Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ xdm(1) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

X(1)

xinit(1)

xauth(1)

Xsecurity(1)

Xsession(5)



XDM(1)                          X11 R4.11MU05                         XDM(1)


NAME
       xdm - X Display Manager with support for XDMCP

SYNOPSIS
       xdm [ -config configurationfile ] [ -nodaemon ] [ -debug debuglevel
       ] [ -error errorlogfile ] [ -resources resourcefile ] [ -server
       serverentry ] [ -session sessionprogram ]

DESCRIPTION
       Xdm manages a collection of X displays, which may be on the local
       host or remote servers.  The design of xdm was guided by the needs of
       X terminals as well as the X Consortium standard XDMCP, the X Display
       Manager Control Protocol.  Xdm provides services similar to those
       provided by init, getty and login on character terminals: prompting
       for a login name and usually a password, authenticating the user, and
       running a ``session.''

       A ``session'' is defined by the lifetime of a particular process; in
       the traditional character-based terminal world, it is the user's
       login shell.  In the xdm context, it is an arbitrary session manager.
       This is because in a windowing environment, a user's login shell
       process does not necessarily have any terminal-like interface with
       which to connect.  When a real session manager is not available, a
       window manager or terminal emulator is typically used as the
       ``session manager,'' meaning that termination of this process
       terminates the user's session.

       When the session is terminated, xdm resets the X server and
       (optionally) restarts the whole process.

       When xdm receives an Indirect query via XDMCP, it can run a chooser
       process to perform an XDMCP BroadcastQuery (or an XDMCP Query to
       specified hosts) on behalf of the display and offer a menu of
       possible hosts that offer XDMCP display management.  This feature is
       useful with X terminals that do not offer a host menu themselves.

       Because xdm provides the first interface that users will see, it is
       designed to be simple to use and easy to customize to the needs of a
       particular site.  Xdm has many options, most of which have reasonable
       defaults.  Browse through the various sections of this manual,
       picking and choosing the things you want to change.  Pay particular
       attention to the Session Program section, which will describe how to
       set up the style of session desired.


TYPICAL USAGE
       Actually, xdm is designed to operate in such a wide variety of
       environments that typical is probably a misnomer.

       First, the xdm configuration file should be set up.  Make a directory
       (usually /usr/lib/X11/xdm) to contain all of the relevant files.
       Here is a reasonable configuration file, which could be named xdm-
       config:


            DisplayManager.servers:            /usr/lib/X11/xdm/Xservers
            DisplayManager.errorLogFile:       /usr/lib/X11/xdm/xdm-errors
            DisplayManager*resources:          /usr/lib/X11/xdm/Xresources
            DisplayManager*startup:            /usr/lib/X11/xdm/Xstartup
            DisplayManager*session:            /usr/lib/X11/xdm/Xsession
            DisplayManager.pidFile:            /usr/lib/X11/xdm/xdm-pid
            DisplayManager._0.authorize:       true
            DisplayManager*authorize:          false


       Note that this file simply contains references to other files.  Note
       also that some of the resources are specified with ``*'' separating
       the components.  These resources can be made unique for each
       different display, by replacing the ``*'' with the display-name, but
       normally this is not very useful.  See the Resources section for a
       complete discussion.

       The first file, /usr/lib/X11/xdm/Xservers, contains the list of
       displays to manage that are not using XDMCP.  Most workstations have
       only one display, numbered 0, so the file will look something like
       this:

            :0 Local local /usr/bin/X11/X :0

       This will keep /usr/bin/X11/X running on this display and manage a
       continuous cycle of sessions.

       The file /usr/lib/X11/xdm/xdm-errors will contain error messages from
       xdm and anything output to stderr by Xsetup, Xstartup, Xsession or
       Xreset.  When you have trouble getting xdm working, check this file
       to see if xdm has any clues to the trouble.

       The next configuration entry, /usr/lib/X11/xdm/Xresources, is loaded
       onto the display as a resource database using xrdb.  As the
       authentication dialog reads this database before starting up, it
       usually contains parameters for that dialog:

            xlogin*translations: #override\
                 Ctrl<Key>R: reset-session() \n\
                 Ctrl<Key>X: restart-session() \n\
                 Ctrl<Key>Z: terminate-session() \n\
                 Ctrl<Key>plus: allow-all-access()
            xlogin.borderWidth: 3
            xlogin.loginForm.borderWidth: 3
            xlogin.loginForm.scrolledWindow.height: 200
            xlogin.loginForm.scrolledWindow.width: 350
            xlogin.loginForm*getText.fontList: fixed
            #ifndef COLOR
                 xlogin*foreground: black
                 xlogin*background: white
            #else
                 xlogin*foreground: MidnightBlue
                 xlogin*background: LightSteelBlue
            #endif


       Please note the translations entry; it specifies a few new
       translations for the authentication dialog that allow users to escape
       from the default session (and avoid troubles that may occur in it).
       Note that if #override is not specified, the default translations are
       removed and replaced by the new value, not a very useful result as
       some of the default translations are quite useful.

