diff options
author | Matthieu Herrb <matthieu@herrb.eu> | 2016-09-01 17:35:00 +0100 |
---|---|---|
committer | Matthieu Herrb <matthieu@herrb.eu> | 2016-09-01 17:49:24 +0100 |
commit | e2484ba42fc0d79ed29bdb33a467aca2aaffe3bc (patch) | |
tree | 776d42ebb647361930ad0f14105754aacb3e93cb /man | |
parent | 613f146250da654c81d5c29658161f5ebb981adf (diff) |
Remove more XDMCP tentacles
Diffstat (limited to 'man')
-rw-r--r-- | man/xdm.man | 297 |
1 files changed, 7 insertions, 290 deletions
diff --git a/man/xdm.man b/man/xdm.man index 9590c1a..b44545f 100644 --- a/man/xdm.man +++ b/man/xdm.man @@ -25,7 +25,7 @@ .\" .TH XDM 1 __xorgversion__ .SH NAME -xdm \- X Display Manager with support for XDMCP, host chooser +xdm \- X Display Manager .SH SYNOPSIS .B xdm [ @@ -51,8 +51,8 @@ xdm \- X Display Manager with support for XDMCP, host chooser ] .SH DESCRIPTION .I Xdm -manages a collection of X displays, which may be on the local host -or remote servers. The design of +manages a collection of X displays on the local host. +The design of .I xdm was guided by the needs of X terminals as well as The Open Group standard XDMCP, the \fIX Display Manager Control Protocol\fP. @@ -75,21 +75,6 @@ termination of this process terminates the user's session. When the session is terminated, \fIxdm\fP resets the X server and (optionally) restarts the whole process. .PP -When \fIxdm\fP receives an Indirect query via XDMCP, it can run a -\fIchooser\fP process to -perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) -on behalf of the display and -offer a menu of possible hosts that offer XDMCP display management. -This feature is useful with X terminals that do not offer a host -menu themselves. -.PP -.I Xdm -can be configured to ignore BroadcastQuery messages from selected hosts. -This is useful when you don't want the host to appear in menus produced -by -.I chooser -or X terminals themselves. -.PP Because .I xdm provides the first interface that users will see, it is designed to be @@ -108,22 +93,14 @@ controlled by resource files and shell scripts. The names of these files themselves are resources read from the file \fIxdm-config\fP or the file named by the \fB\-config\fP option. .PP -\fIxdm\fP offers display management two different ways. It can manage +\fIxdm\fP can manage X servers running on the local machine and specified in -\fIXservers\fP, and it can manage remote X servers (typically X -terminals) using XDMCP (the XDM Control Protocol) -as specified in the \fIXaccess\fP file. +\fIXservers\fP. .PP The resources of the X clients run by \fIxdm\fP outside the user's session, including \fIxdm\fP's own login window, can be affected by setting resources in the \fIXresources\fP file. .PP -For X terminals that do not offer a menu of hosts to get display -management from, \fIxdm\fP can collect willing hosts and run the -\fIchooser\fP program to offer the user a menu. -For X displays attached to a host, this step is typically not used, as -the local host does the display management. -.PP After resetting the X server, \fIxdm\fP runs the \fIXsetup\fP script to assist in setting up the screen the user sees along with the \fIxlogin\fP widget. @@ -201,14 +178,6 @@ Specifies the value for the \fBDisplayManager.servers\fP resource. See the section .B "Local Server Specification" for a description of this resource. -.IP "\fB\-udpPort\fP \fIport_number\fP" -Specifies the value for the \fBDisplayManager.requestPort\fP resource. This -sets the port-number which -.I xdm -will monitor for XDMCP requests. If set to 0, xdm will not listen -for XDMCP or Chooser requests. As XDMCP uses the registered well-known -UDP port 177, this resource should not be changed to a value other than 0, -except for debugging. .IP "\fB\-session\fP \fIsession_program\fP" Specifies the value for the \fBDisplayManager*session\fP resource. This indicates the program to run as the session after the user has logged in. @@ -231,14 +200,6 @@ the display name is inserted into the resource name between For local displays, the resource name and class are as read from the \fIXservers\fP file. .PP -For remote displays, the resource name is what the network address of -the display resolves to. See the \fBremoveDomain\fP resource. The -name must match exactly; \fIxdm\fP is not aware of -all the network aliases that might reach a given display. -If the name resolve fails, the address is -used. The resource class is as sent by the display in the XDMCP -Manage request. -.PP Because the resource