1 | .\" $XConsortium: xdm.man,v 1.27 91/08/26 19:27:29 gildea Exp $ |
---|
2 | .TH XDM 1 "Release 5" "X Version 11" |
---|
3 | .SH NAME |
---|
4 | xdm \- X Display Manager with support for XDMCP |
---|
5 | .SH SYNOPSIS |
---|
6 | .B xdm |
---|
7 | [ |
---|
8 | .B \-config |
---|
9 | .I configuration_file |
---|
10 | ] [ |
---|
11 | .B \-nodaemon |
---|
12 | ] [ |
---|
13 | .B \-debug |
---|
14 | .I debug_level |
---|
15 | ] [ |
---|
16 | .B \-error |
---|
17 | .I error_log_file |
---|
18 | ] [ |
---|
19 | .B \-resources |
---|
20 | .I resource_file |
---|
21 | ] [ |
---|
22 | .B \-server |
---|
23 | .I server_entry |
---|
24 | ] [ |
---|
25 | .B \-session |
---|
26 | .I session_program |
---|
27 | ] |
---|
28 | .SH DESCRIPTION |
---|
29 | .PP |
---|
30 | .I Xdm |
---|
31 | manages a collection of X displays, which may be on the local host |
---|
32 | or remote servers. The design of |
---|
33 | .I xdm |
---|
34 | was guided by the needs of X terminals as well as the X Consortium standard |
---|
35 | XDMCP, the \fIX Display Manager Control Protocol\fP. |
---|
36 | .I Xdm |
---|
37 | provides services similar to those provided by \fIinit\fP, \fIgetty\fP |
---|
38 | and \fIlogin\fP on character terminals: prompting for login name and password, |
---|
39 | authenticating the user, and running a ``session.'' |
---|
40 | .PP |
---|
41 | A ``session'' is defined by the lifetime of a particular process; in the |
---|
42 | traditional character-based terminal world, it is the user's login shell. |
---|
43 | In the |
---|
44 | .I xdm |
---|
45 | context, it is an arbitrary session manager. This is because in a windowing |
---|
46 | environment, a user's login shell process does not necessarily have any |
---|
47 | terminal-like interface with which to connect. |
---|
48 | When a real session manager is not available, a window manager or terminal |
---|
49 | emulator is typically used as the ``session manager,'' meaning that |
---|
50 | termination of this process terminates the user's session. |
---|
51 | .PP |
---|
52 | When the session is terminated, \fIxdm\fP |
---|
53 | resets the X server and (optionally) restarts the whole process. |
---|
54 | .PP |
---|
55 | When \fIxdm\fP receives an Indirect query via XDMCP, it can run a |
---|
56 | \fIchooser\fP process to |
---|
57 | perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) |
---|
58 | on behalf of the display and |
---|
59 | offer a menu of possible hosts that offer XDMCP display management. |
---|
60 | This feature is useful with X terminals that do not offer a host |
---|
61 | menu themselves. |
---|
62 | .PP |
---|
63 | Because |
---|
64 | .I xdm |
---|
65 | provides the first interface that users will see, it is designed to be |
---|
66 | simple to use and easy to customize to the needs of a particular site. |
---|
67 | .I Xdm |
---|
68 | has many options, most of which have reasonable defaults. Browse through the |
---|
69 | various sections of this manual, |
---|
70 | picking and choosing the things you want to change. |
---|
71 | Pay particular attention to the |
---|
72 | .B "Session Program" |
---|
73 | section, which will describe how to |
---|
74 | set up the style of session desired. |
---|
75 | .PP |
---|
76 | .SH "TYPICAL USAGE" |
---|
77 | .PP |
---|
78 | Actually, |
---|
79 | .I xdm |
---|
80 | is designed to operate in such a wide variety of environments that |
---|
81 | .I typical |
---|
82 | is probably a misnomer. |
---|
83 | .PP |
---|
84 | First, the |
---|
85 | .I xdm |
---|
86 | configuration file should be set up. |
---|
87 | Make a directory (usually \fI/usr/lib/X11/xdm\fP) |
---|
88 | to contain all of the relevant |
---|
89 | files. Here is a reasonable configuration file, which could be |
---|
90 | named \fIxdm-config\fP: |
---|
91 | .nf |
---|
92 | |
---|
93 | .ta .5i 4i |
---|
94 | |
---|
95 | DisplayManager.servers: /usr/lib/X11/xdm/Xservers |
---|
96 | DisplayManager.errorLogFile: /usr/lib/X11/xdm/xdm-errors |
---|
97 | DisplayManager*resources: /usr/lib/X11/xdm/Xresources |
---|
98 | DisplayManager*startup: /usr/lib/X11/xdm/Xstartup |
---|
99 | DisplayManager*session: /usr/lib/X11/xdm/Xsession |
---|
100 | DisplayManager.pidFile: /usr/lib/X11/xdm/xdm-pid |
---|
101 | DisplayManager._0.authorize: true |
---|
102 | DisplayManager*authorize: false |
---|
103 | |
---|
104 | .fi |
---|
105 | .PP |
---|
106 | Note that this file simply contains references to other files. Note also |
---|
107 | that some of the resources are specified with ``*'' separating the |
---|
108 | components. These resources can be made unique for each different display, |
---|
109 | by replacing the ``*'' with the display-name, but normally this is not very |
---|
110 | useful. See the \fBResources\fP section for a complete discussion. |
---|
111 | .PP |
---|
112 | The first file, \fI/usr/lib/X11/xdm/Xservers,\fP |
---|
113 | contains the list of displays to manage that are not using XDMCP. |
---|
114 | Most workstations have only one display, numbered 0, so the file |
---|
115 | will look something like this: |
---|
116 | .nf |
---|
117 | .ta .5i |
---|
118 | |
---|
119 | :0 Local local /usr/bin/X11/X :0 |
---|
120 | |
---|
121 | .fi |
---|
122 | .PP |
---|
123 | This will keep \fI/usr/bin/X11/X\fP running on this display and |
---|
124 | manage a continuous cycle of sessions. |
---|
125 | .PP |
---|
126 | The file \fI/usr/lib/X11/xdm/xdm-errors\fP will contain error messages from |
---|
127 | .I xdm |
---|
128 | and anything output to stderr by \fIXsetup, Xstartup, Xsession\fP |
---|
129 | or \fIXreset\fP. |
---|
130 | When you have trouble getting |
---|
131 | .I xdm |
---|
132 | working, check this file to see if |
---|
133 | .I xdm |
---|
134 | has any clues to the trouble. |
---|
135 | .PP |
---|
136 | The next configuration entry, \fI/usr/lib/X11/xdm/Xresources\fP, is loaded onto |
---|
137 | the display as a resource database using |
---|
138 | .I xrdb. |
---|
139 | As the authentication |
---|
140 | widget reads this database before starting up, it usually contains |
---|
141 | parameters for that widget: |
---|
142 | .nf |
---|
143 | .ta .5i 1i |
---|
144 | |
---|
145 | xlogin*login.translations: #override\\ |
---|
146 | <Key>F1: set-session-argument(failsafe) finish-field()\\n\\ |
---|
147 | <Key>Return: set-session-argument() finish-field() |
---|
148 | xlogin*borderWidth: 3 |
---|
149 | #ifdef COLOR |
---|
150 | xlogin*greetColor: CadetBlue |
---|
151 | xlogin*failColor: red |
---|
152 | #endif |
---|
153 | |
---|
154 | .fi |
---|
155 | .PP |
---|
156 | Please note the translations entry; it specifies |
---|
157 | a few new translations for the widget which allow users to escape from the |
---|
158 | default session (and avoid troubles that may occur in it). Note that if |
---|
159 | #override is not specified, the default translations are removed and replaced |
---|
160 | by the new value, not a very useful result as some of the default translations |
---|