       The Xstartup file shown here simply prevents login while the file
       /etc/nologin exists.  As there is no provision for displaying any
       messages here (there isn't any core X client which displays files),
       the user will probably be baffled by this behavior.  Thus this is not
       a complete example, but simply a demonstration of the available
       functionality.

       Here is a sample Xstartup script:

            #!/bin/sh
            #
            # Xstartup
            #
            # This program is run with enhanced capabilities after the user
            # is verified
            #
            if [ -f /etc/nologin ]; then
                 exit 1
            fi
            exit 0


       The most interesting script is Xsession.  This version recognizes the
       special ``failsafe'' mode, to provide an escape from the ordinary
       session.  The actual Xsession file delivered is more complicated.  It
       runs the file /usr/lib/X11/xdm/system.Xsession if the user's
       $HOME/.Xsession file is not found.  It also runs the user's login
       scripts (ie. ~/.login) in an xterm prior to running the .Xsession
       script.

            #!/bin/sh
            #
            # Xsession
            #
            # This is the program that is run as the client
            # for the display manager.  This example is
            # quite friendly as it attempts to run a per-user
            # .Xsession file instead of forcing a particular
            # session layout
            #

            case $# in
            1)
                 case $1 in
                 failsafe)
                      exec xterm -geometry 80x24-0-0 -ls
                      ;;
                 esac
            esac

            startup=$HOME/.Xsession
            resources=$HOME/.Xdefaults

            if [ -f $startup ]; then
                 exec $startup
                 exec /bin/sh $startup
            else
                 if [ ! -f $resources ]; then
                      resources=$HOME/.Xdefaults
                 fi
                 if [ -f $resources ]; then
                      xrdb -load $resources
                 fi
                 twm &
                 exec xterm -geometry 80x24+10+10 -ls
            fi


OPTIONS
       All of these options, except -config, specify values that can also be
       specified in the configuration file as resources.

       -config configurationfile
              Names the configuration file, which specifies resources to
              control the behavior of xdm.  /usr/lib/X11/xdm/xdm-config is
              the default.

       -nodaemon
              Specifies ``false'' as the value for the
              DisplayManager.daemonMode resource.  This suppresses the
              normal daemon behavior, which is for xdm to close all file
              descriptors, disassociate itself from the controlling
              terminal, and put itself in the background when it first
              starts up.

       -debug debuglevel
              Specifies the numeric value for the DisplayManager.debugLevel
              resource.  A non-zero value causes xdm to print lots of
              debugging statements to the terminal; it also disables the
              DisplayManager.daemonMode resource, forcing xdm to run
              synchronously.  To interpret these debugging messages, a copy
              of the source code for xdm is almost a necessity.  No attempt
              has been made to rationalize or standardize the output.

       -error errorlogfile
              Specifies the value for the DisplayManager.errorLogFile
              resource.  This file contains errors from xdm as well as
              anything written to stderr by the various scripts and programs
              run during the progress of the session.

       -resources resourcefile
              Specifies the value for the DisplayManager*resources resource.
              This file is loaded using xrdb to specify configuration
              parameters for the authentication dialog.

       -server serverentry
              Specifies the value for the DisplayManager.servers resource.
              See the section Server Specification for a description of this
              resource.

       -udpPort portnumber
              Specifies the value for the DisplayManager.requestPort
              resource.  This sets the port-number which xdm will monitor
              for XDMCP requests.  As XDMCP uses the registered well-known
              UDP port 177, this resource should not be changed except for
              debugging.

       -session sessionprogram
              Specifies the value for the DisplayManager*session resource.
              This indicates the program to run as the session after the
              user has logged in.

       -xrm resourcespecification
              Allows an arbitrary resource to be specified, as in most X
              Toolkit applications.

RESOURCES
       At many stages the actions of xdm can be controlled through the use
       of its configuration file, which is in the X resource format.  Some
       resources modify the behavior of xdm on all displays, while others
       modify its behavior on a single display.  Where actions relate to a
       specific display, the display name is inserted into the resource name
       between ``DisplayManager'' and the final resource name segment.  For
       example, DisplayManager.expo0.startup is the name of the resource
       which defines the startup shell file on the ``expo:0'' display.
       Because the resource manager uses colons to separate the name of the
       resource from its value and dots to separate resource name parts, xdm
       substitutes underscores for both dots and colons when generating the
       resource name.

