The ThinLinc client does not currently use Hiveconf for its configuration, although this may change in future ThinLinc releases. Instead, the Linux client uses a similar plain text format with key/value pairs and the Windows client stores the values in the Windows registry.
The configuration parameters should seldom be edited by hand. For a system wide configuration, create a parameter set using the client and copy it to the system wide file.
Configuration Parameters Used by the ThinLinc Client
Both the Windows and the Linux version of the ThinLinc client use the same names for their configuration parameters, although the storage technique used is different (text files vs. registry keys). In this section we will list the parameters and explain their possible values.
Set to 1 if host key updates should be allowed. This parameter cannot be changed from the GUI. The result of setting ALLOW_HOSTKEY_UPDATE to 0 is that the client cannot connect to the server if the hostkey is wrong. This enhances security if there is a risk for a man in the middle attack.
This parameter can be set to "password", "publickey" or "scpublickey" to select the authentication mode used by the client.
If this parameter is set to 1, the client will automatically login at start, using the server name, user name and password specified in the configuration storage.
Specifies the smart card certificate to use when authenticating.
Controls how the client presents a certificate to the user. The parameter consists of a comma separated list of naming tokens that represent bits of information from each card or certificate. Possible tokens:
The label specified on the smart card.
The label associated with the PIN protecting this certificate.
A field from the subject in the certificate. Can for example be the common name by specifying subject_cn or subject_commonName. Any registered object identifier descriptor can be used (see IANA for a full list).
A field from the issuer in the certificate, in the same manner as for subject_*.
The client will use as many of the tokens as necessary to give each certificate a unique name. That means that certificates on two different cards can be presented with a different number of tokens depending on how much the information between the certificates overlap. An index number will be added to the name if the names are still not unique when all tokens are used.
Set to 1 if a custom compression method is selected.
The selected compression level. An integer between 1 and 9.
The display mode. Can be set to values "SIMPLE" and "ADVANCED", or be left empty. In the latter case, the default behaviour is to use simple mode if a server name is given as a parameter and advanced mode otherwise.
Set to 1 if the client should run in fullscreen mode.
This parameter specifies a list of hostname and port translations. This translation list is consulted whenever the client is about to initiate a network connection. This includes the SSH connection to the ThinLinc agent machine. The syntax for this parameter is:
[fromhost][:fromport]=[tohost][:toport] ...
If fromhost is omitted, the translation will apply to all hosts. The same principle is used for ports. If tohost or toport is omitted, the original host or port will be used. Multiple translations are separated with whitespace. The translation stops as soon as one match is found.
Set to 1 if JPEG compression is wanted.
The wanted compression level.
Set to 1 if existing sessions should be ended.
It makes little sense to change this value. The client never saves this setting.
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, the response is taken as a new password. The new password will be used for the SSH connection to the agent machine. It will also be sent to the server to enable Single Sign-On.
Key code for key to activate option pop-up menu.
This parameter allows you to specify a password in the configuration file. It must be specified using a hexadecimal ASCII notation, which means that every character is specified by its hexadecimal value.
The password value is not encrypted. It should be treated as a clear text password. Avoid storing configuration files with a PASSWORD parameter on disk or transmit such files over networks without encryption.
Specifies the PKCS#11 module that will be used to communicate with the smart card. The path can be relative the base prefix of the ThinLinc client or an absolute path.
This parameter specifies the path to the private key to be used to authenticate the user.
This parameter can be set to "single-disconnected" or "ask" to control the client's reconnect policy. See Section 7.4.1, “ Options tab ” for their meaning.
If 1, the user configuration file (or the file specified by -C) will be removed after the client has started. Settings changed in the GUI will not be stored to disk. If the client fails to remove the file, it will try to truncate it instead.
The default size of the ThinLinc session. Possible values:
0 for 640x480
1 for 800x600
2 for 1024x768
3 for 1280x1024
4 for 1600x1200
5 for Current screen size
6 for Near current screen size
7 for Custom screen size, set using the SCREEN_X_SIZE and SCREEN_Y_SIZE parameters.
Custom width of session, if SCREEN_SIZE_SELECTION is set to 7.
Custom height of session, if SCREEN_SIZE_SELECTION is set to 7.
Set to 1 if the client should send system keys (like Alt+Tab) to the remote system when in full screen mode.
This is a item list of certificate filters replace n with a sequence number that defined the order of the filter in the list.