161 | are quite useful (such as ``<Key>: insert-char ()'' which responds to normal |
---|
162 | typing). |
---|
163 | .PP |
---|
164 | The \fIXstartup\fP file shown here simply prevents login while the |
---|
165 | file \fI/etc/nologin\fP |
---|
166 | exists. As there is no provision for displaying any messages here |
---|
167 | (there isn't any core X client which displays files), |
---|
168 | the user will probably be baffled by this behavior. |
---|
169 | Thus this is not a complete example, but |
---|
170 | simply a demonstration of the available functionality. |
---|
171 | .PP |
---|
172 | Here is a sample \fIXstartup\fP script: |
---|
173 | .nf |
---|
174 | .ta .5i 1i |
---|
175 | |
---|
176 | #!/bin/sh |
---|
177 | # |
---|
178 | # Xstartup |
---|
179 | # |
---|
180 | # This program is run as root after the user is verified |
---|
181 | # |
---|
182 | if [ \-f /etc/nologin ]; then |
---|
183 | exit 1 |
---|
184 | fi |
---|
185 | exit 0 |
---|
186 | .fi |
---|
187 | .PP |
---|
188 | .PP |
---|
189 | The most interesting script is \fIXsession\fP. This version recognizes |
---|
190 | the special |
---|
191 | ``failsafe'' mode, specified in the translations |
---|
192 | in the \fIXresources\fP file above, to provide an escape |
---|
193 | from the ordinary session: |
---|
194 | .nf |
---|
195 | .ta .5i 1i 1.5i |
---|
196 | |
---|
197 | #!/bin/sh |
---|
198 | # |
---|
199 | # Xsession |
---|
200 | # |
---|
201 | # This is the program that is run as the client |
---|
202 | # for the display manager. This example is |
---|
203 | # quite friendly as it attempts to run a per-user |
---|
204 | # .xsession file instead of forcing a particular |
---|
205 | # session layout |
---|
206 | # |
---|
207 | |
---|
208 | case $# in |
---|
209 | 1) |
---|
210 | case $1 in |
---|
211 | failsafe) |
---|
212 | exec xterm \-geometry 80x24\-0\-0 \-ls |
---|
213 | ;; |
---|
214 | esac |
---|
215 | esac |
---|
216 | |
---|
217 | startup=$HOME/.xsession |
---|
218 | resources=$HOME/.Xresources |
---|
219 | |
---|
220 | if [ \-f $startup ]; then |
---|
221 | exec $startup |
---|
222 | exec /bin/sh $startup |
---|
223 | else |
---|
224 | if [ ! \-f $resources ]; then |
---|
225 | resources=$HOME/.Xdefaults |
---|
226 | fi |
---|
227 | if [ \-f $resources ]; then |
---|
228 | xrdb \-load $resources |
---|
229 | fi |
---|
230 | twm & |
---|
231 | exec xterm \-geometry 80x24+10+10 \-ls |
---|
232 | fi |
---|
233 | |
---|
234 | .fi |
---|
235 | .SH OPTIONS |
---|
236 | .PP |
---|
237 | All of these options, except \fB\-config\fP, |
---|
238 | specify values that can also be specified in the configuration file |
---|
239 | as resources. |
---|
240 | .IP "\fB\-config\fP \fIconfiguration_file\fP" |
---|
241 | Names the configuration file, which specifies resources to control |
---|
242 | the behavior of |
---|
243 | .I xdm. |
---|
244 | .I /usr/lib/X11/xdm/xdm-config |
---|
245 | is the default. |
---|
246 | .IP "\fB\-nodaemon\fP" |
---|
247 | Specifies ``false'' as the value for the \fBDisplayManager.daemonMode\fP |
---|
248 | resource. |
---|
249 | This suppresses the normal daemon behavior, which is for |
---|
250 | .I xdm |
---|
251 | to close all file descriptors, disassociate itself from |
---|
252 | the controlling terminal, and put |
---|
253 | itself in the background when it first starts up. |
---|
254 | .IP "\fB\-debug\fP \fIdebug_level\fP" |
---|
255 | Specifies the numeric value for the \fBDisplayManager.debugLevel\fP |
---|
256 | resource. A non-zero value causes |
---|
257 | .I xdm |
---|
258 | to print lots of debugging statements to the terminal; it also disables the |
---|
259 | \fBDisplayManager.daemonMode\fP resource, forcing |
---|
260 | .I xdm |
---|
261 | to run synchronously. To interpret these debugging messages, a copy |
---|
262 | of the source code for |
---|
263 | .I xdm |
---|
264 | is almost a necessity. No attempt has been |
---|
265 | made to rationalize or standardize the output. |
---|
266 | .IP "\fB\-error\fP \fIerror_log_file\fP" |
---|
267 | Specifies the value for the \fBDisplayManager.errorLogFile\fP resource. |
---|
268 | This file contains errors from |
---|
269 | .I xdm |
---|
270 | as well as anything written to stderr by the various scripts and programs |
---|
271 | run during the progress of the session. |
---|
272 | .IP "\fB\-resources\fP \fIresource_file\fP" |
---|
273 | Specifies the value for the \fBDisplayManager*resources\fP resource. This file |
---|
274 | is loaded using |
---|
275 | .I xrdb |
---|
276 | to specify configuration parameters for the |
---|
277 | authentication widget. |
---|
278 | .IP "\fB\-server\fP \fIserver_entry\fP" |
---|
279 | Specifies the value for the \fBDisplayManager.servers\fP resource. |
---|
280 | See the section |
---|
281 | .B "Server Specification" |
---|
282 | for a description of this resource. |
---|
283 | .IP "\fB\-udpPort\fP \fIport_number\fP" |
---|
284 | Specifies the value for the \fBDisplayManager.requestPort\fP resource. This |
---|
285 | sets the port-number which |
---|
286 | .I xdm |
---|
287 | will monitor for XDMCP requests. As XDMCP |
---|
288 | uses the registered well-known UDP port 177, this resource should |
---|
289 | not be changed except for debugging. |
---|
290 | .IP "\fB\-session\fP \fIsession_program\fP" |
---|
291 | Specifies the value for the \fBDisplayManager*session\fP resource. This |
---|
292 | indicates the program to run as the session after the user has logged in. |
---|
293 | .IP "\fB\-xrm\fP \fIresource_specification\fP" |
---|
294 | Allows an arbitrary resource to be specified, as in most |
---|
295 | X Toolkit applications. |
---|
296 | .SH RESOURCES |
---|
297 | At many stages the actions of |
---|
298 | .I xdm |
---|
299 | can be controlled through the use of its configuration file, which is in the |
---|
300 | X resource format. |
---|
301 | Some resources modify the behavior of |
---|
302 | .I xdm |
---|
303 | on all displays, |
---|
304 | while others modify its behavior on a single display. Where actions relate |
---|
305 | to a specific display, |
---|
306 | the display name is inserted into the resource name between |
---|
307 | ``DisplayManager'' and the final resource name segment. |
---|
308 | For example, \fBDisplayManager.expo_0.startup\fP is the name of the |
---|
309 | resource which defines the startup shell file on the ``expo:0'' display. |
---|
310 | Because the resource |
---|
311 | manager uses colons to separate the name of the resource from its value and |
---|
312 | dots to separate resource name parts, |
---|
313 | .I xdm |
---|
314 | substitutes underscores for both dots and colons when generating the resource |
---|
315 | name. |
---|
316 | .IP "\fBDisplayManager.servers\fP" |
---|
317 | This resource either specifies a file name full of server entries, one per |
---|
318 | line (if the value starts with a slash), or a single server entry. |
---|
319 | See the section \fBServer Specification\fP for the details. |
---|
320 | .IP "\fBDisplayManager.requestPort\fP" |