       DisplayManager.servers
              This resource either specifies a file name full of server
              entries, one per line (if the value starts with a slash), or a
              single server entry.  See the section Server Specification for
              the details.

       DisplayManager.requestPort
              This indicates the UDP port number which xdm uses to listen
              for incoming XDMCP requests.  Unless you need to debug the
              system, leave this with its default value of 177.

       DisplayManager.errorLogFile
              Error output is normally directed at the system console.  To
              redirect it, set this resource to a file name.  A method to
              send these messages to syslog should be developed for systems
              which support it; however, the wide variety of interfaces
              precludes any system-independent implementation.  This file
              also contains any output directed to stderr by the Xsetup,
              Xstartup, Xsession and Xreset files, so it will contain
              descriptions of problems in those scripts as well.

       DisplayManager.debugLevel
              If the integer value of this resource is greater than zero,
              reams of debugging information will be printed.  It also
              disables daemon mode, which would redirect the information
              into the bit-bucket, and allows non-privileged users to run
              xdm, which would normally not be useful.

       DisplayManager.daemonMode
              Normally, xdm attempts to make itself into a daemon process
              unassociated with any terminal.  This is accomplished by
              forking and leaving the parent process to exit, then closing
              file descriptors and releasing the controlling terminal.  In
              some environments this is not desired (in particular, when
              debugging).  Setting this resource to ``false'' will disable
              this feature.

       DisplayManager.pidFile
              The filename specified will be created to contain an ASCII
              representation of the process-id of the main xdm process.  Xdm
              also uses file locking on this file to attempt to eliminate
              multiple daemons running on the same machine, which would
              cause quite a bit of havoc.

       DisplayManager.lockPidFile
              This is the resource which controls whether xdm uses file
              locking to keep multiple display managers from running amok.
              On System V, this uses the lockf library call, while on BSD it
              uses flock.

       DisplayManager.authDir
              This names a directory in which xdm stores authorization files
              while initializing the session.  The default value is
              /usr/lib/X11/xdm.

       DisplayManager.autoRescan
              This boolean controls whether xdm rescans the configuration,
              servers, access control and authentication keys files after a
              session terminates and the files have changed.  By default it
              is ``true.''  You can force xdm to reread these files by
              sending a SIGHUP to the main process.

       DisplayManager.removeDomainname
              When computing the display name for XDMCP clients, the name
              resolver will typically create a fully qualified host name for
              the terminal.  As this is sometimes confusing, xdm will remove
              the domain name portion of the host name if it is the same as
              the domain name of the local host when this variable is set.
              By default the value is ``true.''

       DisplayManager.keyFile
              XDM-AUTHENTICATION-1 style XDMCP authentication requires that
              a private key be shared between xdm and the terminal.  This
              resource specifies the file containing those values.  Each
              entry in the file consists of a display name and the shared
              key.  By default, xdm does not include support for XDM-
              AUTHENTICATION-1, as it requires DES which is not generally
              distributable because of United States export restrictions.

       DisplayManager.accessFile
              To prevent unauthorized XDMCP service and to allow forwarding
              of XDMCP IndirectQuery requests, this file contains a database
              of hostnames which are either allowed direct access to this
              machine, or have a list of hosts to which queries should be
              forwarded to.  The format of this file is described in the
              section XDMCP Access Control.

       DisplayManager.exportList
              A whitespace-separated list of additional environment
              variables to pass on to the Xsetup, Xstartup, Xsession, and
              Xreset programs.

       DisplayManager.randomFile
              A file to checksum to generate the seed of authorization keys.
              This should be a file that changes frequently.  The default is
              /dev/mem.

       DisplayManager.DISPLAY.resources
              This resource specifies the name of the file to be loaded by
              xrdb as the resource database onto the root window of screen 0
              of the display.  The Xsetup program, the Xlogin widget, and
              chooser will use the resources set in this file.  This
              resource data base is loaded just before the authentication
              procedure is started, so it can control the appearance of the
              login window.  See the section Authentication Widget, which
              describes the various resources that are appropriate to place
              in this file.  There is no default value for this resource,
              but /usr/lib/X11/xdm/Xresources is the conventional name.

       DisplayManager.DISPLAY.chooser
              Specifies the program run to offer a host menu for Indirect
              queries redirected to the special host name CHOOSER.
              /usr/lib/X11/xdm/chooser is the default.  See the sections
              XDMCP Access Control and Chooser.

       DisplayManager.DISPLAY.xrdb
              Specifies the program used to load the resources.  By default,
              xdm uses /usr/bin/X11/xrdb.