manager uses colons to separate the name of the resource from its value and dots to separate resource name parts, @@ -252,11 +213,6 @@ resource which defines the startup shell file for the ``expo.x.org:0'' display. This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. See the section \fBLocal Server Specification\fP for the details. -.IP "\fBDisplayManager.requestPort\fP" -This indicates the UDP port number which -.I xdm -uses to listen for incoming XDMCP requests. Unless you need to debug the -system, leave this with its default value of 177. .IP "\fBDisplayManager.errorLogFile\fP" Error output is normally directed at the system console. To redirect it, set this resource to a file name. A method to send these messages to @@ -314,31 +270,6 @@ files after a session terminates and the files have changed. By default it is ``true.'' You can force .I xdm to reread these files by sending a SIGHUP to the main process. -.IP "\fBDisplayManager.removeDomainname\fP" -When computing the display name for XDMCP clients, the name resolver will -typically create a fully qualified host name for the terminal. As this is -sometimes confusing, -.I xdm -will remove the domain name portion of the host name if it is the same as the -domain name of the local host when this variable is set. By default the -value is ``true.'' -.IP "\fBDisplayManager.keyFile\fP" -XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key -be shared between -.I xdm -and the terminal. This resource specifies the file containing those -values. Each entry in the file consists of a display name and the shared -key. By default, -.I xdm -does not include support for XDM-AUTHENTICATION-1, as it requires DES which -is not generally distributable because of United States export restrictions. -.IP \fBDisplayManager.accessFile\fP -To prevent unauthorized XDMCP service and to allow forwarding of XDMCP -IndirectQuery requests, this file contains a database of hostnames which are -either allowed direct access to this machine, or have a list of hosts to -which queries should be forwarded to. The format of this file is described -in the section -.B "XDMCP Access Control." .IP \fBDisplayManager.exportList\fP A list of additional environment variables, separated by white space, to pass on to the \fIXsetup\fP, @@ -377,24 +308,6 @@ algorithm is used instead. On systems that support a dynamically-loadable greeter library, the name of the library. The default is \fI DEF_GREETER_LIB\fP. -.IP \fBDisplayManager.choiceTimeout\fP -Number of seconds to wait for display to respond after user has -selected a host from the chooser. If the display sends an XDMCP -IndirectQuery within this time, the request is forwarded to the chosen -host. Otherwise, it is assumed to be from a new session and the -chooser is offered again. -Default is 15. -.IP \fBDisplayManager.sourceAddress\fP -Use the numeric IP address of the incoming connection on multihomed hosts -instead of the host name. This is to avoid trying to connect on the wrong -interface which might be down at this time. -.IP \fBDisplayManager.willing\fP -This specifies a program which is run (as) root when an an XDMCP -BroadcastQuery is received and this host is configured to offer XDMCP -display management. The output of this program may be displayed on a chooser -window. If no program is specified, the string \fIWilling to manage\fP is -sent. -.PP .\" .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP" This resource specifies the name of the file to be loaded by \fIxrdb\fP @@ -410,11 +323,6 @@ resources that are appropriate to place in this file. There is no default value for this resource, but \fI XDMDIR/Xresources\fP is the conventional name. -.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP" -Specifies the program run to offer a host menu for Indirect queries -redirected to the special host name CHOOSER. -\fI CHOOSERPATH \fP is the default. -See the sections \fBXDMCP Access Control\fP and \fBChooser\fP. .