--- xdm.man.old 2009-09-24 14:19:08.836809000 -0700 +++ xdm.man.new 2009-09-24 14:38:29.682073000 -0700 @@ -8,8 +8,8 @@ xdm - X Display Manager with support for XDMCP, host chooser SYNOPSIS - xdm [ -config configuration_file ] [ -nodaemon ] [ -debug - debug_level ] [ -error error_log_file ] [ -resources + /usr/sbin/xdm [ -config configuration_file ] [ -nodaemon ] [ + -debug debug_level ] [ -error error_log_file ] [ -resources resource_file ] [ -server server_entry ] [ -session session_program ] @@ -98,11 +98,10 @@ At the end of the session, the Xreset script is run to clean up, the X server is reset, and the cycle starts over. - The file /usr/openwin/lib/X11/xdm/xdm-errors will contain - error messages from xdm and anything output to stderr by - Xsetup, Xstartup, Xsession or Xreset. When you have trouble - getting xdm working, check this file to see if xdm has any - clues to the trouble. + The file /var/log/xdm.log will contain error messages from + xdm and anything output to stderr by Xsetup, Xstartup, Xses- + sion or Xreset. When you have trouble getting xdm working, + check this file to see if xdm has any clues to the trouble. OPTIONS All of these options, except -config itself, specify values @@ -111,9 +110,8 @@ -config configuration_file Names the configuration file, which specifies resources - to control the behavior of xdm. - /usr/openwin/lib/X11/xdm/xdm-config is the default. - See the section Configuration File. + to control the behavior of xdm. /etc/X11/xdm/xdm-config + is the default. See the section Configuration File. -nodaemon Specifies ``false'' as the value for the @@ -142,7 +140,7 @@ -resources resource_file Specifies the value for the DisplayManager*resources - resource. This file is loaded using xrdb to specify + resource. This file is loaded using xrdb(1) to specify configuration parameters for the authentication widget. -server server_entry @@ -153,10 +151,11 @@ -udpPort port_number Specifies the value for the DisplayManager.requestPort resource. This sets the port-number which xdm will - monitor for XDMCP requests. As XDMCP uses the - registered well-known UDP port 177, this resource - should not be changed except for debugging. If set to 0 - xdm will not listen for XDMCP or Chooser requests. + monitor for XDMCP requests. If set to 0, xdm will not + listen for XDMCP or Chooser requests. As XDMCP uses + the registered well-known UDP port 177, this resource + should not be changed to a value other than 0, except + for debugging. -session session_program Specifies the value for the DisplayManager*session @@ -250,9 +249,8 @@ DisplayManager.authDir This names a directory under which xdm stores authori- zation files while initializing the session. The - default value is /usr/openwin/lib/X11/xdm. Can be - overridden for specific displays by - DisplayManager.DISPLAY.authFile. + default value is /var/run/xdm. Can be overridden for + specific displays by DisplayManager.DISPLAY.authFile. DisplayManager.autoRescan This boolean controls whether xdm rescans the confi- @@ -303,17 +301,32 @@ DisplayManager.randomDevice A file to read 8 bytes from to generate the seed of - authorization keys. The default is "/dev/random" . If - this file cannot be read, or if a read blocks for more - than 5 seconds, xdm falls back to using a checksum of - DisplayManager.randomFile to generate the seed. - + authorization keys. The default is "/dev/urandom" . + If this file cannot be read, or if a read blocks for + more than 5 seconds, xdm falls back to using a checksum + of DisplayManager.randomFile to generate the seed. + + + DisplayManager.prngdSocket + + DisplayManager.prngPort + A UNIX domain socket name or a TCP socket port number + on local host on which a Pseudo-Random Number Generator + Daemon, like EGD (http://egd.sourceforge.net) is + listening, in order to generate the autorization keys. + Either a non null port or a valid socket name must be + specified. The default is to use the Unix-domain socket + /tmp/entropy. + + On systems that don't have such a daemon, a fall-back + entropy gathering system, based on various log file contents + hashed by the MD5 algorithm is used instead. DisplayManager.greeterLib On systems that support a dynamically-loadable greeter library, the name of the library. The default is - /usr/openwin/lib/X11/xdm/libXdmGreet.so. + /usr/lib/X11/xdm/libXdmGreet.so. DisplayManager.choiceTimeout Number of seconds to wait for display to respond after @@ -348,19 +361,18 @@ the section Authentication Widget, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but - /usr/openwin/lib/X11/xdm/Xresources is the conven- - tional name. + /etc/X11/xdm/Xresources is the conventional name. DisplayManager.DISPLAY.chooser Specifies the program run to offer a host menu for Indirect queries redirected to the special host name CHOOSER. - /usr/openwin/lib/X11/xdm/chooser is the default. See - the sections XDMCP Access Control and Chooser. + /usr/lib/X11/xdm/chooser is the default. See the + sections XDMCP Access Control and Chooser. DisplayManager.DISPLAY.xrdb Specifies the program used to load the resources. By - default, xdm uses /usr/openwin/bin/xrdb. + default, xdm uses /usr/X11/bin/xrdb. DisplayManager.DISPLAY.cpp This specifies the name of the C preprocessor which is @@ -383,9 +395,8 @@ DisplayManager.DISPLAY.session This specifies the session to be executed (not running - as root). By default, /usr/openwin/bin/xterm is run. - The conventional name is Xsession. See the section - Session Program. + as root). The conventional name is Xsession. See the + section Session Program. DisplayManager.DISPLAY.reset This specifies a program which is run (as root) after @@ -452,22 +463,18 @@ DisplayManager.DISPLAY.userPath Xdm sets the PATH environment variable for the session to this value. It should be a colon separated list of - directories; see sh(1) for a full description. - - ``/usr/bin:/usr/openwin/bin:/usr/dt/bin'' is a common - setting. - + directories; see sh(1) for a full description. The + default value is + ``/usr/bin:/usr/X11/bin:/usr/sbin:/sbin''. DisplayManager.DISPLAY.systemPath Xdm sets the PATH environment variable for the startup and reset scripts to the value of this resource. The - default for this resource is specified at build time by - the DefaultSystemPath entry in the system configuration - file; ``/etc:/bin:/usr/bin:/usr/openwin/bin:/usr/ucb'' - is a common choice. Note the absence of ``.'' from - this entry. This is a good practice to follow for - root; it avoids many common Trojan Horse system pene- - tration schemes. + default for this resource is + ``/usr/bin:/usr/X11/bin:/usr/sbin:/sbin''. Note the + absence of ``.'' from this entry. This is a good prac- + tice to follow for root; it avoids many common Trojan + Horse system penetration schemes. DisplayManager.DISPLAY.systemShell Xdm sets the SHELL environment variable for the startup @@ -479,8 +486,8 @@ back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had (see the sec- - tion Session Program). By default, - /usr/openwin/bin/xterm is used. + tion Session Program). By default, /usr/X11/bin/xterm + is used. DisplayManager.DISPLAY.grabServer @@ -515,7 +522,7 @@ for a display and authorization is not available, the user is informed by having a different message displayed in the login widget. By default, authorize - is ``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or, + is ``true,'' authName is ``MIT-MAGIC-COOKIE-1,'' or, if XDM-AUTHORIZATION-1 is available, ``XDM- AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.'' @@ -565,19 +572,18 @@ CONFIGURATION FILE First, the xdm configuration file should be set up. Make a - directory (usually /usr/openwin/lib/X11/xdm) to contain all - of the relevant files. - + directory (usually /etc/X11/xdm) to contain all of the + relevant files. Here is a reasonable configuration file, which could be named xdm-config: - DisplayManager.servers: /usr/openwin/lib/X11/xdm/Xservers - DisplayManager.errorLogFile: /usr/openwin/lib/X11/xdm/xdm-errors - DisplayManager*resources: /usr/openwin/lib/X11/xdm/Xresources - DisplayManager*startup: /usr/openwin/lib/X11/xdm/Xstartup - DisplayManager*session: /usr/openwin/lib/X11/xdm/Xsession - DisplayManager.pidFile: /usr/openwin/lib/X11/xdm/xdm-pid + DisplayManager.servers: /etc/X11/xdm/Xservers + DisplayManager.errorLogFile: /var/log/xdm.log + DisplayManager*resources: /etc/X11/xdm/Xresources + DisplayManager*startup: /etc/X11/xdm/Xstartup + DisplayManager*session: /etc/X11/xdm/Xsession + DisplayManager.pidFile: /var/run/xdm/xdm-pid DisplayManager._0.authorize: true DisplayManager*authorize: false @@ -660,8 +666,8 @@ # Indirect query entries # - %HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \ - excess.lcs.mit.edu kanga.lcs.mit.edu + %HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu excess.lcs.mit.edu kanga.lcs.mit.edu + extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon !xtra.lcs.mit.edu