Name
dtlogin [-configconfiguration_file] [-daemon] [-debugdebug_level] [-errorerror_log_file] [-nodaemon] [-resourcesresource_file] [-serverserver_entry] [-udpPortport_number] [-sessionsession_program]
The dtlogin client supports the following key tasks:
The dtlogin client provides services similar to those provided by init(1m) , getty(1m) and login(1) on character terminals: prompting for login and password, authenticating the user, and running a "session."
A "session" is defined by the lifetime of a particular process; in the traditional character-based terminal world, it is the user’s login shell process. In the DT context, it is the DT Session Manager.
If the DT Session Manager is not used, the typical substitute is either a window manager with an exit option, or a terminal emulator running a shell, where the lifetime of the terminal emulator is the lifetime of the shell process that it is running; thus reducing the X session to an emulation of the character-based terminal session.
When the session is terminated, dtlogin resets the X server and (optionally) restarts the whole process.
The dtlogin client supports management of remote displays using the X Display Manager Control Protocol (XDMCP), Version 1.0.
When dtlogin receives an Indirect query via XDMCP, it can run a chooser process to perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) on behalf of the display and offer a menu of possible hosts that offer XDMCP display management. This feature is useful with X terminals that do not offer a host menu themselves.
Because dtlogin provides the first interface that users see, it is designed to be simple to use and easy to customize to the needs of a particular site.
The Login window allows the user to enter a user name and password, specify a locale, and select a startup session. A user may also reset the login screen or suspend the X server to access the character login prompt.
Contents of Login window:
The Options menu allows the user to specify a locale for the startup session, select a startup session, suspend the X server to access the character login prompt, or reset the login screen.
Contents of Options Menu:
The Language menu displays the languages (locales) available in the CDE environment. Selecting a language sets the LANG environment variable to the selected language and restarts the login screen in that language. Login screen localization and LANG return to the default value upon conclusion of the session.
The contents of this menu can vary depending upon the locales installed on the system and can be overridden by using the languageList resource. The default locale of C can be overridden using the language resource.
The system or languageList locales specified are displayed as menu items in the Languages menu. Alternate text to be displayed may be specified for a given locale name by using the languageName resource.
The Sessions menu allows the user to select which of the following sessions to start:
Although a user’s list of sessions is not known until after the user logs in, the dialog presents all of the session choices. If a user selects a session that does not exist, the Session Manager (dtsession) takes the following actions. If the user selects:
If the user selects a display-specific session and one does not exist, the Session Manager posts a warning dialog stating that a new session will be created. The warning dialog contains three buttons:
The dtlogin client controls local servers using POSIX signals. SIGHUP is expected to reset the server, closing all client connections and performing other clean up duties. SIGTERM is expected to terminate the server. If these signals do not perform the expected actions, the resources resetSignal and termSignal can specify alternate signals.
To control remote servers not using XDMCP, dtlogin searches the window hierarchy on the display and uses the KillClient X protocol request in an attempt to clean up the terminal for the next session. This may not actually kill all of the clients, since only those that have created windows are noticed. XDMCP provides a more sure mechanism; when dtlogin closes its initial connection, the session is over and the terminal is required to close all other connections.
The dtlogin client responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP, dtlogin rereads the configuration file and the file specified by the servers resource and determines whether entries have been added or removed. If a new entry has been added, dtlogin starts a session on the associated display. Entries that have been removed are disabled immediately, meaning that any session in progress is terminated without notice, and no new session is started.
When sent a SIGTERM, dtlogin terminates all sessions in progress and exits. This can be used when shutting down the system.
All labels and messages are localizable. The message catalog dtlogin.cat contains the localized representations of the default labels and messages. The dtlogin client reads the appropriate message catalog indicated by the LANG environment variable and displays the localized strings. An option on the authentication screen allows the user to override the default language for the subsequent session. If the authentication screen has been localized for the selected language, it is redisplayed in that language; otherwise, it is displayed in the default language. In either case, the LANG environment variable is set appropriately for the resulting session.
The resource language is available in the dtlogin configuration file to change the default language for a display. The resource languageList is available in the dtlogin configuration file to override the default set of languages displayed on the authentication screen. The resource languageName is available to provide a mapping from locale names to the text displayed on the Language menu.
The dtlogin client performs traditional local UNIX login and auditing. Additional authentication or auditing function such as Kerberos or B1 may be added by individual vendors.