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.xrdb\fP" Specifies the program used to load the resources. By default, .I xdm @@ -625,187 +533,6 @@ that some of the resources are specified with ``*'' separating the components. These resources can be made unique for each different display, by replacing the ``*'' with the display-name, but normally this is not very useful. See the \fBResources\fP section for a complete discussion. -.SH "XDMCP ACCESS CONTROL" -.PP -The database file specified by the \fBDisplayManager.accessFile\fP provides -information which -.I xdm -uses to control access from displays requesting XDMCP service. This file -contains three types of entries: entries which control the response to -Direct and Broadcast queries, entries which control the response to -Indirect queries, and macro definitions. -.PP -The format of the Direct entries is simple, either a host name or a -pattern, which is distinguished from a host name by the inclusion of -one or more meta characters (`*' matches any sequence of 0 or more -characters, and `?' matches any single character) which are compared against -the host name of the display device. -If the entry is a host name, all comparisons are done using -network addresses, so any name which converts to the correct network address -may be used. -For patterns, only canonical host names are used -in the comparison, so ensure that you do not attempt to match -aliases. -Preceding either a host name or a pattern with a `!' character -causes hosts which -match that entry to be excluded. -.PP -To only respond to Direct queries for a host or pattern, -it can be followed by the optional ``NOBROADCAST'' keyword. -This can be used to prevent an xdm server from appearing on -menus based on Broadcast queries. -.PP -An Indirect entry also contains a host name or pattern, -but follows it with a list of -host names or macros to which indirect queries should be sent. -.PP -A macro definition contains a macro name and a list of host names and -other macros that -the macro expands to. To distinguish macros from hostnames, macro -names start with a `%' character. Macros may be nested. -.PP -Indirect entries -may also specify to have \fIxdm\fP run \fIchooser\fP to offer a menu -of hosts to connect to. See the section \fBChooser\fP. -.PP -When checking access for a particular display host, each entry is scanned in -turn and the first matching entry determines the response. Direct and -Broadcast -entries are ignored when scanning for an Indirect entry and vice-versa. -.PP -Blank lines are ignored, `#' is treated as a comment -delimiter causing the rest of that line to be ignored, -and `\e\fInewline\fP' -causes the newline to be ignored, allowing indirect host lists to span -multiple lines. -.PP -Here is an example Xaccess file: -.LP -.ta 2i 4i -.nf -# -# Xaccess \- XDMCP access control file -# - -# -# Direct/Broadcast query entries -# - -!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra -bambi.ogi.edu # allow access from this particular display -*.lcs.mit.edu # allow access from any display in LCS - -*.deshaw.com NOBROADCAST # allow only direct access -*.gw.com # allow direct and broadcast - -# -# Indirect query entries -# - -%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \\ - excess.lcs.mit.edu kanga.lcs.mit.edu - -extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon -!xtra.lcs.mit.edu dummy #disallow indirect access -*.lcs.mit.edu %HOSTS #all others get to choose -.fi -.PP -If compiled with IPv6 support, multicast address groups may also be included -in the list of addresses indirect queries are set to. Multicast addresses -may be followed by an optional / character and hop count. If no hop count is -specified, the multicast hop count defaults to 1, keeping the packet on the -local network. For IPv4 multicasting, the hop count is used as the TTL. -.PP -Examples: -.LP -.ta 2.1i 4.5i -.nf -rincewind.sample.net ff02::1 #IPv6 Multicast to ff02::1 -\& #with a hop count of 1 -ponder.sample.net CHOOSER 239.192.1.1/16 #Offer a menu of hosts -\& #who respond to IPv4 Multicast -\& # to 239.192.1.1 with a TTL of 16 -.fi -.SH CHOOSER -.PP -For X terminals that do not offer a host menu for use with Broadcast -or Indirect queries, the \fIchooser\fP program can do this for them. -In the \fIXaccess\fP file, specify ``CHOOSER'' as the first entry in -the Indirect host list. \fIChooser\fP will send a Query request to -each of the remaining host names in the list and offer a menu of all -the hosts that respond. -.PP -The list may consist of the word ``BROADCAST,'' in which case -\fIchooser\fP will send a Broadcast instead, again offering a menu of -all hosts that respond. Note that on some operating systems, UDP -packets cannot be broadcast, so this feature will not work. -.PP -Example \fIXaccess\fP file using \fIchooser\fP: - -.nf -extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of these hosts -xtra.lcs.mit.edu CHOOSER BROADCAST #offer a menu of all hosts -.fi -.PP -The program to use