       DisplayManager.DISPLAY.cpp
              This specifies the name of the C preprocessor which is used by
              xrdb.

       DisplayManager.DISPLAY.setup
              This specifies a program which is run (with enhanced
              capabilities) before offering the Xlogin window.  This may be
              used to change the appearance of the screen around the Xlogin
              window or to put up other windows (e.g., you may want to run
              xconsole here).  By default, no program is run.  The
              conventional name for a file used here is Xsetup.  See the
              section Setup Program.

       DisplayManager.DISPLAY.startup
              This specifies a program which is run (with enhanced
              capabilities) after the authentication process succeeds.  By
              default, no program is run.  The conventional name for a file
              used here is Xstartup.  See the section Startup Program.

       DisplayManager.DISPLAY.session
              This specifies the session to be executed (running with the
              user's capabilities).  By default, /usr/bin/X11/xterm is run.
              The conventional name is Xsession.  See the section Session
              Program.

       DisplayManager.DISPLAY.reset
              This specifies a program which is run (with enhanced
              capabilities) after the session terminates.  Again, by default
              no program is run.  The conventional name is Xreset.  See the
              section Reset Program.

       DisplayManager.DISPLAY.openDelay

       DisplayManager.DISPLAY.openRepeat

       DisplayManager.DISPLAY.openTimeout

       DisplayManager.DISPLAY.startAttempts
              These numeric resources control the behavior of xdm when
              attempting to open intransigent servers.  openDelay is the
              length of the pause (in seconds) between successive attempts,
              openRepeat is the number of attempts to make, openTimeout is
              the amount of time to wait while actually attempting the open
              (i.e., the maximum time spent in the connect(2) system call)
              and startAttempts is the number of times this entire process
              is done before giving up on the server.  After openRepeat
              attempts have been made, or if openTimeout seconds elapse in
              any particular attempt, xdm terminates and restarts the
              server, attempting to connect again.  This process is repeated
              startAttempts times, at which point the display is declared
              dead and disabled.  Although this behavior may seem arbitrary,
              it has been empirically developed and works quite well on most
              systems.  The default values are 5 for openDelay, 5 for
              openRepeat, 30 for openTimeout and 4 for startAttempts.

       DisplayManager.DISPLAY.pingInterval

       DisplayManager.DISPLAY.pingTimeout
              To discover when remote displays disappear, xdm occasionally
              pings them, using an X connection and XSync calls.
              pingInterval specifies the time (in minutes) between each ping
              attempt, pingTimeout specifies the maximum amount of time (in
              minutes) to wait for the terminal to respond to the request.
              If the terminal does not respond, the session is declared dead
              and terminated.  By default, both are set to 5 minutes.  If
              you frequently use X terminals which can become isolated from
              the managing host, you may wish to increase this value.  The
              only worry is that sessions will continue to exist after the
              terminal has been accidentally disabled.  xdm will not ping
              local displays.  Although it would seem harmless, it is
              unpleasant when the workstation session is terminated as a
              result of the server hanging for NFS service and not
              responding to the ping.

       DisplayManager.DISPLAY.terminateServer
              This boolean resource specifies whether the X server should be
              terminated when a session terminates (instead of resetting
              it).  This option can be used when the server tends to grow
              without bound over time, in order to limit the amount of time
              the server is run.  The default value is ``false.''

       DisplayManager.DISPLAY.userPath
              Xdm sets the PATH environment variable for the session to this
              value.  It should be a colon separated list of directories;
              see sh(1) for a full description.  The default value is
              ``usr/bin:/usr/bin/X11''.

       DisplayManager.DISPLAY.systemPath
              Xdm sets the PATH environment variable for the startup and
              reset scripts to the value of this resource.  The default is
              ``/etc:/usr/bin:/usr/bin/X11''.  Note the conspicuous absence
              of "." from this entry.  This is a good practice to follow for
              privileged users; it avoids many common trojan horse system
              penetration schemes.

       DisplayManager.DISPLAY.systemShell
              Xdm sets the SHELL environment variable for the startup and
              reset scripts to the value of this resource.  It is /bin/sh by
              default.

       DisplayManager.DISPLAY.failsafeClient
              If the default session fails to execute, xdm will fall back to
              this program.  This program is executed with no arguments, but
              executes using the same environment variables as the session
              would have had (see the section Session Program).  By default,
              /usr/bin/X11/xterm is used.

