If tohost or toport is omitted, the original host or port will be used. Multiple translations are separated with whitespace. The translation stops as soon as one match is found.
Set to 1 if JPEG compression is wanted.
The wanted compression level.
Set to 1 if existing sessions should be ended.
It makes little sense to change this value. The client never saves this setting.
Set to 1 if the client should convert the entered username to lowercase before logging into the server. This affects both the login user name and the name of the user to shadow (if applicable).
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, the response is taken as a new password. The new password will be used for the SSH connection to the agent machine. It will also be sent to the server to enable Single Sign-On.
A list of local drive paths and permissions. The syntax for this parameter is:
As seen above, each path should be followed by the desired permissions disabled(not exported), ro(read only) or rw(read and write). See Section 7.4.1, “ Options tab ” for their meaning. This list specifies local drives to be exported.
Set to 1 to enable a warning if running as root and exporting local drives.
Set to 1 if local drives should be exported.
Key code for key to activate option pop-up menu.
This parameter allows you to specify a password in the configuration file. It must be specified using a hexadecimal ASCII notation, which means that every character is specified by its hexadecimal value.
The password value is not encrypted. It should be treated as a clear text password. Avoid storing configuration files with a PASSWORD parameter on disk or transmit such files over networks without encryption.
Specifies the PKCS#11 module that will be used to communicate with the smart card. The path can be relative the base prefix of the ThinLinc client or an absolute path.
Set to 1 if local printers should be enabled.
Set to 1 if the local printer selection dialog should be displayed on every print on Windows and macOS clients. Otherwise printing jobs will be sent to the default local printer.
This parameter specifies the path to the private key to be used to authenticate the user.
This parameter can be set to "single-disconnected" or "ask" to control the client's reconnect policy. See Section 7.4.1, “ Options tab ” for their meaning.
Set to 1 if the client should resize the remote session when the local window changes.
If 1, the user configuration file (or the file specified by -C) will be removed after the client has started. Settings changed in the GUI will not be stored to disk. If the client fails to remove the file, it will try to truncate it instead.
The default size of the ThinLinc session. Possible values:
0 for 640x480
1 for 800x600
2 for 1024x768
3 for 1280x1024
4 for 1600x1200
5 for Current monitor
6 for Work area (maximized)
7 for Custom screen size, set using the SCREEN_X_SIZE and SCREEN_Y_SIZE parameters.
8 for All available monitors
Custom width of session, if SCREEN_SIZE_SELECTION is set to 7.
Custom height of session, if SCREEN_SIZE_SELECTION is set to 7.
Set to 1 if the client should send system keys (like Alt+Tab) to the remote system when in full screen mode.
The path to the first local serial port device to be exported.
Set to 1 if the first local serial port should be exported.
The path to the second local serial port device to be exported.
Set to 1 if the second local serial port should be exported.
Set to 1 if local serial ports should be exported.
The hostname or IP of the ThinLinc server. When using ThinLinc in a cluster setup this should be the hostname or IP of the Master server machine.
Set to 1 if shadowing should be enabled.
The username of the user who's session should be shadowed.
Set to 1 if the client should automatically attempt a connection when a smart card with a suitable certificate is found, this will only work if SMARTCARD_SUBJECT_AS_NAME also is set to 1.
Set to 1 if the client should disconnect automatically when the smart card used for authentication is removed.
Set to 1 if local smartcard readers should be exported.
This is a item list of certificate filters replace n with a sequence number that defined the order of the filter in the list.
The filter string consists of three fields where each field is sperated using a | (pipe), the defined three fields are: name, attributes and key usage which are documented below. Here follows an example of a filter string showing its format:
The name of the filter which will be displayed in the list of filters defined in the user interface.
This field holds a comma separated list of certificate attributes that is used when matching against available certificates, for example O=TeliaSonera.
Key usage is a bitmask value used to match against a certificate's key usage flags. It indicates the intended usage of the certificate, such as identification, signing etc.