---|
321 | This indicates the UDP port number which |
---|
322 | .I xdm |
---|
323 | uses to listen for incoming XDMCP requests. Unless you need to debug the |
---|
324 | system, leave this with its default value of 177. |
---|
325 | .IP "\fBDisplayManager.errorLogFile\fP" |
---|
326 | Error output is normally directed at the system console. To redirect it, |
---|
327 | set this resource to a file name. A method to send these messages to |
---|
328 | .I syslog |
---|
329 | should be developed for systems which support it; however, the |
---|
330 | wide variety of interfaces precludes any system-independent |
---|
331 | implementation. This file also contains any output directed to stderr |
---|
332 | by the \fIXsetup, Xstartup, Xsession\fP and \fIXreset\fP files, |
---|
333 | so it will contain descriptions |
---|
334 | of problems in those scripts as well. |
---|
335 | .IP "\fBDisplayManager.debugLevel\fP" |
---|
336 | If the integer value of this resource is greater than zero, |
---|
337 | reams of |
---|
338 | debugging information will be printed. It also disables daemon mode, which |
---|
339 | would redirect the information into the bit-bucket, and |
---|
340 | allows non-root users to run |
---|
341 | .I xdm, |
---|
342 | which would normally not be useful. |
---|
343 | .IP "\fBDisplayManager.daemonMode\fP" |
---|
344 | Normally, |
---|
345 | .I xdm |
---|
346 | attempts to make itself into a daemon process unassociated with any terminal. |
---|
347 | This is |
---|
348 | accomplished by forking and leaving the parent process to exit, then closing |
---|
349 | file descriptors and releasing the controlling terminal. In some |
---|
350 | environments this is not desired (in particular, when debugging). Setting |
---|
351 | this resource to ``false'' will disable this feature. |
---|
352 | .IP "\fBDisplayManager.pidFile\fP" |
---|
353 | The filename specified will be created to contain an ASCII |
---|
354 | representation of the process-id of the main |
---|
355 | .I xdm |
---|
356 | process. |
---|
357 | .I Xdm |
---|
358 | also uses file locking on this file |
---|
359 | to attempt to eliminate multiple daemons running on |
---|
360 | the same machine, which would cause quite a bit of havoc. |
---|
361 | .IP "\fBDisplayManager.lockPidFile\fP" |
---|
362 | This is the resource which controls whether |
---|
363 | .I xdm |
---|
364 | uses file locking to keep multiple display managers from running amok. |
---|
365 | On System V, this |
---|
366 | uses the \fIlockf\fP library call, while on BSD it uses \fIflock.\fP |
---|
367 | .IP "\fBDisplayManager.authDir\fP" |
---|
368 | This names a directory in which |
---|
369 | .I xdm |
---|
370 | stores authorization files while initializing the session. The |
---|
371 | default value is \fI/usr/lib/X11/xdm.\fP |
---|
372 | .IP \fBDisplayManager.autoRescan\fP |
---|
373 | This boolean controls whether |
---|
374 | .I xdm |
---|
375 | rescans the configuration, servers, access control and authentication keys |
---|
376 | files after a session terminates and the files have changed. By default it |
---|
377 | is ``true.'' You can force |
---|
378 | .I xdm |
---|
379 | to reread these files by sending a SIGHUP to the main process. |
---|
380 | .IP "\fBDisplayManager.removeDomainname\fP" |
---|
381 | When computing the display name for XDMCP clients, the name resolver will |
---|
382 | typically create a fully qualified host name for the terminal. As this is |
---|
383 | sometimes confusing, |
---|
384 | .I xdm |
---|
385 | will remove the domain name portion of the host name if it is the same as the |
---|
386 | domain name of the local host when this variable is set. By default the |
---|
387 | value is ``true.'' |
---|
388 | .IP "\fBDisplayManager.keyFile\fP" |
---|
389 | XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key |
---|
390 | be shared between |
---|
391 | .I xdm |
---|
392 | and the terminal. This resource specifies the file containing those |
---|
393 | values. Each entry in the file consists of a display name and the shared |
---|
394 | key. By default, |
---|
395 | .I xdm |
---|
396 | does not include support for XDM-AUTHENTICATION-1, as it requires DES which |
---|
397 | is not generally distributable because of United States export restrictions. |
---|
398 | .IP \fBDisplayManager.accessFile\fP |
---|
399 | To prevent unauthorized XDMCP service and to allow forwarding of XDMCP |
---|
400 | IndirectQuery requests, this file contains a database of hostnames which are |
---|
401 | either allowed direct access to this machine, or have a list of hosts to |
---|
402 | which queries should be forwarded to. The format of this file is described |
---|
403 | in the section |
---|
404 | .B "XDMCP Access Control." |
---|
405 | .IP \fBDisplayManager.exportList\fP |
---|
406 | A whitespace-separated list of additional environment variables |
---|
407 | to pass on to the \fIXsetup\fP, |
---|
408 | \fIXstartup\fP, \fIXsession\fP, and \fIXreset\fP programs. |
---|
409 | .IP \fBDisplayManager.randomFile\fP |
---|
410 | A file to checksum to generate the seed of authorization keys. |
---|
411 | This should be a file that changes frequently. |
---|
412 | The default is \fI/dev/mem\fP. |
---|
413 | .\" |
---|
414 | .IP "\fBDisplayManager.DISPLAY.resources\fP" |
---|
415 | This resource specifies the name of the file to be loaded by \fIxrdb\fP |
---|
416 | as the resource database onto the root window of screen 0 of the display. |
---|
417 | The \fIXsetup\fP program, the Login widget, and \fIchooser\fP will use |
---|
418 | the resources set in this file. |
---|
419 | This resource data base is loaded just before the authentication procedure |
---|
420 | is started, so it can control the appearance of the login window. See the |
---|
421 | section |
---|
422 | .B "Authentication Widget," |
---|
423 | which describes the various |
---|
424 | resources that are appropriate to place in this file. |
---|
425 | There is no default value for this resource, but |
---|
426 | \fI/usr/lib/X11/xdm/Xresources\fP |
---|
427 | is the conventional name. |
---|
428 | .IP "\fBDisplayManager.DISPLAY.chooser\fP" |
---|
429 | Specifies the program run to offer a host menu for Indirect queries |
---|
430 | redirected to the special host name CHOOSER. |
---|
431 | \fI/usr/lib/X11/xdm/chooser\fP is the default. |
---|
432 | See the sections \fBXDMCP Access Control\fP and \fBChooser\fP. |
---|
433 | .IP "\fBDisplayManager.DISPLAY.xrdb\fP" |
---|
434 | Specifies the program used to load the resources. By default, |
---|
435 | .I xdm |
---|
436 | uses \fI/usr/bin/X11/xrdb\fP. |
---|
437 | .IP "\fBDisplayManager.DISPLAY.cpp\fP" |
---|
438 | This specifies the name of the C preprocessor which is used by \fIxrdb\fP. |
---|
439 | .IP "\fBDisplayManager.DISPLAY.setup\fP" |
---|
440 | This specifies a program which is run (as root) before offering the |
---|
441 | Login window. This may be used to change the appearence of the screen |