       DisplayManager.DISPLAY.grabServer

       DisplayManager.DISPLAY.grabTimeout
              To improve security, xdm grabs the server and keyboard while
              reading the login name and password.  The grabServer resource
              specifies if the server should be held for the duration of the
              name/password reading.  When ``false,'' the server is
              ungrabbed after the keyboard grab succeeds, otherwise the
              server is grabbed until just before the session begins.  The
              default is ``false.''  The grabTimeout resource specifies the
              maximum time xdm will wait for the grab to succeed.  The grab
              may fail if some other client has the server grabbed, or
              possibly if the network latencies are very high.  This
              resource has a default value of 3 seconds; you should be
              cautious when raising it, as a user can be spoofed by a look-
              alike window on the display.  If the grab fails, xdm kills and
              restarts the server (if possible) and the session.

       DisplayManager.DISPLAY.authorize

       DisplayManager.DISPLAY.authName
              authorize is a boolean resource which controls whether xdm
              generates and uses authorization for the local server
              connections.  If authorization is used, authName is a
              whitespace-separated list of authorization mechanisms to use.
              XDMCP connections dynamically specify which authorization
              mechanisms are supported, so authName is ignored in this case.
              When authorize is set for a display and authorization is not
              available, the user is informed by having a different message
              displayed in the login widget.  By default, authorize is
              ``false''; authName is ``MIT-MAGIC-COOKIE-1.''

       DisplayManager.DISPLAY.authFile
              This file is used to communicate the authorization data from
              xdm to the server, using the -auth server command line option.
              It should be kept in a directory which is not world-writable
              as it could easily be removed, disabling the authorization
              mechanism in the server.

       DisplayManager.DISPLAY.authComplain
              If set to ``false,'' disables the use of the unsecureGreeting
              in the login window.  See the section Authentication Widget.
              The default is ``true.''

       DisplayManager.DISPLAY.resetSignal
              The number of the signal xdm sends to reset the server.  See
              the section Controlling the Server.  The default is 1
              (SIGHUP).

       DisplayManager.DISPLAY.termSignal
              The number of the signal xdm sends to terminate the server.
              See the section Controlling the Server.  The default is 15
              (SIGTERM).

       DisplayManager.DISPLAY.resetForAuth
              The original implementation of authorization in the sample
              server reread the authorization file at server reset time,
              instead of when checking the initial connection.  As xdm
              generates the authorization information just before connecting
              to the display, an old server would not get up-to-date
              authorization information.  This resource causes xdm to send
              SIGHUP to the server after setting up the file, causing an
              additional server reset to occur, during which time the new
              authorization information will be read.  The default is
              ``false,'' which will work for all MIT servers.

       DisplayManager.DISPLAY.userAuthDir
              When xdm is unable to write to the usual user authorization
              file ($HOME/.Xauthority), it creates a unique file name in
              this directory and points the environment variable XAUTHORITY
              at the created file.  It uses /tmp by default.

XDMCP ACCESS CONTROL
       The database file specified by the DisplayManager.accessFile provides
       information which xdm uses to control access from displays requesting
       XDMCP service.  This file contains three types of entries:  entries
       which control the response to Direct and Broadcast queries, entries
       which control the response to Indirect queries, and macro
       definitions.

       The format of the Direct entries is simple, either a host name or a
       pattern, which is distinguished from a host name by the inclusion of
       one or more meta characters (`*' matches any sequence of 0 or more
       characters, and `?' matches any single character) which are compared
       against the host name of the display device.  If the entry is a host
       name, all comparisons are done using network addresses, so any name
       which converts to the correct network address may be used.  For
       patterns, only canonical host names are used in the comparison, so
       ensure that you do not attempt to match aliases.  Preceding either a
       host name or a pattern with a `!' character causes hosts which match
       that entry to be excluded.

       An Indirect entry also contains a host name or pattern, but follows
       it with a list of host names or macros to which indirect queries
       should be sent.

       A macro definition contains a macro name and a list of host names and
       other macros that the macro expands to.  To distinguish macros from
       hostnames, macro names start with a `%' character.  Macros may be
       nested.

       Indirect entries may also specify to have xdm run chooser to offer a
       menu of hosts to connect to.  See the section Chooser.

       When checking access for a particular display host, each entry is
       scanned in turn and the first matching entry determines the response.
       Direct and Broadcast entries are ignored when scanning for an
       Indirect entry and vice-versa.

       Blank lines are ignored, `#' is treated as a comment delimiter
       causing the rest of that line to be ignored, and `\newline' causes
       the newline to be ignored, allowing indirect host lists to span
       multiple lines.

