VUELOGIN(1X)
NAME
vuelogin — The HP VUE Login Manager.
SYNOPSIS
vuelogin [-config configuration_file] [-daemon] [-debug debug_level] [-error error_log_file] [-nodaemon] [-resources resource_file] [-server server_entry] [-session session_program]
DESCRIPTION
Vuelogin manages a collection of X displays, both local and possibly remote. The emergence of X terminals guided the design of several parts of this system, along with the development of the X Consortium standard XDMCP ( X Display Manager Control Protocol). Vuelogin provides services similar to those provided by init(1M), getty(1M) and login(1) on character terminals: prompting for login and password, authenticating the user, and running a “session.”
A “session” is defined by the lifetime of a particular process; in the traditional character-based terminal world, it is the user’s login shell process. In the HP VUE context, it is the HP VUE Session Manager. This is because in a windowing environment, a user’s login shell process does not necessarily have any terminal-like interface with which to connect.
If the HP VUE Session Manager is not used, the typical vuelogin substitute is either a window manager with an exit option, or a terminal emulator running a shell, where the lifetime of the terminal emulator is the lifetime of the shell process that it is running; thus reducing the X session to an emulation of the character-based terminal session.
When the session is terminated, vuelogin resets the X server and (optionally) restarts the whole process.
Because vuelogin provides the first interface that users see, it is designed to be simple to use and easy to customize to the needs of a particular site.
OPTIONS
All options, except -config, specify values that can also be specified in the configuration file as resources. Typically, customization is done via the configuration file rather than command line options. The options are most useful for debugging and one-shot tests.
-config configuration_file
Specifies a resource file that specifies the remaining configuration parameters. If no file is specified and the file /usr/vue/config/Xconfig exists, vuelogin uses it.
-daemon
Specifies “true” as the value for the daemonMode resource. This makes vuelogin close all file descriptors, disassociate the controlling terminal and put itself in the background when it first starts up (just like the host of other daemons).
-debug debug_level
Specifies the numeric value for the debugLevel resource. A non-zero value causes vuelogin to print debugging statements to the terminal; it also disables the daemonMode resource, forcing vuelogin to run synchronously.
-error error_log_file
Specifies the value for the errorLogFile resource. This file contains errors from vuelogin as well as anything written to stderr by the various scripts and programs run during the progress of the session.
-nodaemon
Specifies “false” as the value for the daemonMode resource.
-resources resource_file
Specifies the value for the resources resource. This file is loaded using xrdb (1) to specify configuration parameters for the authentication screen.
-server server_entry
Specifies the value for the servers resource. See servers below for more detail.
-udpPort port_number
Specifies the value for the requestPort resource. This sets the port-number that vuelogin monitors for XDMCP requests. Since XDMCP uses the registered well-known udp port 177, this resource should probably not be changed except for debugging.
-session session_program
Specifies the value for the session resource. This indicates the program to run when the user has logged in as the session.
CONTROLLING THE SERVER
Vuelogin controls local servers using POSIX signals. SIGHUP is expected to reset the server, closing all client connections and performing other clean up duties. SIGTERM is expected to terminate the server. If these signals do not perform the expected actions, the resources resetSignal and termSignal can specify alternate signals.
To control remote servers not using XDMCP, vuelogin searches the window hierarchy on the display and uses the KillClient protocol request in an attempt to clean up the terminal for the next session. This may not actually kill all of the clients, since only those that have created windows are noticed. XDMCP provides a more sure mechanism; when vuelogin closes its initial connection, the session is over and the terminal is required to close all other connections.
CONTROLLING VUELOGIN
Vuelogin responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP, vuelogin rereads the configuration file and the file specified by the servers resource and determines whether entries have been added or removed. If a new entry has been added, vuelogin starts a session on the associated display. Entries that have been removed are disabled immediately, meaning that any session in progress is terminated without notice, and no new session is started.
When sent a SIGTERM, vuelogin terminates all sessions in progress and exits. This can be used when shutting down the system.
ENVIRONMENT
Vuelogin invokes the user’s session with the following default environment:
DISPLAYis set to the associated display name
EDITORis set to /usr/vue/bin/vuepad
HOMEis set to the home directory of the user
KBD_LANGis set to the value of LANG for applicable languages
LANGis set to the current NLS language (if any)
LC_ALLis set to the current NLS language (if any)
LC_MESSAGESis set to the current NLS language (if any)
LOGNAMEis set to the user name
MAILis set to /usr/mail/$USER
PATHis set to the value of the userPath resource
USERis set to the user name
SHELLis set to the user’s default shell (from /etc/passwd)
TERMis set to xterm
TZis set to the value of the timeZone resource or system default
XAUTHORITYmay be set to an authority file
Three methods are available to modify or add to this list depending on the desired scope of the resulting environment variable.
The environment resource is available in the vuelogin configuration file to allow setting of environment variables on a global or per-display basis. Variables specified by this method are available to both the display’s X server process and the user’s session and override any default settings. The resource accepts a string of <name>=<value> pairs separated by at least one space or tab. The values specified must be constants because no shell is used to parse the string. See the Resources section below for details on setting this resource. For example:
Vuelogin*environment: SB_DISPLAY_ADDR=0xB00000 \
WMSHMSPC=0x200000
Note: The environment variables LANG and TZ have their own dedicated resources in the configuration file and should not be set via environment. Environment variables that require processing by a shell or are dependent on the value of another environment variable can be specified in the startup script Xsession. These variables are loaded into the environment of all users on the display, but not to the X server process. They override any previous settings of the same variable. The Xsession script accepts ksh syntax for setting environment variables. For example.