---|
442 | around the Login window or to put up other windows (e.g., you may want |
---|
443 | to run \fIxconsole\fP here). |
---|
444 | By default, no program is run. The conventional name for a |
---|
445 | file used here is \fIXsetup\fP. |
---|
446 | See the section \fBSetup Program.\fP |
---|
447 | .IP "\fBDisplayManager.DISPLAY.startup\fP" |
---|
448 | This specifies a program which is run (as root) after the authentication |
---|
449 | process succeeds. By default, no program is run. The conventional name for a |
---|
450 | file used here is \fIXstartup\fP. |
---|
451 | See the section \fBStartup Program.\fP |
---|
452 | .IP "\fBDisplayManager.DISPLAY.session\fP" |
---|
453 | This specifies the session to be executed (not running as root). |
---|
454 | By default, \fI/usr/bin/X11/xterm\fP is |
---|
455 | run. The conventional name is \fIXsession\fP. |
---|
456 | See the section |
---|
457 | .B "Session Program." |
---|
458 | .IP "\fBDisplayManager.DISPLAY.reset\fP" |
---|
459 | This specifies a program which is run (as root) after the session terminates. |
---|
460 | Again, by default no program is run. |
---|
461 | The conventional name is \fIXreset\fP. |
---|
462 | See the section |
---|
463 | .B "Reset Program." |
---|
464 | .IP "\fBDisplayManager.DISPLAY.openDelay\fP" |
---|
465 | .IP "\fBDisplayManager.DISPLAY.openRepeat\fP" |
---|
466 | .IP "\fBDisplayManager.DISPLAY.openTimeout\fP" |
---|
467 | .IP "\fBDisplayManager.DISPLAY.startAttempts\fP" |
---|
468 | These numeric resources control the behavior of |
---|
469 | .I xdm |
---|
470 | when attempting to open intransigent servers. \fBopenDelay\fP is |
---|
471 | the length of the |
---|
472 | pause (in seconds) between successive attempts, \fBopenRepeat\fP is the |
---|
473 | number of attempts to make, \fBopenTimeout\fP is the amount of time |
---|
474 | to wait while actually |
---|
475 | attempting the open (i.e., the maximum time spent in the |
---|
476 | .IR connect (2) |
---|
477 | system call) and \fBstartAttempts\fP is the number of times this entire process |
---|
478 | is done before giving up on the server. After \fBopenRepeat\fP attempts have been made, |
---|
479 | or if \fBopenTimeout\fP seconds elapse in any particular attempt, |
---|
480 | .I xdm |
---|
481 | terminates and restarts the server, attempting to connect again. |
---|
482 | This |
---|
483 | process is repeated \fBstartAttempts\fP times, at which point the display is |
---|
484 | declared dead and disabled. Although |
---|
485 | this behavior may seem arbitrary, it has been empirically developed and |
---|
486 | works quite well on most systems. The default values are |
---|
487 | 5 for \fBopenDelay\fP, 5 for \fBopenRepeat\fP, 30 for \fBopenTimeout\fP and |
---|
488 | 4 for \fBstartAttempts\fP. |
---|
489 | .IP "\fBDisplayManager.DISPLAY.pingInterval\fP" |
---|
490 | .IP "\fBDisplayManager.DISPLAY.pingTimeout\fP" |
---|
491 | To discover when remote displays disappear, |
---|
492 | .I xdm |
---|
493 | occasionally pings them, using an X connection and \fIXSync\fP |
---|
494 | calls. \fBpingInterval\fP specifies the time (in minutes) between each |
---|
495 | ping attempt, \fBpingTimeout\fP specifies the maximum amount of time (in |
---|
496 | minutes) to wait for the terminal to respond to the request. If the |
---|
497 | terminal does not respond, the session is declared dead and terminated. By |
---|
498 | default, both are set to 5 minutes. If you frequently use X terminals which |
---|
499 | can become isolated from the managing host, you may wish to increase this |
---|
500 | value. The only worry is that sessions will continue to exist after the |
---|
501 | terminal has been accidentally disabled. |
---|
502 | .I xdm |
---|
503 | will not ping local displays. Although it would seem harmless, it is |
---|
504 | unpleasant when the workstation session is terminated as a result of the |
---|
505 | server hanging for NFS service and not responding to the ping. |
---|
506 | .IP "\fBDisplayManager.DISPLAY.terminateServer\fP" |
---|
507 | This boolean resource specifies whether the X server should be terminated |
---|
508 | when a session terminates (instead of resetting it). This option can be |
---|
509 | used when the server tends to grow without bound over time, in order to limit |
---|
510 | the amount of time the server is run. The default value is ``false.'' |
---|
511 | .IP "\fBDisplayManager.DISPLAY.userPath\fP" |
---|
512 | .I Xdm |
---|
513 | sets the PATH environment variable for the session to this value. It should |
---|
514 | be a colon separated list of directories; see |
---|
515 | .IR sh (1) |
---|
516 | for a full description. |
---|
517 | ``:/bin:/usr/bin:/usr/bin/X11:/usr/ucb'' |
---|
518 | is a common setting. |
---|
519 | The default value can be specified at build time in the X system |
---|
520 | configuration file with DefaultUserPath; |
---|
521 | .IP "\fBDisplayManager.DISPLAY.systemPath\fP" |
---|
522 | .I Xdm |
---|
523 | sets the PATH environment variable for the startup and reset scripts to the |
---|
524 | value of this resource. The default for this resource is specified |
---|
525 | at build time by the DefaultSystemPath entry in the system configuration file; |
---|
526 | ``/etc:/bin:/usr/bin:/usr/bin/X11:/usr/ucb'' is a common choice. |
---|
527 | Note the absence of ``.'' from this entry. This is a good practice to |
---|
528 | follow for root; it avoids many common Trojan Horse system penetration |
---|
529 | schemes. |
---|
530 | .IP "\fBDisplayManager.DISPLAY.systemShell\fP" |
---|
531 | .I Xdm |
---|
532 | sets the SHELL environment variable for the startup and reset scripts to the |
---|
533 | value of this resource. It is \fI/bin/sh\fP by default. |
---|
534 | .IP "\fBDisplayManager.DISPLAY.failsafeClient\fP" |
---|
535 | If the default session fails to execute, |
---|
536 | .I xdm |
---|
537 | will fall back to this program. This program is executed with no |
---|
538 | arguments, but executes using the same environment variables as |
---|
539 | the session would have had (see the section \fBSession Program\fP). |
---|
540 | By default, \fI/usr/bin/X11/xterm\fP is used. |
---|
541 | .IP "\fBDisplayManager.DISPLAY.grabServer\fP" |
---|
542 | .IP "\fBDisplayManager.DISPLAY.grabTimeout\fP" |
---|
543 | To improve security, |
---|
544 | .I xdm |
---|
545 | grabs the server and keyboard while reading the login name and password. |
---|
546 | The |
---|
547 | \fBgrabServer\fP resource specifies if the server should be held for the |
---|
548 | duration of the name/password reading. When ``false,'' the server is ungrabbed |
---|
549 | after the keyboard grab succeeds, otherwise the server is grabbed until just |
---|
550 | before the session begins. The default is ``false.'' |
---|
551 | The \fBgrabTimeout\fP resource specifies the maximum time |
---|
552 | .I xdm |
---|
553 | will wait for the grab to succeed. The grab may fail if some other |