       Here is an example Xaccess file:

       #
       # Xaccess - XDMCP access control file
       #

       #
       # Direct/Broadcast query entries
       #

       !xtra.lcs.mit.edu   # disallow direct/broadcast service for xtra
       bambi.ogi.edu       # allow access from this particular display
       *.lcs.mit.edu       # allow access from any display in LCS

       #
       # Indirect query entries
       #

       %HOSTS              expo.lcs.mit.edu xenon.lcs.mit.edu \
                           excess.lcs.mit.edu kanga.lcs.mit.edu

       extract.lcs.mit.edu xenon.lcs.mit.edu   #force extract to contact xenon
       !xtra.lcs.mit.edu   dummy               #disallow indirect access
       *.lcs.mit.edu       %HOSTS              #all others get to choose

CHOOSER
       For X terminals that do not offer a host menu for use with Broadcast
       or Indirect queries, the chooser program can do this for them.  In
       the Xaccess file, specify ``CHOOSER'' as the first entry in the
       Indirect host list.  Chooser will send a Query request to each of the
       remaining host names in the list and offer a menu of all the hosts
       that respond.

       The list may consist of the word ``BROADCAST,'' in which case chooser
       will send a Broadcast instead, again offering a menu of all hosts
       that respond.  Note that on some operating systems, UDP packets
       cannot be broadcast, so this feature will not work.

       Example Xaccess file using chooser:

       extract.lcs.mit.edu CHOOSER %HOSTS      #offer a menu of these hosts
       xtra.lcs.mit.edu    CHOOSER BROADCAST   #offer a menu of all hosts

       The program to use for chooser is specified by the
       DisplayManager.DISPLAY.chooser resource.  Resources for this program
       can be put into the file named by DisplayManager.DISPLAY.resources.

SERVER SPECIFICATION
       The resource DisplayManager.servers gives a server specification or,
       if the values starts with a slash (/), the name of a file containing
       server specifications, one per line.

       Each specification indicates a display which should constantly be
       managed and which is not using XDMCP.  Each consists of at least
       three parts:  a display name, a display class, a display type, and
       (for local servers) a command line to start the server.  A typical
       entry for local display number 0 would be:

         :0 Digital-QV local /usr/bin/X11/X :0

       The display types are:

       local     local display: xdm must run the server
       foreign   remote display: xdm opens an X connection to a running server


       The display name must be something that can be passed in the -display
       option to an X program.  This string is used to generate the display-
       specific resource names, so be careful to match the names (e.g. use
       ``:0 local /usr/bin/X11/X :0'' instead of ``localhost:0 local
       /usr/bin/X11/X :0'' if your other resources are specified as
       ``DisplayManager._0.session'').  The display class portion is also
       used in the display-specific resources, as the class of the resource.
       This is useful if you have a large collection of similar displays
       (like a corral of X terminals) and would like to set resources for
       groups of them.  When using XDMCP, the display is required to specify
       the display class, so the manual for your particular X terminal
       should document the display class string for your device.  If it
       doesn't, you can run xdm in debug mode and look at the resource
       strings which it generates for that device, which will include the
       class string.

SETUP PROGRAM
       The Xsetup file is run after the server is reset, but before the
       Xlogin window is offered.  The file is typically a shell script.  It
       is run with enhanced capabilities, so should be careful about
       security.  This is the place to change the root background or bring
       up other windows that should appear on the screen along with the
       Xlogin widget.

       In addition to any specified by DisplayManager.exportList, the
       following environment variables are passed:

            DISPLAY        the associated display name
            PATH           the value of DisplayManager.DISPLAY.systemPath
            SHELL          the value of DisplayManager.DISPLAY.systemShell
            XAUTHORITY     may be set to an authority file

       Note that since xdm grabs the keyboard, any other windows will not be
       able to receive keyboard input.  They will be able to interact with
       the mouse, however; beware of potential security holes here.  If
       DisplayManager.DISPLAY.grabServer is set, Xsetup will not be able to
       connect to the display at all.  Resources for this program can be put
       into the file named by DisplayManager.DISPLAY.resources.

AUTHENTICATION DIALOG
       On a generic DG/UX system, the authentication dialog asks for a user
       name and if appropriate, the user's password to authenticate the
       user.

       On a system with DG/UX information security, the authentication
       dialog asks for a user name, followed by prompts for other types of
       authentication information as specified in the A&A database.  In
       addition, the user can specify a MAC label when logging in by using
       the -l option. For example,

            Login: nathan -l acrlo

       In this case, xdm creates the session with a process clearance (MAC
       label) of acrlo, if the A&A database authorizations for the xdm
       service permits this.

       Nearly every imaginable parameter of the authentication dialog can be
       controlled with a resource.  Resources for this dialog should be put
       into the file named by DisplayManager.DISPLAY.resources.  All of
       these have reasonable default values, so it is not necessary to
       specify any of them.