for \fIchooser\fP is specified by the -\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP resource. For more -flexibility at this step, the chooser could be a shell script. -\fIChooser\fP is the session manager here; it is run instead of a -child \fIxdm\fP to manage the display. -.PP -Resources for this program -can be put into the file named by -\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP. -.PP -When the user selects a host, \fIchooser\fP prints the host chosen, -which is read by the parent \fIxdm\fP, and exits. -\fIxdm\fP closes its connection to the X server, and the server resets -and sends another \fBIndirect\fP XDMCP request. -\fIxdm\fP remembers the user's choice (for -\fBDisplayManager.choiceTimeout\fP seconds) and forwards the request -to the chosen host, which starts a session on that display. -.\" -.SH LISTEN -The following configuration directive is also defined for the Xaccess -configuration file: -.IP "\fBLISTEN\fP \fIinterface\fP \fI[list of multicast group addresses]\fP" -\fIinterface\fP may be a hostname or IP address representing a -network interface on this machine, or the wildcard * to represent all -available network interfaces. -.PP -If one or more LISTEN lines are specified, xdm only listens for XDMCP -connections on the specified interfaces. If multicast group addresses -are listed on a listen line, xdm joins the multicast groups on the -given interface. -.PP -If no LISTEN lines are given, the original behavior of listening on -all interfaces is preserved for backwards compatibility. -Additionally, if no LISTEN is specified, xdm joins the default XDMCP -IPv6 multicast group, when compiled with IPv6 support. -.PP -To disable listening for XDMCP connections altogther, a line of LISTEN -with no addresses may be specified, or the previously supported method -of setting DisplayManager.requestPort to 0 may be used. -.PP -Examples: -.ta 2i 4i -.nf -LISTEN * ff02::1 # Listen on all interfaces and to the -\& # ff02::1 IPv6 multicast group. -LISTEN 10.11.12.13 # Listen only on this interface, as long -\& # as no other listen directives appear in -\& # file. -.fi -.SH "IPv6 MULTICAST ADDRESS SPECIFICATION" -.PP -The Internet Assigned Numbers Authority has has assigned -ff0\fIX\fP:0:0:0:0:0:0:12b as the permanently assigned range of -multicast addresses for XDMCP. The \fIX\fP in the prefix may be replaced -by any valid scope identifier, such as 1 for Interface-Local, 2 for Link-Local, -5 for Site-Local, and so on. (See IETF RFC 4291 or its replacement for -further details and scope definitions.) xdm defaults to listening on the -Link-Local scope address ff02:0:0:0:0:0:0:12b to most closely match the -old IPv4 subnet broadcast behavior. .SH "LOCAL SERVER SPECIFICATION" .PP The resource \fBDisplayManager.servers\fP gives a server specification @@ -816,8 +543,7 @@ Each specification indicates a display which should constantly be managed and which is not using XDMCP. This method is used typically for local servers only. If the resource -or the file named by the resource is empty, \fIxdm\fP will offer XDMCP -service only. +or the file named by the resource is empty, \fIxdm\fP will exit. .PP Each specification consists of at least three parts: a display name, a display class, a display type, and (for local servers) a command @@ -846,21 +572,12 @@ if your other resources are specified as ``DisplayManager._0.session''). The display class portion is also used in the display-specific resources, as the class of the resource. This is useful if you have a large collection of similar displays (such as a corral of -X terminals) and would like to set resources for groups of them. When using -XDMCP, the display is required to specify the display class, so the manual -for your particular X terminal should document the display class -string for your device. If it doesn't, you can run -.I xdm -in debug mode and -look at the resource strings which it generates for that device, which will -include the class string. +X terminals) and would like to set resources for groups of them. .PP When \fIxdm\fP starts a session, it sets up authorization data for the server. For local servers, \fIxdm\fP passes ``\fB\-auth\fP \fIfilename\fP'' on the server's command line to point it at its authorization data. -For XDMCP servers, \fIxdm\fP passes the -authorization data to the server via the \fBAccept\fP XDMCP request. .SH RESOURCES FILE The \fIXresources\fP file is loaded onto the display as a resource database using |