---|
554 | client has the server grabbed, or possibly if the network latencies |
---|
555 | are very high. This resource has a default value of 3 seconds; you |
---|
556 | should be cautious when raising it, as a user can be spoofed by a |
---|
557 | look-alike window on the display. If the grab fails, |
---|
558 | .I xdm |
---|
559 | kills and restarts the server (if possible) and the session. |
---|
560 | .IP "\fBDisplayManager.DISPLAY.authorize\fP" |
---|
561 | .IP "\fBDisplayManager.DISPLAY.authName\fP" |
---|
562 | \fBauthorize\fP is a boolean resource which controls whether |
---|
563 | .I xdm |
---|
564 | generates and uses authorization for the local server connections. If |
---|
565 | authorization is used, \fBauthName\fP is a whitespace-separated list |
---|
566 | of authorization mechanisms to use. |
---|
567 | XDMCP connections dynamically specify which |
---|
568 | authorization mechanisms are supported, so |
---|
569 | \fBauthName\fP is ignored in this case. When \fBauthorize\fP is set for a |
---|
570 | display and authorization is not available, the user is informed by having a |
---|
571 | different message displayed in the login widget. By default, \fBauthorize\fP |
---|
572 | is ``true''; \fBauthName\fP is ``MIT-MAGIC-COOKIE-1.'' |
---|
573 | .IP \fBDisplayManager.DISPLAY.authFile\fP |
---|
574 | This file is used to communicate the authorization data from |
---|
575 | .I xdm |
---|
576 | to the server, using the \fB\-auth\fP server command line option. |
---|
577 | It should be |
---|
578 | kept in a directory which is not world-writable as it could easily be |
---|
579 | removed, disabling the authorization mechanism in the server. |
---|
580 | .IP "\fBDisplayManager.DISPLAY.authComplain\fP" |
---|
581 | If set to ``false,'' disables the use of the \fBunsecureGreeting\fP |
---|
582 | in the login window. |
---|
583 | See the section \fBAuthentication Widget.\fP |
---|
584 | The default is ``true.'' |
---|
585 | .IP "\fBDisplayManager.DISPLAY.resetSignal\fP" |
---|
586 | The number of the signal \fIxdm\fP sends to reset the server. |
---|
587 | See the section \fBControlling the Server.\fP |
---|
588 | The default is 1 (SIGHUP). |
---|
589 | .IP "\fBDisplayManager.DISPLAY.termSignal\fP" |
---|
590 | The number of the signal \fIxdm\fP sends to terminate the server. |
---|
591 | See the section \fBControlling the Server.\fP |
---|
592 | The default is 15 (SIGTERM). |
---|
593 | .IP "\fBDisplayManager.DISPLAY.resetForAuth\fP" |
---|
594 | The original implementation of authorization in the sample server reread the |
---|
595 | authorization file at server reset time, instead of when checking the |
---|
596 | initial connection. As |
---|
597 | .I xdm |
---|
598 | generates the authorization information just before connecting to the |
---|
599 | display, an old server would not get up-to-date authorization information. |
---|
600 | This resource causes |
---|
601 | .I xdm |
---|
602 | to send SIGHUP to the server after setting up the file, causing an |
---|
603 | additional server reset to occur, during which time the new authorization |
---|
604 | information will be read. |
---|
605 | The default is ``false,'' which will work for all MIT servers. |
---|
606 | .IP "\fBDisplayManager.DISPLAY.userAuthDir\fP" |
---|
607 | When |
---|
608 | .I xdm |
---|
609 | is unable to write to the usual user authorization file ($HOME/.Xauthority), |
---|
610 | it creates a unique file name in this directory and points the environment |
---|
611 | variable XAUTHORITY at the created file. It uses \fI/tmp\fP by default. |
---|
612 | .SH "XDMCP ACCESS CONTROL" |
---|
613 | .PP |
---|
614 | The database file specified by the \fBDisplayManager.accessFile\fP provides |
---|
615 | information which |
---|
616 | .I xdm |
---|
617 | uses to control access from displays requesting XDMCP service. This file |
---|
618 | contains three types of entries: entries which control the response to |
---|
619 | Direct and Broadcast queries, entries which control the response to |
---|
620 | Indirect queries, and macro definitions. |
---|
621 | .PP |
---|
622 | The format of the Direct entries is simple, either a host name or a |
---|
623 | pattern, which is distinguished from a host name by the inclusion of |
---|
624 | one or more meta characters (`*' matches any sequence of 0 or more |
---|
625 | characters, and `?' matches any single character) which are compared against |
---|
626 | the host name of the display device. |
---|
627 | If the entry is a host name, all comparisons are done using |
---|
628 | network addresses, so any name which converts to the correct network address |
---|
629 | may be used. |
---|
630 | For patterns, only canonical host names are used |
---|
631 | in the comparison, so ensure that you do not attempt to match |
---|
632 | aliases. |
---|
633 | Preceding either a host name or a pattern with a `!' character |
---|
634 | causes hosts which |
---|
635 | match that entry to be excluded. |
---|
636 | .PP |
---|
637 | An Indirect entry also contains a host name or pattern, |
---|
638 | but follows it with a list of |
---|
639 | host names or macros to which indirect queries should be sent. |
---|
640 | .PP |
---|
641 | A macro definition contains a macro name and a list of host names and |
---|
642 | other macros that |
---|
643 | the macro expands to. To distinguish macros from hostnames, macro |
---|
644 | names start with a `%' character. Macros may be nested. |
---|
645 | .PP |
---|
646 | Indirect entries |
---|
647 | may also specify to have \fIxdm\fP run \fIchooser\fP to offer a menu |
---|
648 | of hosts to connect to. See the section \fBChooser\fP. |
---|
649 | .PP |
---|
650 | When checking access for a particular display host, each entry is scanned in |
---|
651 | turn and the first matching entry determines the response. Direct and |
---|
652 | Broadcast |
---|
653 | entries are ignored when scanning for an Indirect entry and vice-versa. |
---|
654 | .PP |
---|
655 | Blank lines are ignored, `#' is treated as a comment |
---|
656 | delimiter causing the rest of that line to be ignored, |
---|
657 | and `\e\fInewline\fP' |
---|
658 | causes the newline to be ignored, allowing indirect host lists to span |
---|
659 | multiple lines. |
---|
660 | .PP |
---|
661 | Here is an example Xaccess file: |
---|
662 | .LP |
---|
663 | .ta 2i 4i |
---|
664 | .nf |
---|
665 | # |
---|
666 | # Xaccess \- XDMCP access control file |
---|
667 | # |
---|
668 | |
---|
669 | # |
---|
670 | # Direct/Broadcast query entries |
---|
671 | # |
---|
672 | |
---|
673 | !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra |
---|
674 | bambi.ogi.edu # allow access from this particular display |
---|
675 | *.lcs.mit.edu # allow access from any display in LCS |
---|
676 | |
---|
677 | # |
---|
678 | # Indirect query entries |
---|
679 | # |
---|
680 | |
---|
681 | %HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \\ |
---|
682 | excess.lcs.mit.edu kanga.lcs.mit.edu |