The X server provides both user-based and host-based access control.
By default, dtlogin uses user-based access control to the X server (MIT-MAGIC-COOKIE-1). This level of security allows access control on a per-user basis. It is based on a scheme where if a client passes authorization data which is the same as the server has, it is allowed access. When a user logs in, this authorization data is by default stored and protected in the $HOME/.Xauthority file.
However, using host-based access control mechanisms may be preferable in environments with unsecure networks as user-based access control allows any host to connect, given that it has discovered the private key. Another drawback to user-based access control is that R2 or R3 clients will be unable to connect to the server.
The authorize resource controls whether user-based or host-based access control is used by dtlogin. See also the Xserver, Xsecurity, xhost, and xauth man pages for more information.
All options, except -config, specify values that can also be specified in the configuration file as resources. Typically, customization is done via the configuration file rather than command line options. The options are most useful for debugging and one-shot tests.
Exit values are:
The dtlogin client is controlled via the contents of the dtlogin configuration file, the default being /usr/dt/config/Xconfig. Some resources control the behavior of dtlogin in general, some can be specified for a particular display.
The dtlogin general resources are not display-specific and apply to all displays where appropriate.
| Name |
| accessFile |
| authDir |
| autoRescan |
| daemonMode |
| debugLevel |
| errorLogFile |
| errorLogSize |
| exportList |
| fontPathHead |
| fontPathTail |
| keyFile |
| lockPidFile |
| networkDevice |
| pidFile |
| removeDomainname |
| requestPort |
| servers |
| :0 Local local /system_dependent_path/X :0 |
| T} |
| sysParmsFile |
| timeZone |
| wakeupInterval |
To prevent unauthorized XDMCP service and to allow forwarding of XDMCP IndirectQuery requests, this file contains a database of hostnames which are either allowed direct access to this machine, or have a list of hosts to which queries should be forwarded. The format of this file is described in the Xaccess section. If not set, all hosts will be allowed XDMCP service.
This is a directory name that dtlogin uses to temporarily store authorization files for displays using XDMCP.
This boolean controls whether dtlogin rescans the configuration file and server file after a session terminates and the files have changed. You can force dtlogin to reread these files by sending a SIGHUP to the main process.
The dtlogin client can make itself into an unassociated daemon process. This is accomplished by forking and leaving the parent process to exit, then closing file descriptors and releasing the controlling terminal. This is inconvenient when attempting to debug dtlogin. Setting this resource to "false" disables daemonMode.
If dtlogin is started from /etc/inittab, it should not be run in daemon mode. Otherwise the init process will think it has terminated and will attempt to restart it.
A non-zero value specified for this integer resource enables debugging information to be printed. It also disables daemon mode, which redirects the information into the bit-bucket.
Error output is normally directed at the system console. To redirect it, set this resource to any file name. This file contains any output directed to stderr by Xsetup, Xstartup and Xreset.
This resource specifies the maximum size of the error log file in kilobytes. When the limit is reached dtlogin will delete the oldest entries in the file until the file size is reduced to 75% of the maximum.
Note that the errorLogFile is shared by dtlogin and the X server process. The errorLogSize limit may be exceeded if large numbers if large numbers of errors are logged by the X server before dtlogin detects the size change.
This resource can contain a set of variable names separated by a space or tab. Each variable named is obtained from the dtlogin environment and loaded into the environment of the server and session. See the Environment section for details.
This resource value is prepended to the default X server font path.
XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between dtlogin and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, dtlogin does not include support for XDM-AUTHENTICATION-1 because it requires DES, which is not generally distributable.
This resource controls whether dtlogin uses file locking to prevent multiple instances of dtlogin from executing concurrently.
For remote connections, the value for ’line’ in /etc/utmp must also exist as a device in the /dev directory for commands such as finger to operate properly. This resource specifies the pathname of the /dev file dtlogin will create when a remote display connects. For most platforms, the file will be created as a symbolic link to /dev/null. The specified value must start with "/dev/", otherwise the value is discarded and no file is created.
The filename specified is created to contain an ASCII representation of the process-ID of the main dtlogin process. This can be used when sending signals to dtlogin. The dtlogin client also uses file locking to attempt to prevent more than one dtlogin from running on the same machine. See the lockPidFile resource for more information.
When computing the display name for XDMCP clients, dtlogin typically creates a fully qualified host name for the terminal. As this is sometimes confusing, dtlogin removes the domain name portion of the host name if it is the same as the domain name for the local host when this variable is set.