The filter string consists of three fields where each field is sperated using a | (pipe), the defined three fields are: name, attributes and key usage which are documented below. Here follows an example of a filter string showing its format:
SMARTCARD_FILTER_1=Telia|o=TeliaSonera|5
The name of the filter which will be displayed in the list of filters defined in the user interface.
This field holds a comma separated list of certificate attributes that is used when matching against available certificates, for example O=TeliaSonera.
Key usage is a bitmask value used to match against a certificate's key usage flags. It indicates the intended usage of the certificate, such as identification, signing etc.
Use this to match certificates that is intended to be used for logon. For example, identification certificates will be matched using a value of 5, digital signature + key encipherment = 5. The values are described in the following table:
1 digital signature 2 non-repudiation 4 key encipherment 8 data enciperment 16 key agreement 32 certificate signing 64 CRL signing 128 enchiper only 256 decipher only
Set to 1 if the certificate subject should be used as logon name, this will hide the name field from login window.
Set to 1 if the client should automatically attempt a connection when a smart card with a suitable certificate is found, this will only work if SMARTCARD_SUBJECT_AS_NAME also is set to 1.
Set to 1 if the client should disconnect automatically when the smart card used for authentication is removed.
Set to 1 if the client should transmit the smart card passphrase to the ThinLinc server to enable smart card single sign-on. See Section 7.4.5, “ Security tab ” for security implications.
Set to 1 if sound should be enabled, using ESD. Only used on Linux.
Port selection for ThinLinc connection. Possible values:
0 for port 22 (standard ssh port).
1 for port 80.
2 for custom port set in the SSH_ARBITRARY parameter.
Custom port number for ThinLinc connection.
Offset for user's forwarded ports, on server side.
This parameter should normally not be changed
Specifies if the client should request that the server starts the session with the command supplied by the client.
Specifies the command to use when starting the session, if START_PROGRAM_ENABLED is active.
Port selection for audio tunnel, on server side.
This parameter should normally not be changed.
Set to 1 to dymanically autoselect the compression algorithm during the session.
The encoding to use for VNC. Possible values:
0 for Raw
5 for Hextile
7 for Tight
16 for ZRLE
The numbering was changed with ThinLinc 1.4.0.
The color level used for the session.
Set to 1 to use the compression built into SSH.
Set to 1 to enable periodic checks for new versions.
This parameter specifies the time interval, in seconds, between client update checks.
This parameter specifies the time that the last update check was performed.
If set to 1, updating to new client versions is mandatory.
The HTTP URL to client update configuration file.
Offset for Xvnc VNC ports on server side.
This parameter should normally not be changed
The VSM port number on the server.
This parameter should normally not be changed
This parameter specifies a regular expression. If an interactive SSH prompt matches this expression, a graphical yes/no dialog will be presented, instead of a dialog for text input. Additionally, if the prompt is known to the client, an alternate text will be used. The dialog buttons Yes and No will send "yes" and "no" to the server, respectively.
Configuration parameters are typically stored in text based configuration files. The format is simple: Each parameter is written on one line, followed by an equal sign (=) and the value of the parameter, as in the following example:
SSH_ENCRYPTION = 1 SERVER_NAME = demo.thinlinc.com
By using the -C option, additional configuration files can be specified. Any name is accepted, but the file extension .tlclient is recommended. The Windows and Linux packages configures the system to automatically recognize such files as configuration files for the ThinLinc Client. Additionally, the Internet Media Type "application-vnd.cendio.thinlinc.clientconf" is linked to such configuration files.
The Linux client first reads the file /opt/thinlinc/etc/tlclient.conf, if it exists. It then reads the file .thinlinc/tlclient.conf in the user's home directory, and the values there override the values from /opt/thinlinc/etc/tlclient.conf. This way, a system administrator can set global defaults for client operations, while each user can still customize the client to wanted behavior.
On Windows, the ThinLinc client reads its configuration from the registry. All ThinLinc client data is stored under Software\Cendio\ThinLinc\tlclient in the HKLM and HKCU hives. The parameter names are the same as for the Linux client.
The behaviour of global and user-specific settings are identical to that of the Linux client, where settings in HKLM correspond to /opt/thinlinc/etc/tlclient.conf and those in HKCU correspond to .thinlinc/tlclient.conf.
It is possible to add a custom logo to the main ThinLinc client window, making it easily distinguishable from a generic client. The custom logo will be placed to the right of the input fields.
Adding the logo is easy. The new logo must be a PNG file with maximum width and height of 50 pixels. On Windows, just add the file branding.png in the same directory as the executable with the custom logo. On Linux, the file name is /opt/thinlinc/lib/tlclient/branding.png.