diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/DynamicallyAuthenticatedDataSource.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/DynamicallyAuthenticatedDataSource.java
new file mode 100644
index 000000000..4c804a6ca
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/DynamicallyAuthenticatedDataSource.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import com.google.inject.name.Named;
+import java.sql.Connection;
+import java.sql.SQLException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.ibatis.datasource.pooled.PooledDataSource;
+import org.apache.ibatis.datasource.unpooled.UnpooledDataSource;
+
+/**
+ * Pooled DataSource implementation which dynamically retrieves the database
+ * username and password from the Guacamole server environment each time a
+ * new database connection is created.
+ */
+@Singleton
+public class DynamicallyAuthenticatedDataSource extends PooledDataSource {
+
+    /**
+     * Creates a new DynamicallyAuthenticatedDataSource which dynamically
+     * retrieves database credentials from the given JDBCEnvironment each time
+     * a new database connection is needed.
+     *
+     * @param environment
+     *     The JDBCEnvironment that should be used to retrieve database
+     *     credentials.
+     *
+     * @param driverClassLoader
+     * @param driver
+     * @param url
+     */
+    @Inject
+    public DynamicallyAuthenticatedDataSource(JDBCEnvironment environment,
+            @Named(value="JDBC.driverClassLoader") ClassLoader driverClassLoader,
+            @Named(value="JDBC.driver") String driver,
+            @Named(value="JDBC.url") String url) {
+
+        // Wrap unpooled DataSource, overriding the connection process such
+        // that credentials are dynamically retrieved from the JDBCEnvironment
+        super(new UnpooledDataSource(driverClassLoader, driver, url, null, null) {
+
+            @Override
+            public Connection getConnection() throws SQLException {
+                try {
+                    return super.getConnection(environment.getUsername(), environment.getPassword());
+                }
+                catch (GuacamoleException e) {
+                    throw new SQLException("Retrieval of database credentials failed.", e);
+                }
+            }
+
+        });
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 5203cfee7..5ae0ea53f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.jdbc;
 
 import com.google.inject.Scopes;
+import javax.sql.DataSource;
 import org.apache.guacamole.auth.jdbc.user.ModeledUserContext;
 import org.apache.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
@@ -90,7 +91,6 @@ import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper;
 import org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper;
 import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService;
 import org.mybatis.guice.MyBatisModule;
-import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
 import org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper;
 
 /**
@@ -121,7 +121,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
     protected void initialize() {
         
         // Datasource
-        bindDataSourceProviderType(PooledDataSourceProvider.class);
+        bind(DataSource.class).to(DynamicallyAuthenticatedDataSource.class);
         
         // Transaction factory
         bindTransactionFactoryType(JdbcTransactionFactory.class);
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java
index a4e1ef2e0..658c08a3a 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java
@@ -72,8 +72,6 @@ public class MySQLAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getMySQLHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getMySQLPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getMySQLDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getPassword());
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
         myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
index 0b285f100..cdb0b8a94 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
@@ -64,8 +64,6 @@ public class PostgreSQLAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getPostgreSQLHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getPostgreSQLPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getPostgreSQLDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getPassword());
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
         myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java
index ead21066d..74d3c950f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java
@@ -69,8 +69,6 @@ public class SQLServerAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getSQLServerHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getSQLServerPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getSQLServerDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getPassword());
         
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
diff --git a/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java b/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
index b33c65d99..cd81572ec 100644
--- a/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
+++ b/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
@@ -130,8 +130,9 @@ public class GuacamoleServletContextListener extends GuiceServletContextListener
 
         // Read configuration information from GUACAMOLE_HOME/guacamole.properties
         try {
-            environment.addGuacamoleProperties(new FileGuacamoleProperties(
-                    new File(environment.getGuacamoleHome(), "guacamole.properties")));
+            File guacProperties = new File(environment.getGuacamoleHome(), "guacamole.properties");
+            environment.addGuacamoleProperties(new FileGuacamoleProperties(guacProperties));
+            logger.info("Read configuration parameters from \"{}\".", guacProperties);
         }
         catch (GuacamoleException e) {
             logger.error("Unable to read guacamole.properties: {}", e.getMessage());
@@ -142,8 +143,11 @@ public class GuacamoleServletContextListener extends GuiceServletContextListener
         // read from system environment if "enable-environment-properties" is
         // set to "true"
         try {
-            if (environment.getProperty(ENABLE_ENVIRONMENT_PROPERTIES, false))
+            if (environment.getProperty(ENABLE_ENVIRONMENT_PROPERTIES, false)) {
                 environment.addGuacamoleProperties(new SystemEnvironmentGuacamoleProperties());
+                logger.info("Additional configuration parameters may be read "
+                        + "from environment variables.");
+            }
         }
         catch (GuacamoleException e) {
             logger.error("Unable to configure support for environment properties: {}", e.getMessage());