This indicates the UDP port number that dtlogin uses to listen for incoming XDMCP requests. Unless you need to debug the system, leave this with its default value.
This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. Each entry indicates a display that should constantly be managed and that is not using XDMCP.
The general syntax for each entry is:
DisplayName DisplayClass DisplayType[@ite] [Command [options]]
A typical entry for local display number 0 is:
:0 Local local@console /usr/bin/X11/X :0
This resource specifies a file containing shell commands, one of which sets the timezone environment variable (TZ) for the system. If the timezone is set via the shell syntax, "TZ=", dtlogin can use this information to set the timezone for the user session.
This resource specifies the local time zone for dtlogin. It is loaded into the environment of dtlogin as the value of the variable TZ and inherited by all subsequent sessions.
Some systems maintain a configuration file that contains the timezone setting (ex. /etc/src.sh). See the sysParmsFile resource.
If the user selects "Command Line Login" mode from the login screen, dtlogin terminates the X-server and allows the traditional character-based login prompt, "login:" to become visible. If the user does not log in within 2 * wakeupInterval seconds, the X-server is restarted. Once the user has logged in, dtlogin checks every wakeupInterval seconds to see if the user has logged out. If so, the X-server is restarted and the login screen is redisplayed.
The dtlogin client display resources can be specified for all displays or for a particular display. To specify a particular display, the display name is inserted into the resource name between "Dtlogin" and the final resource name segment. For example, Dtlogin.expo_0.startup is the name of the resource defining the startup shell file on the "expo:0" display. The resource manager separates the name of the resource from its value with colons, and separates resource name parts with dots, so dtlogin uses underscores for the dots and colons when generating the resource name.
Resources can also be specified for a class of displays by inserting the class name instead of a display name. A display that is not managed by XDMCP can have its class affiliation specified in the file referenced by the servers resource. A display using XDMCP supplies its class affiliation as part of the XDMCP packet.
| Name |
| authorize |
| authName |
| authFile |
| chooser |
| cpp |
| environment |
| failsafeClient |
| grabServer |
| grabTimeout |
| language |
| languageList |
| languageName |
| openDelay |
| openRepeat |
| openTimeout |
| pingInterval |
| pingTimeout |
| reset |
| resetForAuth |
| resetSignal |
| resources |
| session |
| setup |
| startAttempts |
| startup |
| systemPath |
| systemShell |
| terminateServer |
| termSignal |
| userAuthDir |
| userPath |
| xdmMode |
| xrdb |
Authorize is a Boolean resource that controls whether dtlogin generates and uses authorization for the server connections. (See authName.)
If authorize is used, authName specifies the type of authorization to be used. Currently, dtlogin supports only MIT-MAGIC-COOKIE-1 authorization, XDM-AUTHORIZATION-1 could be supported, but DES is not generally distributable. XDMCP connections state which authorization types are supported dynamically, so authName is ignored in this case. (See authorize.)
This file is used to communicate the authorization data from dtlogin to the server, using the -auth server command line option. It should be kept in a write- protected directory to prevent its erasure, which would disable the authorization mechanism in the server. If NULL, dtlogin will generate a file name.
Specifies the program run to offer a host menu for indirect queries redirected to the special host name CHOOSER. /usr/dt/bin/dtchooser is the default. See the Xaccess section.
This specifies the path of the C preprocessor that is used by xrdb.
This resource can contain a set of <name>=<value> pairs separated by a space or tab. Each item is loaded into the environment of the server and session. See the Environment section for details.
If the default session fails to execute, dtlogin falls back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had. (See The Xfailsafe File.)
See grabTimeout.
To improve security, dtlogin grabs the server and keyboard while reading the name and password. The grabServer resource specifies if the server should be held while the name and password is read. When False, the server is ungrabbed after the keyboard grab succeeds; otherwise, the server is grabbed until just before the session begins. The grabTimeout resource specifies the maximum time dtlogin will wait for the grab to succeed. The grab may fail if some other client has the server grabbed, or possibly if the network latencies are very high. The grabTimeout resource has a default of 3 seconds; be cautious when using this resource, since a user can be deceived by a look-alike window on the display. If the grab fails, dtlogin kills and restarts the server (if possible) and session.