dummy #disallow indirect access @@ -751,6 +757,17 @@ # as no other listen directives appear in # file. +IPv6 MULTICAST ADDRESS SPECIFICATION + The Internet Assigned Numbers Authority has has assigned + ff0X:0:0:0:0:0:0:12b as the permanently assigned range of + multicast addresses for XDMCP. The X in the prefix may be + replaced by any valid scope identifier, such as 1 for + Interface-Local, 2 for Link-Local, 5 for Site-Local, and so + on. (See IETF RFC 4291 or its replacement for further + details and scope definitions.) xdm defaults to listening + on the Link-Local scope address ff02:0:0:0:0:0:0:12b to most + closely match the old IPv4 subnet broadcast behavior. + LOCAL SERVER SPECIFICATION The resource DisplayManager.servers gives a server specifi- cation or, if the values starts with a slash (/), the name @@ -764,10 +781,10 @@ Each specification consists of at least three parts: a display name, a display class, a display type, and (for - local servers) a command line to start the server. A typi- - cal entry for local display number 0 would be: + local servers) a command line to start the server. A + typical entry for local display number 0 would be: - :0 Digital-QV local /usr/openwin/bin/X :0 + :0 Digital-QV local /usr/X11/bin/X :0 The display types are: @@ -778,20 +795,20 @@ The display name must be something that can be passed in the -display option to an X program. This string is used to generate the display-specific resource names, so be careful - to match the names (e.g., use ``:0 Sun-CG3 local - /usr/openwin/bin/X :0'' instead of ``localhost:0 Sun-CG3 - local /usr/openwin/bin/X :0'' if your other resources are - specified as ``DisplayManager._0.session''). The display - class portion is also used in the display-specific - resources, as the class of the resource. This is useful if - you have a large collection of similar displays (such as a - corral of X terminals) and would like to set resources for - groups of them. When using XDMCP, the display is required - to specify the display class, so the manual for your partic- - ular X terminal should document the display class string for - your device. If it doesn't, you can run xdm in debug mode - and look at the resource strings which it generates for that - device, which will include the class string. + to match the names (e.g., use ``:0 Sun-CG3 local /usr/X11/bin/X + :0'' instead of ``localhost:0 Sun-CG3 local /usr/X11/bin/X :0'' + if your other resources are specified as + ``DisplayManager._0.session''). The display class portion + is also used in the display-specific resources, as the class + of the resource. This is useful if you have a large collec- + tion of similar displays (such as a corral of X terminals) + and would like to set resources for groups of them. When + using XDMCP, the display is required to specify the display + class, so the manual for your particular X terminal should + document the display class string for your device. If it + doesn't, you can run xdm in debug mode and look at the + resource strings which it generates for that device, which + will include the class string. When xdm starts a session, it sets up authorization data for the server. For local servers, xdm passes ``-auth @@ -837,6 +854,7 @@ rity. This is the place to change the root background or bring up other windows that should appear on the screen along with the Login widget. + In addition to any specified by DisplayManager.exportList, the following environment variables are passed: @@ -858,18 +876,34 @@ #!/bin/sh # Xsetup_0 - setup script for one workstation - xcmsdb < /usr/openwin/lib/monitors/alex.0 + xcmsdb < /etc/X11/xdm/monitors/alex.0 xconsole -geometry 480x130-0-0 -notify -verbose -exitOnFail & AUTHENTICATION WIDGET - The authentication widget reads a name/password pair from - the keyboard. Nearly every imaginable parameter can be con- + The authentication widget prompts the user for the username, + password, and/or other required authentication data from the + keyboard. Nearly every imaginable parameter can be con- trolled with a resource. Resources for this widget should be put into the file named by - DisplayManager.DISPLAY.resources. All of these have reason- - able default values, so it is not necessary to specify any - of them. + DisplayManager.DISPLAY.resources. All of these have + reasonable default values, so it is not necessary to specify + any of them. + + The resource file is loaded with xrdb(1) so it may