Use this to match certificates that is intended to be used for logon. For example, identification certificates will be matched using a value of 5, digital signature + key encipherment = 5. The values are described in the following table:
1 digital signature 2 non-repudiation 4 key encipherment 8 data enciperment 16 key agreement 32 certificate signing 64 CRL signing 128 enchiper only 256 decipher only
Set to 1 if the client should transmit the smart card passphrase to the ThinLinc server to enable smart card single sign-on. See Section 7.4.5, “ Security tab ” for security implications.
Set to 1 if the certificate subject should be used as logon name, this will hide the name field from login window.
Set to 1 if sound redirection should be enabled.
Which local sound system to use. Only used on platforms that have multiple sound systems to choose from. Possible values:
Automatically choose the most appropriate sound system of those available.
Use the local PulseAudio server as determined by X11 properties or environment variables.
Use the default ALSA device.
Use the default OSS device.
Custom port number for ThinLinc connection.
Set to 1 to use the compression built into SSH.
Port selection for ThinLinc connection. Possible values:
0 for port 22 (standard ssh port).
1 for port 80.
2 for custom port set in the SSH_ARBITRARY parameter.
Specifies the command to use when starting the session, if START_PROGRAM_ENABLED is active.
Specifies if the client should request that the server starts the session with the command supplied by the client.
Set to 1 to enable periodic checks for new versions.
This parameter specifies the time interval, in seconds, between client update checks.
This parameter specifies the time that the last update check was performed.
If set to 1, updating to new client versions is mandatory.
The HTTP URL to client update configuration file.
Set to 1 to dymanically autoselect the compression algorithm during the session.
The color level used for the session.
The encoding to use for VNC. Possible values:
0 for Raw
5 for Hextile
7 for Tight
16 for ZRLE
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, a graphical yes/no dialog will be presented, instead of a dialog for text input. Additionally, if the prompt is known to the client, an alternate text will be used. The dialog buttons Yes and No will send "yes" and "no" to the server, respectively.
Configuration parameters are typically stored in text based configuration files. The format is simple: Each parameter is written on one line, followed by an equal sign (=) and the value of the parameter, as in the following example:
SOUND_ENABLED = 0 SERVER_NAME = demo.thinlinc.com
By using the -C option, additional configuration files can be specified. Any name is accepted, but the file extension .tlclient is recommended. The Windows, Linux, and macOS packages configures the system to automatically recognize such files as configuration files for the ThinLinc Client. Additionally, the Internet Media Type "application-vnd.cendio.thinlinc.clientconf" is linked to such configuration files.
The Linux client first reads the file /opt/thinlinc/etc/tlclient.conf, if it exists. It then reads the file .thinlinc/tlclient.conf in the user's home directory, and the values there override the values from /opt/thinlinc/etc/tlclient.conf. This way, a system administrator can set global defaults for client operations, while each user can still customize the client to wanted behavior.
The macOS client first reads the file /Library/Application Support/ThinLinc Client/tlclient.conf if it exists. It then reads the .thinlinc/tlclient.conf in the user's home directory, and the values there overrides the values from /Library/Application Support/ThinLinc Client/tlclient.conf. This way, a system administrator can set global defaults for client operations, while each user can still customize the client to wanted behavior.
On Windows, the ThinLinc client reads its configuration from the registry. All ThinLinc client data is stored under Software\Cendio\ThinLinc\tlclient in the HKLM and HKCU hives. The parameter names are the same as for the Linux client.
The behaviour of global and user-specific settings are identical to that of the Linux client, where settings in HKLM correspond to /opt/thinlinc/etc/tlclient.conf and those in HKCU correspond to .thinlinc/tlclient.conf.
It is possible to add a custom logo to the main ThinLinc client window, making it easily distinguishable from a generic client. The custom logo will be placed to the right of the input fields.
Adding the logo is easy. The new logo must be a PNG file with maximum width and height of 50 pixels. On Windows, just add the file branding.png in the same directory as the executable with the custom logo. On Linux, the file name is /opt/thinlinc/lib/tlclient/branding.png.