Some X-terminals cannot display their login screens while the server is grabbed. Setting grabServer to false will allow the screen to be displayed, but opens the possibility that a user’s login name can be stolen by copying the contents of the login screen. Since the keyboard is still grabbed and the password is not echoed, the password cannot be stolen.
This resource specifies the default setting for the LANG environment variable. If the dtlogin screen is localized for that language, it is displayed appropriately; otherwise, it is displayed in the language "C". The user may temporarily override this setting via an option on the login screen. When the subsequent session terminates, the LANG variable reverts to this setting.
This resource allows the user to override the default set of languages displayed in the "Language" menu of the login screen. It is useful if the set of languages actually used on a particular display is smaller than the set installed on the system. The resource value is a list of valid values for the LANG environment variable. Language values should be separated by one or more spaces or tabs.
This resource allows the user to override the default locale name displayed in the "Language" menu of the login screen with alternate text. This way, instead of users seeing an "En_US" item, they could see an "English (United States)" item instead. This resource is specified as "Dtlogin *<locale name>. languageName: text" as follows:
CWDtlogin*En_US.languageName: English (United States) Dtlogin*Fr_CA.languageName: French (Canadian)
See startAttempts
See startAttempts
See startAttempts
See pingTimeout
To discover when remote displays disappear, dtlogin occasionally "pings" them, using an X connection and sending XSync requests. The pingInterval resource specifies the time (in minutes) between successive ping attempts, and pingTimeout specifies the maximum wait time (in minutes) for the terminal to respond to the request. If the terminal does not respond, the session is terminated. The dtlogin client does not ping local displays. Although it may seem harmless, it is undesirable when a local session is terminated as a result of the server waiting (for remote filesystem service, for example) and not responding to the ping.
This specifies a program that is run (as root) after the session terminates. If not set, no program is run. The conventional name is Xreset. See The Xreset File.
The original implementation of authorization in the sample server reread the authorization file at server reset time, instead of when checking the initial connection. Since dtlogin generates the authorization information just before connecting to the display, an old server does not get current authorization information. This resource causes dtlogin to send SIGHUP to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information is read.
This resource specifies the signal dtlogin sends to reset the server. See the section Controlling The Server
This resource specifies the name of the file to be loaded by xrdb(1) as the resource data-base onto the root window of screen 0 of the display. This resource data base is loaded just before the authentication procedure is started, so it can control the appearance of the "login" window. See the section on the authentication screen, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but the conventional name is Xresources. See the Resource section.
This specifies the session to be executed for the authenticated user. By default, the /usr/dt/bin/Xsession file is run. The conventional name is Xsession. See The Xsession File.
This specifies a program that is run (as root) prior to the display of the authentication screen. By default, no program is run. The conventional name for a file used here is Xsetup. See the Xsetup section.
Four numeric resources control the behavior of dtlogin when attempting to open reluctant servers: openDelay, openRepeat, openTimeout, and startAttempts. openDelay is the duration (in seconds) between successive attempts; openRepeat is the number of attempts to make; openTimeout is the amount of time to wait while actually attempting the opening (i.e., the maximum time spent in the connect (2) syscall); and startAttempts is the number of times the entire process occurs before giving up on the server. After openRepeat attempts have been made, or if openTimeout seconds elapse in any particular attempt, dtlogin terminates and restarts the server, attempting to connect again. This process is repeated startAttempts time, at which point the display is declared dead and disabled. (See openDelay, openRepeat, and openTimeout.)
This specifies a program that is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is Xstartup. See the Xstartup section.
The dtlogin client sets the PATH environment variable for the startup and reset scripts to the value of this resource. Note the conspicuous absence of "." from this entry. This is a good practice to follow for root; it avoids many system penetration schemes.
The dtlogin client sets the SHELL environment variable for the startup and reset scripts to the value of this resource.
This boolean resource specifies whether the X server should be terminated when a session terminates (instead of resetting it). This option can be used if the server tends to grow without bound over time in order to limit the amount of time the server is run continuously.
This resource specifies the signal dtlogin sends to terminate the server. See the section Controlling The Server
When dtlogin cannot write to the usual user authorization file ( $HOME/.Xauthority), it creates a unique file name in this directory and points the environment variable XAUTHORITY at the created file.
The dtlogin client sets the PATH environment variable for the session to this value. It should be a colon-separated list of directories; see sh(1) for a full description.
If True, the $HOME/.xsession file will be executed from Xsession upon user authentication, rather than the Session Manager (dtsession).
