If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections.
If not specified, defaults to \fBfalse\fP.
This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP.
.TP
\fBfork\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads.
.TP
.TP
\fBhidelogwindow\fP=\fI[0|1]\fP
\fBhidelogwindow\fP=\fI[true|false]\fP
If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages.
If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages.
If not specified, defaults to \fBfalse\fP.
.TP
.TP
\fBmax_bpp\fP=\fI[8|15|16|24]\fP
\fBmax_bpp\fP=\fI[8|15|16|24|32]\fP
Limit the color depth by specifying the maximum number of bits per pixel.
Limit the color depth by specifying the maximum number of bits per pixel.
If not specified or set to \fB0\fP, unlimited.
.TP
\fBpamerrortxt\fP=\fIerror_text\fP
Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP.
.TP
.TP
\fBport\fP=\fIport\fP
\fBport\fP=\fIport\fP
@ -94,15 +121,60 @@ Specify TCP port to listen on for incoming connections.
The default for RDP is \fB3389\fP.
The default for RDP is \fB3389\fP.
.TP
.TP
\fBtcp_keepalive\fP=\fI[yes|no]\fP
\fBrequire_credentials\fP=\fI[true|false]\fP
If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and
password initial connection phase. In other words, xrdp doesn't allow clients to show login
screen if set to true. If not specified, defaults to \fBfalse\fP.
.TP
\fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP
Regulate security methods. If not specified, defaults to \fBnegotiate\fP.
.RS8
.TP
.Btls
Enhanced RDP Security is used. All security operations (encryption, decryption, data integrity
verification, and server authentication) are implemented by TLS.
.TP
.Brdp
Standard RDP Security, which is not safe from man-in-the-middle attack, is used. The encryption level
of Standard RDP Security is controlled by \fBcrypt_level\fP.
.TP
.Bnegotiate
Negotiate these security methods with clients.
.RE
.TP
\fBtcp_keepalive\fP=\fI[true|false]\fP
Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP.
Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP.
If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed.
If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears
without closing messages, the connection will be closed.
.TP
.TP
\fBtcp_nodelay\fP=\fI[yes|no]\fP
\fBtcp_nodelay\fP=\fI[true|false]\fP
Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP.
Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP.
If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack.
If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack.
.TP
\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP
.TP
\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP
Specify send/recv buffer sizes in bytes. The default value depends on operating system.
.TP
\fBtls_ciphers\fP=\fIcipher_suite\fP
Specifies TLS cipher suite. The format of this parameter is equivalent to which
\fBopenssl\fP(1) ciphers subcommand accepts.
(ex. $ openssl ciphers 'HIGH:!ADH:!SHA1')
This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP.
.TP
\fBuse_fastpath\fP=\fI[input|output|both|none]\fP
If not specified, defaults to \fBnone\fP.
.TP
.TP
\fBblack\fP=\fI000000\fP
\fBblack\fP=\fI000000\fP
.TP
.TP
@ -127,7 +199,7 @@ The lowest value that can be given to one of the light sources is 0 (hex 00).
The highest value is 255 (hex FF).
The highest value is 255 (hex FF).
.SH"LOGGING"
.SH"LOGGING"
The following parameters can be used in the \fB[logging]\fR section:
The following parameters can be used in the \fB[Logging]\fR section:
.TP
.TP
\fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR
\fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR
@ -148,7 +220,7 @@ This option can have one of the following values:
\fBDEBUG\fR or \fB4\fR\- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers
\fBDEBUG\fR or \fB4\fR\- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers
.TP
.TP
\fBEnableSyslog\fR=\fI[0|1]\fR
\fBEnableSyslog\fR=\fI[true|false]\fR
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled.
.TP
.TP
@ -163,55 +235,55 @@ Not all channels are supported in all cases, so setting a value to \fItrue\fP is
Channels can also be enabled or disabled on a per connection basis by prefixing each setting with \fBchannel.\fP in the channel section.
Channels can also be enabled or disabled on a per connection basis by prefixing each setting with \fBchannel.\fP in the channel section.
.TP
.TP
\fBrdpdr\fP=\fI[0|1]\fP
\fBrdpdr\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device redirection is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device redirection is allowed.
.TP
.TP
\fBrdpsnd\fP=\fI[0|1]\fP
\fBrdpsnd\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for sound is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for sound is allowed.
.TP
.TP
\fBdrdynvc\fP=\fI[0|1]\fP
\fBdrdynvc\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel to initiate additional dynamic virtual channels is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel to initiate additional dynamic virtual channels is allowed.
.TP
.TP
\fBcliprdr\fP=\fI[0|1]\fP
\fBcliprdr\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard redirection is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard redirection is allowed.
.TP
.TP
\fBrail\fP=\fI[0|1]\fP
\fBrail\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for remote applications integrated locally (RAIL) is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for remote applications integrated locally (RAIL) is allowed.
.TP
.TP
\fBxrdpvr\fP=\fI[0|1]\fP
\fBxrdpvr\fP=\fI[true|false]\fP
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video streaming is allowed.
If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video streaming is allowed.
.SH"CONNECTIONS"
.SH"CONNECTIONS"
A connection section is made of a section name, enclosed in square brackets, and the following entries:
A connection section is made of a section name, enclosed in square brackets, and the following entries:
.TP
.TP
\fBname\fR=\fI<session name>\fR
\fBname\fR=\fI<session name>\fR
The name displayed in \fBxrdp\fR(8) login window's combo box.
The name displayed in \fBxrdp\fR(8) login window's combo box.
.TP
.TP
\fBlib\fR=\fI../vnc/libvnc.so\fR
\fBlib\fR=\fI../vnc/libvnc.so\fR
Sets the library to be used with this connection.
Sets the library to be used with this connection.
.TP
.TP
\fBusername\fR=\fI<username>\fR|\fIask\fR
\fBusername\fR=\fI<username>\fR|\fIask\fR
Specifies the username used for authenticating in the connection.
Specifies the username used for authenticating in the connection.
If set to \fIask\fR, user name should be provided in the login window.
If set to \fIask\fR, user name should be provided in the login window.
.TP
.TP
\fBpassword\fR=\fI<password>\fR|\fIask\fR
\fBpassword\fR=\fI<password>\fR|\fIask\fR
Specifies the password used for authenticating in the connection.
Specifies the password used for authenticating in the connection.
If set to \fIask\fR, password should be provided in the login window.
If set to \fIask\fR, password should be provided in the login window.
.TP
.TP
\fBip\fR=\fI127.0.0.1\fR
\fBip\fR=\fI127.0.0.1\fR
Specifies the ip address of the host to connect to.
Specifies the ip address of the host to connect to.
.TP
.TP
\fBport\fR=\fI<number>\fR|\fI\-1\fR
\fBport\fR=\fI<number>\fR|\fI\-1\fR
Specifies the port number to connect to. If set to \fI\-1\fR, the default port for the specified library is used.
Specifies the port number to connect to. If set to \fI\-1\fR, the default port for the specified library is used.
@ -224,8 +296,8 @@ This is an example \fBxrdp.ini\fR:
.nf
.nf
[Globals]
[Globals]
bitmap_cache=yes
bitmap_cache=true
bitmap_compression=yes
bitmap_compression=true
[vnc1]
[vnc1]
name=sesman
name=sesman
@ -245,4 +317,4 @@ ${XRDP_CFG_DIR}/xrdp.ini
.BRsesrun(8),
.BRsesrun(8),
.BRsesman.ini(5)
.BRsesman.ini(5)
for more info on \fBxrdp\fR see http://xrdp.sf.net
for more info on \fBxrdp\fR see http://www.xrdp.org/