---|
683 | |
---|
684 | extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon |
---|
685 | !xtra.lcs.mit.edu dummy #disallow indirect access |
---|
686 | *.lcs.mit.edu %HOSTS #all others get to choose |
---|
687 | .fi |
---|
688 | .SH CHOOSER |
---|
689 | .PP |
---|
690 | For X terminals that do not offer a host menu for use with Broadcast |
---|
691 | or Indirect queries, the \fIchooser\fP program can do this for them. |
---|
692 | In the \fIXaccess\fP file, specify ``CHOOSER'' as the first entry in |
---|
693 | the Indirect host list. \fIChooser\fP will send a Query request to |
---|
694 | each of the remaining host names in the list and offer a menu of all |
---|
695 | the hosts that respond. |
---|
696 | .PP |
---|
697 | The list may consist of the word ``BROADCAST,'' in which case |
---|
698 | \fIchooser\fP will send a Broadcast instead, again offering a menu of |
---|
699 | all hosts that respond. Note that on some operating systems, UDP |
---|
700 | packets cannot be broadcast, so this feature will not work. |
---|
701 | .PP |
---|
702 | Example \fIXaccess\fP file using \fIchooser\fP: |
---|
703 | |
---|
704 | .nf |
---|
705 | extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of these hosts |
---|
706 | xtra.lcs.mit.edu CHOOSER BROADCAST #offer a menu of all hosts |
---|
707 | .fi |
---|
708 | .PP |
---|
709 | The program to use for \fIchooser\fP is specified by the |
---|
710 | \fBDisplayManager.DISPLAY.chooser\fP resource. |
---|
711 | Resources for this program |
---|
712 | can be put into the file named by |
---|
713 | \fBDisplayManager.DISPLAY.resources\fP. |
---|
714 | .SH "SERVER SPECIFICATION" |
---|
715 | The resource \fBDisplayManager.servers\fP gives a server specification |
---|
716 | or, if the values starts with a slash (/), the name of a file |
---|
717 | containing server specifications, one per line. |
---|
718 | .PP |
---|
719 | Each specification |
---|
720 | indicates a display which should constantly be managed and which is |
---|
721 | not using XDMCP. Each consists of at least three parts: a display |
---|
722 | name, a display class, a display type, and (for local servers) a command |
---|
723 | line to start the server. A typical entry for local display number 0 would |
---|
724 | be: |
---|
725 | .nf |
---|
726 | |
---|
727 | :0 Digital-QV local /usr/bin/X11/X :0 |
---|
728 | |
---|
729 | .fi |
---|
730 | The display types are: |
---|
731 | .ta 1i |
---|
732 | .nf |
---|
733 | |
---|
734 | local local display: \fIxdm\fP must run the server |
---|
735 | foreign remote display: \fIxdm\fP opens an X connection to a running server |
---|
736 | |
---|
737 | .fi |
---|
738 | .PP |
---|
739 | The display name must be something that can be passed in the \fB\-display\fP |
---|
740 | option to an X program. This string is used to generate the display-specific |
---|
741 | resource names, so be careful to match the |
---|
742 | names (e.g. use ``:0 local /usr/bin/X11/X :0'' instead of ``localhost:0 local |
---|
743 | /usr/bin/X11/X :0'' if your other resources are specified as |
---|
744 | ``DisplayManager._0.session''). The display class portion is also used in the |
---|
745 | display-specific resources, as the class of the resource. This is |
---|
746 | useful if you have a large collection of similar displays (like a corral of |
---|
747 | X terminals) and would like to set resources for groups of them. When using |
---|
748 | XDMCP, the display is required to specify the display class, so the manual |
---|
749 | for your particular X terminal should document the display class |
---|
750 | string for your device. If it doesn't, you can run |
---|
751 | .I xdm |
---|
752 | in debug mode and |
---|
753 | look at the resource strings which it generates for that device, which will |
---|
754 | include the class string. |
---|
755 | .SH "SETUP PROGRAM" |
---|
756 | The \fIXsetup\fP file is run after |
---|
757 | the server is reset, but before the Login window is offered. |
---|
758 | The file is typically a shell script. |
---|
759 | It is run as root, so should be careful about security. |
---|
760 | This is the place to change the root background or bring up other |
---|
761 | windows that should appear on the screen along with the Login widget. |
---|
762 | .PP |
---|
763 | In addition to any specified by \fBDisplayManager.exportList\fP, |
---|
764 | the following environment variables are passed: |
---|
765 | .nf |
---|
766 | .ta .5i 2i |
---|
767 | |
---|
768 | DISPLAY the associated display name |
---|
769 | PATH the value of \fBDisplayManager.DISPLAY.systemPath\fP |
---|
770 | SHELL the value of \fBDisplayManager.DISPLAY.systemShell\fP |
---|
771 | XAUTHORITY may be set to an authority file |
---|
772 | .fi |
---|
773 | .PP |
---|
774 | Note that since \fIxdm\fP grabs the keyboard, any other windows will not be |
---|
775 | able to receive keyboard input. They will be able to interact with |
---|
776 | the mouse, however; beware of potential security holes here. |
---|
777 | If \fBDisplayManager.DISPLAY.grabServer\fP is set, |
---|
778 | \fIXsetup\fP will not be able to connect |
---|
779 | to the display at all. |
---|
780 | Resources for this program |
---|
781 | can be put into the file named by |
---|
782 | \fBDisplayManager.DISPLAY.resources\fP. |
---|
783 | .SH "AUTHENTICATION WIDGET" |
---|
784 | The authentication widget reads a name/password pair |
---|
785 | from the keyboard. Nearly every imaginable |
---|
786 | parameter can be controlled with a resource. Resources for this widget |
---|
787 | should be put into the file named by |
---|
788 | \fBDisplayManager.DISPLAY.resources\fP. All of these have reasonable |
---|
789 | default values, so it is not necessary to specify any of them. |
---|
790 | .IP "\fBxlogin.Login.width, xlogin.Login.height, xlogin.Login.x, xlogin.Login.y\fP" |
---|
791 | The geometry of the Login widget is normally computed automatically. If you |
---|
792 | wish to position it elsewhere, specify each of these resources. |
---|
793 | .IP "\fBxlogin.Login.foreground\fP" |
---|
794 | The color used to display the typed-in user name. |
---|
795 | .IP "\fBxlogin.Login.font\fP" |
---|
796 | The font used to display the typed-in user name. |
---|
797 | .IP "\fBxlogin.Login.greeting\fP" |
---|
798 | A string which identifies this window. |
---|
799 | The default is ``X Window System.'' |
---|
800 | .IP "\fBxlogin.Login.unsecureGreeting\fP" |
---|
801 | When X authorization is requested in the configuration file for this |
---|
802 | display and none is in use, this greeting replaces the standard |
---|
803 | greeting. The default is ``This is an unsecure session'' |
---|
804 | .IP "\fBxlogin.Login.greetFont\fP" |
---|
805 | The font used to display the greeting. |
---|
806 | .IP "\fBxlogin.Login.greetColor\fP" |
---|
807 | The color used to display the greeting. |
---|
808 | .IP "\fBxlogin.Login.namePrompt\fP" |
---|
809 | The string displayed to prompt for a user name. |