Specifies the program used to load the resources. The authentication screen reads a name-password pair from the keyboard. As this is a Motif toolkit client, colors, fonts and some layout options can be controlled with resources. General resources for this screen should be put into the file named by the dtlogin resources resource, the default being Xresources. Language specific values such as text or fonts should be specified in the Dtlogin app-defaults file.
| Name |
| bitmapFile |
| background |
| topShadowPixmap |
The default logo on the authentication screen may be replaced with a bitmap or pixmap of the user’s choice. The resources should be prefaced with the string Dtlogin*logo* when specified.
These resources allow adding additional desktops to the dtlogin option sessions menu. Resource names used to enable an alternative desktop follow.
| Name |
| altDtsIncrement |
| altDtName |
| altDtKey |
| altDtStart |
| altDtLogo |
The file containing the above sample values will be found in /usr/dt/config/C/Xresources.d/Xresources.mw. They cause the MyWindow desktop to be added to the option sessions menu.
Additional files may be added in this Xresources.d directory to allow additional X-based desktops to appear on the dtlogin sessions menu. Or, a file may be placed in /etc/dt/config/C/Xresources.d for a workstation-specific addition.
The same resource names would be used. The presence of the altDtsIncrement resource in these files causes an incremented count number to be appended to the resources. So actual values of the above resource example after they are read into the system might actually be ... altDtName2, altDtKey2, altDtStart2, altDtLog2. The next desktop added would then be ... altDtName3, altDtKey3, altDtStart3, altDtlog3.
The syntax for setting the following resources is Dtlogin*altDt...n where n is an integer, as in altDtName1, altDtName2, etc. The numbers are added to resources either implicitly (such as in the above Xresources.d example, which is useful for "package added" desktops) or explicitly if used directly in the Xresources file to facilitate ordering of the desktops on the sessions menu.
The following resources describe the greeting string used on the login screen. The resources should be prefaced with the string Dtlogin*greeting* when specified.
| Name |
| foreground |
| background |
| fontList |
| -*-*schoolbook-medium-i-normal--18-* |
| T} |
| labelString |
| persLabelString |
| alignment |
The following resources describe the matte layout used on the login screen. The resources should be prefaced with the string Dtlogin*matte. when specified.
| Name |
| width |
| height |
The following resources describe the fonts layout used on the login screen. The resources should be prefaced with the string Dtlogin*. when specified.
| Name |
| labelFont |
| -*-swiss 742-bold-r-normal-*-140-*-p-100-* |
| for lowres displays |
| T} |
| -*-swiss 742-medium-r-normal-*-140-*-p-110-* |
| for high res displays. |
| T} |
| textFont |
| -*-prestige-medium-r-normal-*-128-72-* for |
| highres diqsplays. |
| T} |
| -*-helvetica-bold-r-normal-*-100-* for lowres |
| displays |
| T} |
The dtlogin client invokes the user’s session with the following default environment:
is set to the associated display name
is set to /usr/dt/bin/dtpad
is set to the home directory of the user
is set to the value of LANG for applicable languages
is set to the current NLS language (if any)
is set to the current NLS language (if any)
is set to the current NLS language (if any)
is set to the user name
is set to /usr/mail/$USER (system dependent)
is set to the value of the userPath resource
is set to the user name
is set to the user’s default shell (from /etc/passwd)
is set to dtterm
is set to the value of the timeZone resource or system default
may be set to an authority file
Four methods are available to modify or add to this list depending on the desired scope of the resulting environment variable.
The exportList resource is available to allow the export of variables provided to the dtlogin process by its parent. Variables specified by this method are available to both the display’s X server process and the user’s session and override any default settings. The resource accepts a string of <name> separated by at least one space or tab.
The environment resource is available in the dtlogin configuration file to allow setting of environment variables on a global or per-display basis. Variables specified by this method are available to both the display’s X server process and the user’s session and override any default settings. The resource accepts a string of <name>=<value> pairs separated by at least one space or tab. The values specified must be constants because no shell is used to parse the string. See the Resources section for details on setting this resource.
For example:
CWMAIL=/usr/mail/$USER
Finally, personal environment variables can be set on a per-user basis in the script file $HOME/.dtprofile.
The dtlogin client accepts either sh, ksh, or csh syntax for the commands in this file. The commands should only be those that set environment variables, not any that perform terminal I/O, excepting tset(1) or stty(1) . If the first line of .dtprofile is #!/bin/sh, #!/bin/ksh, or #!/bin/csh, dtlogin uses the appropriate shell to parse .dtprofile. Otherwise, the user’s default shell ( $SHELL) is used.