       The authentication dialog box is made up of Motif widgets, thus any
       Motif widget resource may be set for this dialog.  The class name for
       the authentication dialog is Xlogin.  The instance name is xlogin.
       Some of the widgets that make up a typical authentication dialog
       include:

          xlogin (applicationShellWidgetClass)
             loginForm (xmFormWidgetClass)
                title (xmLabelWidgetClass)
                scrolledWindow (xmScrolledWindowWidgetClass)
                   actionList (xmRowColumnWidgetClass)

                   An actionList may have one of more of
                   the following children:
                      showText (xmLabelWidgetClass)
                      getTextBB (xmBulletinBoardWidgetClass)
                         showText (xmLabelWidgetClass)
                         getText (xmTextWidgetClass)
                      selectListForm (xmFormWidgetClass)
                         scrolledSelectList (xmScrolledWindowWidgetClass)
                            selectList (xmListWidgetClass)
                         selectListConfirm (xmPushButtonWidgetClass)
                      showAckForm (xmFormWidgetClass)
                         OK (xmPushButtonWidgetClass)
                failsafeToggle (xmToggleButtonWidgetClass)
                buttonMenu (xmRowColumnWidgetClass)
                   resetButton (xmPushButtonWidgetClass)
                   restartButton (xmPushButtonWidgetClass)
                   terminateButton (xmPushButtonWidgetClass)

       In addition to standard Motif resources, the authentication dialog
       has the following special resources:

       xlogin.greeting
              A string that identifies this window.  The default is ``X
              Window System.''

       xlogin.unsecureGreeting
              When X authorization is requested in the configuration file
              for this display and none is in use, this greeting replaces
              the standard greeting.  The default is ``This is an unsecure
              session.''

       xlogin.namePrompt
              The string displayed to prompt for a user name.  The default
              is ``Login:''.

       xlogin.failMessage
              A message that is displayed when the authentication fails.
              The default is ``Login incorrect.''

       xlogin.createFailsafeToggle
              This boolean resource directs the xlogin widget to create the
              ``failsafe'' toggle button.

       xlogin.createTerminateCommand
              This boolean resource directs the xlogin widget to create the
              ``terminate'' push button.

       xlogin.createRestartCommand
              This boolean resource directs the xlogin widget to create the
              ``restart'' push button.

       xlogin.createResetCommand
              This boolean resource directs the xlogin widget to create the
              ``reset'' push button.

       The following new actions are supported by the translation table for
       the xlogin widget:

       restart-session
              Terminates and restarts the server.

       terminate-session
              Terminates the server, disabling it.  This is a rash action.
              It can be used to stop xdm when shutting the system down or
              when using xdmshell.

       reset-session
              Resets the X server and starts a new session.  This can be
              used when the resources have been changed and you want to test
              them or when the screen has been overwritten with system
              messages.

       allow-all-access
              Disables access control in the server.  This can be used when
              the .Xauthority file cannot be created by xdm.  Be very
              careful using this; it might be better to disconnect the
              machine from the network before doing this.

       Three buttons are provided for controlling the display: "Reset",
       "Restart" and "Terminate".  On local displays, all three buttons can
       be created, and they directly control the Xserver process.  "Reset"
       resets the X server and starts a new session; "restart" terminates
       and restarts the X server; "terminate" terminates the server,
       stopping the xdm daemon.

       On foreign displays, the "Restart" button is not created because xdm
       has no way to restart the Xserver on a foreign display. In addition,
       on foreign displays, the "Terminate" button simply terminates
       management of the display; it does not affect the xdm daemon.

       On a display using XDMCP, only the "Reset" button is created.  The
       action of the "Reset" button is determined by the Xserver that
       generated the XDMCP management request.

The Xstartup file
       This file is typically a shell script.  It is run with enhanced
       capabilities and should be very careful about security.  This is the
       place to put commands that make fake entries in /etc/utmp, mount
       users' home directories from file servers,

STARTUP PROGRAM
       The Xstartup file is typically a shell script.  It is run with
       enhanced capabilities and should be very careful about security.
       This is the place to put commands that add entries to /etc/utmp,
       mount users' home directories from file servers, display the message
       of the day, or abort the session if logins are not allowed.

       In addition to any specified by DisplayManager.exportList, the
       following environment variables are passed:

            DISPLAY        the associated display name
            HOME           the initial working directory of the user
            USER           the user name
            PATH           the value of DisplayManager.DISPLAY.systemPath
            SHELL          the value of DisplayManager.DISPLAY.systemShell
            XAUTHORITY     may be set to an authority file


       No arguments are passed to the script.  Xdm waits until this script
       exits before starting the user session.  If the exit value of this
       script is non-zero, xdm discontinues the session and starts another
       authentication cycle.

SESSION PROGRAM
       The Xsession program is the command that is run as the user's
       session.  It is run with the permissions of the authorized user.