use the + substitutions defined by that program such as CLIENTHOST for + the client hostname in the login message, or C pre-processor + #ifdef statements to produce different displays depending on + color depth or other variables. + + Xdm can be compiled with support for the Xft(3) library for + font rendering. If this support is present, font faces are + specified using the resources with names ending in ``face'' + in the fontconfig face format described in the Font Names + section of fonts.conf(4). If not, then fonts are specified + using the resources with names ending in ``font'' in the + traditional X Logical Font Description format described in + the Font Names section of X(5). xlogin.Login.y xlogin.Login.width, xlogin.Login.height, xlogin.Login.x, @@ -878,10 +912,16 @@ specify each of these resources. xlogin.Login.foreground - The color used to display the typed-in user name. + The color used to display the input typed by the user. + + xlogin.Login.face + The face used to display the input typed by the user + when built with Xft support. The default is ``Serif- + 18''. xlogin.Login.font - The font used to display the typed-in user name. + The font used to display the input typed by the user + when not built with Xft support. xlogin.Login.greeting A string which identifies this window. The default is @@ -893,8 +933,13 @@ replaces the standard greeting. The default is ``This is an unsecure session'' + xlogin.Login.greetFace + The face used to display the greeting when built with + Xft support. The default is ``Serif-24:italic''. + xlogin.Login.greetFont - The font used to display the greeting. + The font used to display the greeting when not built + with Xft support. xlogin.Login.greetColor The color used to display the greeting. @@ -907,28 +952,86 @@ default is ``Login: '' xlogin.Login.passwdPrompt - The string displayed to prompt for a password. The - default is ``Password: '' + The string displayed to prompt for a password, when not + using an authentication system such as PAM that pro- + vides its own prompts. The default is ``Password: '' + + xlogin.Login.promptFace + The face used to display prompts when built with Xft + support. The default is ``Serif-18:bold''. xlogin.Login.promptFont - The font used to display both prompts. + The font used to display prompts when not built with + Xft support. xlogin.Login.promptColor - The color used to display both prompts. + The color used to display prompts. + + xlogin.Login.changePasswdMessage + A message which is displayed when the users password + has expired. The default is ``Password Change + Required'' xlogin.Login.fail A message which is displayed when the authentication - fails. The default is ``Login incorrect'' + fails, when not using an authentication system such as + PAM that provides its own prompts. The default is + ``Login incorrect'' + + xlogin.Login.failFace + The face used to display the failure message when built + with Xft support. The default is ``Serif-18:bold''. xlogin.Login.failFont - The font used to display the failure message. + The font used to display the failure message when not + built with Xft support. xlogin.Login.failColor The color used to display the failure message. xlogin.Login.failTimeout The number of seconds that the failure message is - displayed. The default is 30. + displayed. The default is 10. + + xlogin.Login.logoFileName + Name of an XPM format pixmap to display in the greeter + window, if built with XPM support. The default is no + pixmap. + + xlogin.Login.logoPadding + Number of pixels of space between the logo pixmap and + other elements of the greeter window, if the pixmap is + displayed. The default is 5. + + xlogin.Login.useShape + If set to ``true'', when built with XPM support, + attempt to use the X Non-Rectangular Window Shape + Extension to set the window shape. The default is + ``true''. + + xlogin.Login.hiColor, xlogin.Login.shdColor + Raised appearance bezels may be drawn around the + greeter frame and text input boxes by setting these + resources. hiColor is the highlight color, used on the + top and left sides of the frame, and the bottom and + right sides of text input areas. shdColor is the sha- + dow color, used on the bottom and right sides of the + frame, and the top and left sides of text input areas. + The default for both is the foreground color, providing + a flat appearance. + + xlogin.Login.frameWidth + frameWidth is the width in pixels of the area around + the greeter frame drawn in hiColor and shdColor. + + xlogin.Login.innerFramesWidth + innerFramesWidth is the width in pixels of the area + around text input areas drawn in hiColor and shdColor. + + xlogin.Login.sepWidth + sepWidth is the width in pixels of the bezeled line + between the greeting and input areas drawn in hiColor + and shdColor. xlogin.Login.allowRootLogin If set to ``false'', don't allow root (and any other @@ -979,8 +1082,8 @@ Moves the cursor forward. move-to-begining - (Apologies about the spelling error.) Moves the cursor - to the beginning of the editable text. + (Apologies about the spelling error.) + Moves the cursor to the beginning of the editable text. move-to-end Moves the cursor to the end of the editable text. @@ -992,44 +1095,43 @@ Erases the entire text. finish-field - If the cursor is in the name field, proceeds to the - password field; if the cursor is in the password field, - checks the current name/password pair. If the - name/password pair is valid, xdm starts the session. - Otherwise the failure message is displayed and the user - is prompted again. + If the cursor is in the name field, proceeds to the password field; if the + cursor is in the password field, checks the current name/password pair. If + the name/password pair is valid, xdm + starts the session. Otherwise the failure message is displayed and + the user is prompted again. abort-session Terminates and restarts the server. abort-display - Terminates the server, disabling it. This action is - not accessible in the default configuration. There are - various reasons to stop xdm on a system console, such - as when shutting the system down, when using xdmshell, - to start another type of server, or to generally access - the console. Sending xdm a SIGHUP will restart the - display. See the section Controlling XDM. + Terminates the server, disabling it. This action + is not accessible in the default configuration. + There are various reasons to stop xdm on a system console, such as + when shutting the system down, when using xdmshell, + to start another type of server, or to generally access the console. + Sending xdm a SIGHUP will restart the display. See the section + Controlling XDM. restart-session - Resets the X server and starts a new session. This can - be used when the resources have been changed and you - want to test them or when the screen has been overwrit- - ten with system messages. + Resets the X server and starts a new session. This can be used when + the resources have been changed and you want to test them or when + the screen has been overwritten with system messages. insert-char Inserts the character typed. set-session-argument - Specifies a single word argument which is passed to the - session at startup. See the section Session Program. + Specifies a single word argument which is passed to the session at startup. + See the section Session Program. allow-all-access - Disables access control in the server. This can be - used when the .Xauthority file cannot be created by - xdm. Be very careful using this; it might be better to - disconnect the machine from the network before doing - this. + Disables access control in the server. This can be used when + the .Xauthority file cannot be created by + xdm. + Be very careful using this; + it might be better to disconnect the machine from the network + before doing this. On some systems (OpenBSD) the user's shell must be listed in /etc/shells to allow login through xdm. The normal password @@ -1039,11 +1141,10 @@ The Xstartup program is run as root when the user logs in. It is typically a shell script. Since it is run as root, Xstartup should be very careful about security. This is the - place to put commands which add entries to /etc/utmp (the - sessreg program may be useful here), mount users' home - directories from file servers, or abort the session if - logins are not allowed. - + place to put commands which add entries to utmp or wtmp + files, (the sessreg program may be useful here), mount + users' home directories from file servers, or abort the ses- + sion if logins are not allowed. In addition to any specified by DisplayManager.exportList, the following environment variables are passed: @@ -1055,12 +1156,13 @@ PATH the value of DisplayManager.DISPLAY.systemPath SHELL the value of DisplayManager.DISPLAY.systemShell XAUTHORITY may be set to an authority file + WINDOWPATH may be set to the "window path" leading to the X