The dtlogin client is designed to operate in a wide variety of environments and provides a suite of configuration files that can be changed to suit a particular system. The default dtlogin configuration files can be found in /usr/dt/config with the exception of Xsession which is stored in /usr/dt/bin. They are listed below:
The Xconfig file contains the general resources for dtlogin and is the top of the dtlogin configuration file tree. Xconfig specifies the location of other dtlogin configuration and log files and specifies dtlogin behavior. The locations of other dtlogin configuration and log files are specified by resource definitions. The defaults are listed below:
If the path specified for accessFile, servers, resources, setup, startup, reset, failsafeClient, or session is relative, dtlogin will first look for the file in directory /etc/dt/config, then /usr/dt/config.
Note that some of the resources are specified with "*" separating the components. These resources can be made unique for each different display, by replacing the "*" with the display-name. See the DISPLAY RESOURCES section for a complete discussion.
The default Xconfig file is /usr/dt/config/Xconfig. A system administrator can customize Xconfig by copying /usr/dt/config/Xconfig to /etc/dt/config/Xconfig and modifying /etc/dt/config/Xconfig.
The default Xconfig file contains the configuration and log file entries shown above as well as a few vendor specific resource definitions and examples. See the GENERAL RESOURCES and DISPLAY RESOURCES sections for the complete list of resources that can be defined in Xconfig.
The database file specified by the accessFile resource provides information which dtlogin uses to control access from displays requesting XDMCP service. This file contains three types of entries: entries which control the response to Direct and Broadcast queries, entries which control the response to Indirect queries, and macro definitions.
The format of a Direct entry is either a host name or a pattern. A pattern is distinguished from a host name by the inclusion of one or more meta characters (’*’ matches any sequence of 0 or more characters, and ’?’ matches any single character) which are compared against the host name of the display device. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct network address may be used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Preceding either a host name or a pattern with a ’!’ character causes hosts which match that entry to be excluded.
An Indirect entry also contains a host name or pattern, but follows it with a list of host names or macros to which indirect queries should be sent. Indirect entries may also specify to have dtlogin run dtchooser to offer a menu of hosts to which a login screen can be displayed.
A macro definition contains a macro name and a list of host names and other macros that the macro expands to. To distinguish macros from hostnames, macro names start with a ’%’ character. Macros may be nested.
When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response. Direct and Broadcast entries are ignored when scanning for an Indirect entry and vice-versa.
Blank lines are ignored, ’#’ is treated as a comment delimiter causing the rest of that line to be ignored, and ’0wline’ causes the newline to be ignored, allowing indirect host lists to span multiple lines.
Here is an example Xaccess file: DJB
CW #
# Xaccess - XDMCP access control file
#
#
# Direct/Broadcast query entries
#
!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
bambi.ogi.edu # allow access from this particular display
*.lcs.mit.edu # allow access from any display in LCS
#
# Indirect query entries
#
#define %HOSTS macro
%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu
excess.lcs.mit.edu kanga.lcs.mit.edu
#force extract to contact xenon
extract.lcs.mit.edu xenon.lcs.mit.edu
#disallow indirect access by xtra
!xtra.lcs.mit.edu dummy
#all others get to choose among %HOSTS
*.lcs.mit.edu %HOSTS
If XDMCP access is granted, a temporary file may be created in the directory specified by authDir which contains authorization information for the X-terminal. It is deleted when the session starts.
For X terminals that do not offer a host menu for use with Broadcast or Indirect queries, the chooser program can do this for them. In the Xaccess file, specify "CHOOSER" as the first entry in the Indirect host list. Chooser will send a Query request to each of the remaining host names in the list and offer a menu of all the hosts that respond.
The list may consist of the word "BROADCAST," in which case chooser will send a Broadcast instead, again offering a menu of all hosts that respond. Note that on some operating systems, UDP packets cannot be broadcast, so this feature will not work.
Example Xaccess file using chooser:
CW#offer a menu of these hosts to extract extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of all hosts to xtra xtra.lcs.mit.edu CHOOSER BROADCAST
The program to use for chooser is specified by the chooser resource. Resources for this program can be put into the file named by resources.