---|
810 | .I Xrdb |
---|
811 | strips trailing white space from resource values, so to add spaces at |
---|
812 | the end of the prompt (usually a nice thing), add spaces escaped with |
---|
813 | backslashes. The default is ``Login: '' |
---|
814 | .IP "\fBxlogin.Login.passwdPrompt\fP" |
---|
815 | The string displayed to prompt for a password. |
---|
816 | The default is ``Password: '' |
---|
817 | .IP "\fBxlogin.Login.promptFont\fP" |
---|
818 | The font used to display both prompts. |
---|
819 | .IP "\fBxlogin.Login.promptColor\fP" |
---|
820 | The color used to display both prompts. |
---|
821 | .IP "\fBxlogin.Login.fail\fP" |
---|
822 | A message which is displayed when the authentication fails. |
---|
823 | The default is ``Login incorrect'' |
---|
824 | .IP "\fBxlogin.Login.failFont\fP" |
---|
825 | The font used to display the failure message. |
---|
826 | .IP "\fBxlogin.Login.failColor\fP" |
---|
827 | The color used to display the failure message. |
---|
828 | .IP "\fBxlogin.Login.failTimeout\fP" |
---|
829 | The number of seconds that the failure message is displayed. |
---|
830 | The default is 30. |
---|
831 | .IP "\fBxlogin.Login.translations\fP" |
---|
832 | This specifies the translations used for the login widget. Refer to the X |
---|
833 | Toolkit documentation for a complete discussion on translations. The default |
---|
834 | translation table is: |
---|
835 | .nf |
---|
836 | .ta .5i 2i |
---|
837 | |
---|
838 | Ctrl<Key>H: delete-previous-character() \\n\\ |
---|
839 | Ctrl<Key>D: delete-character() \\n\\ |
---|
840 | Ctrl<Key>B: move-backward-character() \\n\\ |
---|
841 | Ctrl<Key>F: move-forward-character() \\n\\ |
---|
842 | Ctrl<Key>A: move-to-begining() \\n\\ |
---|
843 | Ctrl<Key>E: move-to-end() \\n\\ |
---|
844 | Ctrl<Key>K: erase-to-end-of-line() \\n\\ |
---|
845 | Ctrl<Key>U: erase-line() \\n\\ |
---|
846 | Ctrl<Key>X: erase-line() \\n\\ |
---|
847 | Ctrl<Key>C: restart-session() \\n\\ |
---|
848 | Ctrl<Key>\\\\: abort-session() \\n\\ |
---|
849 | <Key>BackSpace: delete-previous-character() \\n\\ |
---|
850 | <Key>Delete: delete-previous-character() \\n\\ |
---|
851 | <Key>Return: finish-field() \\n\\ |
---|
852 | <Key>: insert-char() \\ |
---|
853 | |
---|
854 | .fi |
---|
855 | .PP |
---|
856 | The actions which are supported by the widget are: |
---|
857 | .IP "delete-previous-character" |
---|
858 | Erases the character before the cursor. |
---|
859 | .IP "delete-character" |
---|
860 | Erases the character after the cursor. |
---|
861 | .IP "move-backward-character" |
---|
862 | Moves the cursor backward. |
---|
863 | .IP "move-forward-character" |
---|
864 | Moves the cursor forward. |
---|
865 | .IP "move-to-begining" |
---|
866 | (Apologies about the spelling error.) |
---|
867 | Moves the cursor to the beginning of the editable text. |
---|
868 | .IP "move-to-end" |
---|
869 | Moves the cursor to the end of the editable text. |
---|
870 | .IP "erase-to-end-of-line" |
---|
871 | Erases all text after the cursor. |
---|
872 | .IP "erase-line" |
---|
873 | Erases the entire text. |
---|
874 | .IP "finish-field" |
---|
875 | If the cursor is in the name field, proceeds to the password field; if the |
---|
876 | cursor is in the password field, checks the current name/password pair. If |
---|
877 | the name/password pair is valid, \fIxdm\fP |
---|
878 | starts the session. Otherwise the failure message is displayed and |
---|
879 | the user is prompted again. |
---|
880 | .IP "abort-session" |
---|
881 | Terminates and restarts the server. |
---|
882 | .IP "abort-display" |
---|
883 | Terminates the server, disabling it. This is a rash action and |
---|
884 | is not accessible in the default configuration. It can be used to |
---|
885 | stop \fIxdm\fP |
---|
886 | when shutting the system down or when using \fIxdmshell.\fP |
---|
887 | .IP "restart-session" |
---|
888 | Resets the X server and starts a new session. This can be used when |
---|
889 | the resources have been changed and you want to test them or when |
---|
890 | the screen has been overwritten with system messages. |
---|
891 | .IP "insert-char" |
---|
892 | Inserts the character typed. |
---|
893 | .IP "set-session-argument" |
---|
894 | Specifies a single word argument which is passed to the session at startup. |
---|
895 | See the sections \fBSession Program\fP and \fBTypical Usage\fP. |
---|
896 | .IP "allow-all-access" |
---|
897 | Disables access control in the server. This can be used when |
---|
898 | the .Xauthority file cannot be created by |
---|
899 | .I xdm. |
---|
900 | Be very careful using this; |
---|
901 | it might be better to disconnect the machine from the network |
---|
902 | before doing this. |
---|
903 | .SH "STARTUP PROGRAM" |
---|
904 | .PP |
---|
905 | The \fIXstartup\fP file is typically a shell script. |
---|
906 | It is run as root and should be |
---|
907 | very careful about security. This is the place to put commands which add |
---|
908 | entries to \fI/etc/utmp,\fP mount users' home directories from file servers, |
---|
909 | display the message of the day, or abort the session if logins are not |
---|
910 | allowed. |
---|
911 | .PP |
---|
912 | In addition to any specified by \fBDisplayManager.exportList\fP, |
---|
913 | the following environment variables are passed: |
---|
914 | .nf |
---|
915 | .ta .5i 2i |
---|
916 | |
---|
917 | DISPLAY the associated display name |
---|
918 | HOME the initial working directory of the user |
---|
919 | USER the user name |
---|
920 | PATH the value of \fBDisplayManager.DISPLAY.systemPath\fP |
---|
921 | SHELL the value of \fBDisplayManager.DISPLAY.systemShell\fP |
---|
922 | XAUTHORITY may be set to an authority file |
---|
923 | |
---|
924 | .fi |
---|
925 | .PP |
---|
926 | No arguments are passed to the script. |
---|
927 | .I Xdm |
---|
928 | waits until this script exits before starting the user session. If the |
---|
929 | exit value of this script is non-zero, |
---|
930 | .I xdm |
---|
931 | discontinues the session and starts another authentication |
---|
932 | cycle. |
---|
933 | .SH "SESSION PROGRAM" |
---|
934 | .PP |
---|
935 | The \fIXsession\fP program is the command which is run as the user's session. |
---|
936 | It is run with |
---|
937 | the permissions of the authorized user. |
---|
938 | .PP |
---|
939 | In addition to any specified by \fBDisplayManager.exportList\fP, |
---|
940 | the following environment variables are passed: |
---|
941 | .nf |
---|
942 | .ta .5i 2i |
---|
943 | |
---|
944 | DISPLAY the associated display name |
---|
945 | HOME the initial working directory of the user |
---|
946 | USER the user name |
---|
947 | PATH the value of \fBDisplayManager.DISPLAY.userPath\fP |
---|
948 | SHELL the user's default shell (from \fIgetpwnam\fP) |
---|
949 | XAUTHORITY may be set to a non-standard authority file |
---|
950 | |
---|
951 | .fi |
---|
952 | .PP |
---|
953 | At most installations, \fIXsession\fP should look in $HOME for |