server No arguments are passed to the script. Xdm waits until this script exits before starting the user session. If the exit - value of this script is non-zero, xdm discontinues the ses- - sion and starts another authentication cycle. + value of this script is non-zero, xdm discontinues the + session and starts another authentication cycle. The sample Xstartup file shown here prevents login while the file /etc/nologin exists. Thus this is not a complete exam- @@ -1079,8 +1181,8 @@ xmessage -file /etc/nologin -timeout 30 -center exit 1 fi - sessreg -a -l $DISPLAY -x /usr/openwin/lib/xdm/Xservers $LOGNAME - /usr/openwin/lib/xdm/GiveConsole + sessreg -a -l $DISPLAY -x /etc/X11/xdm/Xservers $LOGNAME + /etc/X11/xdm/GiveConsole exit 0 SESSION PROGRAM @@ -1099,13 +1201,13 @@ SHELL the user's default shell (from getpwnam) XAUTHORITY may be set to a non-standard authority file KRB5CCNAME may be set to a Kerberos credentials cache name + WINDOWPATH may be set to the "window path" leading to the X server At most installations, Xsession should look in $HOME for a file .xsession, which contains commands that each user would like to use as a session. Xsession should also implement a system default session if no user-specified session exists. - See the section Typical Usage. An argument may be passed to this program from the authenti- cation widget using the `set-session-argument' action. This @@ -1168,9 +1270,10 @@ Symmetrical with Xstartup, the Xreset script is run after the user session has terminated. Run as root, it should contain commands that undo the effects of commands in - Xstartup, removing entries from /etc/utmp or unmounting - directories from file servers. The environment variables - that were passed to Xstartup are also passed to Xreset. + Xstartup, updating entries in utmp or wtmp files, or + unmounting directories from file servers. The environment + variables that were passed to Xstartup are also passed to + Xreset. A sample Xreset script: #!/bin/sh @@ -1179,8 +1282,8 @@ # # This program is run as root after the session ends # - sessreg -d -l $DISPLAY -x /usr/openwin/lib/xdm/Xservers $LOGNAME - /usr/openwin/lib/xdm/TakeConsole + sessreg -d -l $DISPLAY -x /etc/X11/xdm/Xservers $LOGNAME + /etc/X11/xdm/TakeConsole exit 0 CONTROLLING THE SERVER @@ -1230,15 +1333,15 @@ Examine the display-specific resources in xdm-config (e.g., DisplayManager._0.authorize) and consider which of them - should be copied for the new display. - + should be copied for the new display. The default xdm- + config has all the appropriate lines for displays :0 and :1. OTHER POSSIBILITIES You can use xdm to run a single session at a time, using the 4.3 init options or other suitable daemon by specifying the server on the command line: - xdm -server :0 SUN-3/60CG4 local /usr/openwin/bin/X :0 + xdm -server :0 SUN-3/60CG4 local /usr/X11/bin/X :0 Or, you might have a file server and a collection of X ter- @@ -1262,42 +1365,55 @@ xinit. FILES - /usr/openwin/lib/X11/xdm/xdm-config + /etc/X11/xdm/xdm-config the default configuration file $HOME/.Xauthority user authorization file where xdm stores keys for clients to read - /usr/openwin/lib/X11/xdm/chooser + /usr/lib/X11/xdm/chooser the default chooser - /usr/openwin/bin/xrdb - the default resource database loader + /usr/X11/bin/xrdb the default resource database loader - /usr/openwin/bin/X the default server + /usr/X11/bin/X the default server - /usr/openwin/bin/xterm - the default session program and failsafe + /usr/X11/bin/xterm the default session program and failsafe client - /usr/openwin/lib/X11/xdm/A- + /var/run/xdm/A- the default place for authorization files /tmp/K5C Kerberos credentials cache SEE ALSO - X(5), xinit(1), xauth(1), Xsecurity(5), sessreg(1), - Xserver(1), - - Xsun(1), dtlogin(1) - + X(5), xinit(1), xauth(1), xrdb(1), Xsecurity(5), sessreg(1), + Xserver(1), fonts.conf(4). X Display Manager Control Protocol + IETF RFC 4291: IP Version 6 Addressing Architecture. AUTHOR Keith Packard, MIT X Consortium +ATTRIBUTES + See attributes(5) for descriptions of the following attri- + butes: + + ____________________________________________________________ + | ATTRIBUTE TYPE | ATTRIBUTE VALUE | + |_____________________________|_____________________________| + | Availability | SUNWxdm | + |_____________________________|_____________________________| + | Interface Stability | Committed | + |_____________________________|_____________________________| + + + + + +