The default Xaccess file is /usr/dt/config/Xaccess. A system administrator can customize Xaccess by copying /usr/dt/config/Xaccess to /etc/dt/config/Xaccess and modifying /etc/dt/config/Xaccess.
The default Xaccess file contains no entries.
Contains the list of displays to manage. See the servers resource description under GENERAL RESOURCES for more information.
The default Xservers file is /usr/dt/config/Xservers. A system administrator can customize Xservers by copying /usr/dt/config/Xservers to /etc/dt/config/Xservers and modifying /etc/dt/config/Xservers.
The default Xservers file contains an entry for one local display.
Contains the resource definitions specifying the appearance of the login screen. See the dtgreet(1) man page for more information.
The default Xresources file is /usr/dt/config/Xresources. A system administrator can customize Xresources by copying /usr/dt/config/Xresources to /etc/dt/config/Xresources and modifying /etc/dt/config/Xresources.
This file is typically a shell script. It is run as "root" and should be very careful about security. This script is run before the login screen is displayed. No arguments of any kind are passed to the script. Dtlogin waits until this script exits before displaying the login screen.
The default Xsetup file is /usr/dt/config/Xsetup. A system administrator can customize Xsetup by copying /usr/dt/config/Xsetup to /etc/dt/config/Xsetup and modifying /etc/dt/config/Xsetup.
The default Xsetup file contains vendor specific code but typically contains code that sets up the X server prior to the display of the login screen, such as setting up keyboard maps.
This file is typically a shell script. It is run as "root" and should be very careful about security. This is the place to put commands that display the message of the day or do other system-level functions on behalf of the user. Various environment variables are set for the use of this script:
No arguments of any kind are passed to the script. Dtlogin waits until this script exits before starting the user session. If the exit value of this script is non-zero, dtlogin discontinues the session immediately and starts another authentication cycle.
The default Xstartup file is /usr/dt/config/Xstartup. A system administrator can customize Xstartup by copying /usr/dt/config/Xstartup to /etc/dt/config/Xstartup and modifying /etc/dt/config/Xstartup.
The default Xstartup file contains code to change ownership of /dev/console to the user whose session is running on the console.
This script initializes a user’s session and invokes the desktop session manager. It is run with the permissions of the authorized user, and has several environment variables pre-set. See the Environment section for a list of the pre-set variables.
The default Xsession file is /usr/dt/bin/Xsession. A system administrator can customize Xsession by copying /usr/dt/bin/Xsession to /etc/dt/config/Xsession and modifying /etc/dt/config/Xsession. The session resource defined in Xconfig must also be changed to reference the customized Xsession file. See the Xconfig section for information on how to update the Xconfig file.
The default Xsession file contains session initialization code. It does contain some vendor specific code but its general function is as follows:
System administrators are discouraged from customizing the Xsession file.
Symmetrical with Xstartup, this script is run after the user session has terminated. Run as root, it should probably contain commands that undo the effects of commands in Xstartup, such as unmounting directories from file servers. The collection of environment variables that were passed to Xstartup are also given to Xreset.
The default Xreset file is /usr/dt/config/Xreset. A system administrator can customize Xreset by copying /usr/dt/config/Xreset to /etc/dt/config/Xreset and modifying /etc/dt/config/Xreset.
The default Xreset file contains code to change ownership of /dev/console back to root.
Contains error messages from dtlogin and anything output to stderr by Xsetup, Xstartup or Xreset. The system administrator can use the contents of this file for dtlogin troubleshooting. The errorLogSize resource limits the size of the Xerrors file and can prevent it from growing without bound.
A system administrator can change the pathname of the Xerrors file by setting the errorLogFile resource in the Xconfig file. See the Xconfig section for information on how to update the Xconfig file.
Contains the process ID of the master dtlogin process which can be used when sending signals to dtlogin. A system administrator can change the pathname of the Xpid file by setting the pidFile resource in the Xconfig file. See the Xconfig section for information on how to update the Xconfig file.
There is a resource in /usr/dt/config/Xconfig that controls the maximum error log file size of /var/dt/Xerrors, the error log for the dtlogin processes and the X server. This resource is called Dtlogin.errorLogSize, and it specifies the maximum file size in kilobytes. The dtlogin application will truncate the file if it grows larger than the size specified in the resource parameter.
Because both dtlogin and the X server can write to this file, the X server may write more data than the limit before the dtlogin process can trim it. Sending a signal to the primary dtlogin process on the system will also force the file to be truncated.