       In addition to any specified by DisplayManager.exportList, the
       following environment variables are passed:

            DISPLAY        the associated display name
            HOME           the initial working directory of the user
            USER           the user name
            PATH           the value of DisplayManager.DISPLAY.userPath
            SHELL          the user's default shell (from getpwnam)
            XAUTHORITY     may be set to a non-standard authority file


       At most installations, Xsession should look in $HOME for a file
       .Xsession, that contains commands that each user would like to use as
       a session.  Xsession should also implement a system default session
       if no user-specified session exists.  See the section Typical Usage.

       The ``failsafe'' argument may be passed to this program from the
       authentication dialog.  One good use of this feature is to allow the
       user to escape from the ordinary session when it fails.  This allows
       users to repair their own .Xsession if it fails, without requiring
       administrative intervention.  The section Typical Usage demonstrates
       this feature.

RESET PROGRAM
       Symmetrical with Xstartup, the Xreset script is run after the user
       session has terminated.  Run with enhanced capabilities, it should
       contain commands that undo the effects of commands in Xstartup,
       removing entries from /etc/utmp or unmounting directories from file
       servers.  The environment variables that were passed to Xstartup are
       also passed to Xreset.

CONTROLLING THE SERVER
       Xdm controls local servers using POSIX signals.  SIGHUP is expected
       to reset the server, closing all client connections and performing
       other cleanup duties.  SIGTERM is expected to terminate the server.
       If these signals do not perform the expected actions, the resources
       DisplayManager.DISPLAY.resetSignal and
       DisplayManager.DISPLAY.termSignal can specify alternate signals.

       To control remote terminals not using XDMCP, xdm searches the window
       hierarchy on the display and uses the protocol request KillClient in
       an attempt to clean up the terminal for the next session.  This may
       not actually kill all of the clients, as only those which have
       created windows will be noticed.  XDMCP provides a more sure
       mechanism; when xdm closes its initial connection, the session is
       over and the terminal is required to close all other connections.

CONTROLLING XDM
       Xdm responds to two signals: SIGHUP and SIGTERM.  When sent a SIGHUP,
       xdm rereads the configuration file, the access control file, and the
       servers file.  For the servers file, it notices if entries have been
       added or removed.  If a new entry has been added, xdm starts a
       session on the associated display.  Entries which have been removed
       are disabled immediately, meaning that any session in progress will
       be terminated without notice and no new session will be started.

       When sent a SIGTERM, xdm terminates all sessions in progress and
       exits.  This can be used when shutting down the system.

       Xdm attempts to mark its various sub-processes for ps(1) by editing
       the command line argument list in place.  Because xdm can't allocate
       additional space for this task, it is useful to start xdm with a
       reasonably long command line (using the full path name should be
       enough).  Each process which is servicing a display is marked
       -display.

OTHER POSSIBILITIES
       You can use xdm to run a single session at a time by specifying the
       server on the command line:

            xdm -server ":0 local /usr/bin/X :0"


       Or, you might have a file server and a collection of X terminals.
       The configuration for this is identical to the sample above, except
       the Xservers file would look like

            extol:0 VISUAL-19 foreign
            exalt:0 NCD-19 foreign
            explode:0 NCR-TOWERVIEW3000 foreign


       This directs xdm to manage sessions on all three of these terminals.
       See the section Controlling Xdm for a description of using signals to
       enable and disable these terminals in a manner reminiscent of
       init(8).

LIMITATIONS
       One thing that xdm isn't very good at doing is coexisting with other
       window systems.  To use multiple window systems on the same hardware,
       you'll probably be more interested in xinit.

FILES
       /usr/lib/X11/xdm/xdm-config
                           the default configuration file

       /usr/lib/X11/xdm/Xaccess
                           the default access file, listing authorized
                           displays

       /usr/lib/X11/xdm/Xservers
                           the default server file, listing non-XDMCP
                           servers to manage

       $(HOME)/.Xauthority user authorization file where xdm stores keys for
                           clients to read

       /usr/lib/X11/xdm/chooser
                           the default chooser

       /usr/bin/X11/xrdb   the default resource database loader

       /usr/bin/X11/X      the default server

       /usr/bin/X11/xterm  the default session program and failsafe client

       /usr/lib/X11/xdm/A<host>-<suffix>
                           the default place for authorization files

SEE ALSO
       X(1), xinit(1), xauth(1), Xsecurity(1), Xsession(5) and XDMCP

COPYRIGHT
       Copyright 1988, Massachusetts Institute of Technology.
       See X(1) for a full statement of rights and permissions.

AUTHOR
       Keith Packard, MIT X Consortium


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026