---|
954 | a file \fI\.xsession,\fP |
---|
955 | which contains commands that each user would like to use as a session. |
---|
956 | \fIXsession\fP should also |
---|
957 | implement a system default session if no user-specified session exists. |
---|
958 | See the section \fBTypical Usage\fP. |
---|
959 | .PP |
---|
960 | An argument may be passed to this program from the authentication widget |
---|
961 | using the `set-session-argument' action. This can be used to select |
---|
962 | different styles of session. One good use of this feature is to allow |
---|
963 | the user to escape from the ordinary session when it fails. This |
---|
964 | allows users to repair their own \fI.xsession\fP if it fails, |
---|
965 | without requiring administrative intervention. The section \fBTypical Usage\fP |
---|
966 | demonstrates this feature. |
---|
967 | .SH "RESET PROGRAM" |
---|
968 | .PP |
---|
969 | Symmetrical with \fIXstartup\fP, |
---|
970 | the \fIXreset\fP script is run after the user session has |
---|
971 | terminated. Run as root, it should contain commands that undo |
---|
972 | the effects of commands in \fIXstartup,\fP removing entries |
---|
973 | from \fI/etc/utmp\fP |
---|
974 | or unmounting directories from file servers. The environment |
---|
975 | variables that were passed to \fIXstartup\fP are also |
---|
976 | passed to \fIXreset\fP. |
---|
977 | .SH "CONTROLLING THE SERVER" |
---|
978 | .I Xdm |
---|
979 | controls local servers using POSIX signals. SIGHUP is expected to reset the |
---|
980 | server, closing all client connections and performing other cleanup |
---|
981 | duties. SIGTERM is expected to terminate the server. |
---|
982 | If these signals do not perform the expected actions, |
---|
983 | the resources \fBDisplayManager.DISPLAY.resetSignal\fP and |
---|
984 | \fBDisplayManager.DISPLAY.termSignal\fP can specify alternate signals. |
---|
985 | .PP |
---|
986 | To control remote terminals not using XDMCP, |
---|
987 | .I xdm |
---|
988 | searches the window hierarchy on the display and uses the protocol request |
---|
989 | KillClient in an attempt to clean up the terminal for the next session. This |
---|
990 | may not actually kill all of the clients, as only those which have created |
---|
991 | windows will be noticed. XDMCP provides a more sure mechanism; when |
---|
992 | .I xdm |
---|
993 | closes its initial connection, the session is over and the terminal is |
---|
994 | required to close all other connections. |
---|
995 | .SH "CONTROLLING XDM" |
---|
996 | .PP |
---|
997 | .I Xdm |
---|
998 | responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP, |
---|
999 | .I xdm |
---|
1000 | rereads the configuration file, the access control file, and the servers |
---|
1001 | file. For the servers file, it notices if entries have been added or |
---|
1002 | removed. If a new entry has been added, |
---|
1003 | .I xdm |
---|
1004 | starts a session on the associated display. Entries which have been removed |
---|
1005 | are disabled immediately, meaning that any session in progress will be |
---|
1006 | terminated without notice and no new session will be started. |
---|
1007 | .PP |
---|
1008 | When sent a SIGTERM, |
---|
1009 | .I xdm |
---|
1010 | terminates all sessions in progress and exits. This can be used when |
---|
1011 | shutting down the system. |
---|
1012 | .PP |
---|
1013 | .I Xdm |
---|
1014 | attempts to mark its various sub-processes for |
---|
1015 | .IR ps (1) |
---|
1016 | by editing the |
---|
1017 | command line argument list in place. Because |
---|
1018 | .I xdm |
---|
1019 | can't allocate additional |
---|
1020 | space for this task, it is useful to start |
---|
1021 | .I xdm |
---|
1022 | with a reasonably long |
---|
1023 | command line (using the full path name should be enough). |
---|
1024 | Each process which is |
---|
1025 | servicing a display is marked \fB\-\fP\fIdisplay.\fP |
---|
1026 | .SH "OTHER POSSIBILITIES" |
---|
1027 | .PP |
---|
1028 | You can use \fIxdm\fP |
---|
1029 | to run a single session at a time, using the 4.3 \fIinit\fP |
---|
1030 | options or other suitable daemon by specifying the server on the command |
---|
1031 | line: |
---|
1032 | .nf |
---|
1033 | .ta .5i |
---|
1034 | |
---|
1035 | xdm \-server ":0 SUN-3/60CG4 local /usr/bin/X :0" |
---|
1036 | |
---|
1037 | .fi |
---|
1038 | .PP |
---|
1039 | Or, you might have a file server and a collection of X terminals. The |
---|
1040 | configuration for this is identical to the sample above, |
---|
1041 | except the \fIXservers\fP file would look like |
---|
1042 | .nf |
---|
1043 | .ta .5i |
---|
1044 | |
---|
1045 | extol:0 VISUAL-19 foreign |
---|
1046 | exalt:0 NCD-19 foreign |
---|
1047 | explode:0 NCR-TOWERVIEW3000 foreign |
---|
1048 | |
---|
1049 | .fi |
---|
1050 | .PP |
---|
1051 | This directs |
---|
1052 | .I xdm |
---|
1053 | to manage sessions on all three of these terminals. See the section |
---|
1054 | \fBControlling Xdm\fP for a description of using signals to enable |
---|
1055 | and disable these terminals in a manner reminiscent of |
---|
1056 | .IR init (8). |
---|
1057 | .SH LIMITATIONS |
---|
1058 | One thing that |
---|
1059 | .I xdm |
---|
1060 | isn't very good at doing is coexisting with other window systems. To use |
---|
1061 | multiple window systems on the same hardware, you'll probably be more |
---|
1062 | interested in |
---|
1063 | .I xinit. |
---|
1064 | .SH FILES |
---|
1065 | .TP 20 |
---|
1066 | .I /usr/lib/X11/xdm/xdm-config |
---|
1067 | the default configuration file |
---|
1068 | .TP 20 |
---|
1069 | .I /usr/lib/X11/xdm/Xaccess |
---|
1070 | the default access file, listing authorized displays |
---|
1071 | .TP 20 |
---|
1072 | .I /usr/lib/X11/xdm/Xservers |
---|
1073 | the default server file, listing non-XDMCP servers to manage |
---|
1074 | .TP 20 |
---|
1075 | .I $(HOME)/.Xauthority |
---|
1076 | user authorization file where \fIxdm\fP stores keys for clients to read |
---|
1077 | .TP 20 |
---|
1078 | .I /usr/lib/X11/xdm/chooser |
---|
1079 | the default chooser |
---|
1080 | .TP 20 |
---|
1081 | .I /usr/bin/X11/xrdb |
---|
1082 | the default resource database loader |
---|
1083 | .TP 20 |
---|
1084 | .I /usr/bin/X11/X |
---|
1085 | the default server |
---|
1086 | .TP 20 |
---|
1087 | .I /usr/bin/X11/xterm |
---|
1088 | the default session program and failsafe client |
---|
1089 | .TP 20 |
---|
1090 | .I /usr/lib/X11/xdm/A<host>\-<suffix> |
---|
1091 | the default place for authorization files |
---|
1092 | .SH "SEE ALSO" |
---|
1093 | .IR X (1), |
---|
1094 | .IR xinit (1), |
---|
1095 | .IR xauth (1), |
---|
1096 | .IR Xsecurity (1), |
---|
1097 | and XDMCP |
---|
1098 | .SH COPYRIGHT |
---|
1099 | Copyright 1988, Massachusetts Institute of Technology. |
---|
1100 | .br |
---|
1101 | See |
---|
1102 | .IR X (1) |
---|
1103 | for a full statement of rights and permissions. |
---|
1104 | .SH AUTHOR |
---|
1105 | Keith Packard, MIT X Consortium |
---|