MAIL=/usr/mail/$USER
Finally, personal environment variables can be set on a per-user basis in the script file $HOME/.vueprofile. Vuelogin accepts either sh, ksh, or csh syntax for the commands in this file. The commands should only be those that set environment variables, not any that perform terminal I/O, excepting tset(1) or stty(1). If the first line of .vueprofile is #!/bin/sh, #!/bin/ksh, or #!/bin/csh, vuelogin uses the appropriate shell to parse .vueprofile. Otherwise, the user’s default shell ($SHELL) is used.
INTERNATIONALIZATION
All labels and messages are localizable. The message catalog vuelogin.cat contains the localized representations of the default labels and messages. Vuelogin reads the appropriate message catalog indicated by the LANG environment variable and displays the localized strings. An option on the authentication screen allows the user to override the default language for the subsequent session. If the authentication screen has been localized for the selected language, it is redisplayed in that language; otherwise, it is displayed in the default language. In either case, the LANG environment variable is set appropriately for the resulting session.
The resource language is available in the vuelogin configuration file to change the default language for a display.
The resource languagelist is also available in the vuelogin configuration file to override the default set of languages displayed on the authentication screen.
RESOURCES
The actions of vuelogin can be controlled through the use of various configuration files, which are in the X resource format. Some resources control the behavior of vuelogin in general, some can be specified for a particular display, and others control the appearance of the authentication screen. The general and display-specific resources are specified in the configuration file named by the -config command line option. All resources should be prepended with the application name Vuelogin.
| Vuelogin General Resource Set | |||
| Name | Class | Type | Default |
| accessFile | AccessFile | String | NULL |
| authDir | AuthDir | String | /usr/vue/config |
| autoRescan | AutoRescan | Boolean | True |
| daemonMode | DaemonMode | Boolean | False |
| debugLevel | DebugLevel | Int | 0 |
| errorLogFile | ErrorLogFile | String | NULL |
| errorLogSize | ErrorLogSize | Int | 50 |
| fontPathHead | FontPathHead | String | NULL |
| fontPathTail | FontPathTail | String | NULL |
| keyFile | KeyFile | String | /usr/vue/config/Xkeys |
| lockPidFile | LockPidFile | Boolean | True |
| networkDevice | NetworkDevice | String | /dev/network |
| pidFile | PidFile | String | NULL |
| removeDomainname | RemoveDomainname | Boolean | True |
| requestPort | RequestPort | Int | 177 |
| servers | Servers | String | :0 Local local /usr/bin/X11/X :0 |
| sysParmsFile | SysParmsFile | String | /etc/src.sh |
| timeZone | TimeZone | String | MST7MDT |
| wakeupInterval | WakeupInterval | Int | 10 |
The vuelogin general resources are not display-specific and are applied to all displays where appropriate.
accessFile
To prevent unauthorized XDMCP service this file contains a database of hostnames which are allowed direct access to this machine. The format of this file is described in the section Xdmcp Access Control.
authDir
This is a directory name that vuelogin uses to temporarily store authorization files for displays using XDMCP.
autoRescan
This boolean controls whether vuelogin rescans the configuration file and server file after a session terminates and the files have changed. You can force vuelogin to reread these files by sending a SIGHUP to the main process.
daemonMode
Vuelogin can make itself into an unassociated daemon process. This is accomplished by forking and leaving the parent process to exit, then closing file descriptors and releasing the controlling terminal. This is inconvenient when attempting to debug vuelogin. Setting this resource to "false" disables daemonMode. If vuelogin is started from /etc/inittab, it should not be run in daemon mode. Otherwise the init process will think it has terminated and will attempt to restart it.
debugLevel
A non-zero value specified for this integer resource enables debugging information to be printed. It also disables daemon mode, which redirects the information into the bit-bucket. Specifying a non-zero debug level also allows non-root users to run vuelogin, which is not normally useful.
errorLogFile
Error output is normally directed at the system console. To redirect it, set this resource to any file name. This file also contains any output directed to stderr by Xstartup, Xsession and Xreset, so it contains descriptions of problems in those scripts as well.
errorLogSize
This resource specifies the maximum size of the error log file in kilobytes. When the limit is reached, vuelogin will delete the oldest entries in the file until the file size is reduced to 75% of the maximum.
fontPathHead
This resource defines additional font path elements to be prepended to the X server’s default font path at the time the X server is invoked. You can alternatively define this string via an exported FONT_PATH_HEAD environment variable in /etc/src.sh.
fontPathTail
This resource defines additional font path elements to be appended to the X server’s default font path at the time the X server is invoked. You can alternatively define this string via an exported FONT_PATH_TAIL environment variable in /etc/src.sh.
keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between vuelogin and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, vuelogin does not include support for XDM-AUTHENTICATION-1 because it requires DES, which is not generally distributable.
lockPidFile
This is the resource that controls whether vuelogin uses file locking to prevent multiple logins.
networkDevice
This resource defines the tty line name to be logged in /etc/utmp for foreign displays. It should be either a meaningful but nonexistant device name (such as /dev/network or /dev/lan) or None. The default value is /dev/network. If specified, the device will be "created" as a symbolic link to /dev/null; if set to None, the tty line name in /etc/utmp will instead show the display’s name or internet address.
pidFile
The filename specified is created to contain an ASCII representation of the process-id of the main vuelogin process. This is quite useful when reinitializing the system. Vuelogin also uses file locking to attempt to prevent more than one daemon running on the same machine.
removeDomainname
When computing the display name for XDMCP clients, the resolver typically creates a fully qualified host name for the terminal. As this is sometimes confusing, vuelogin removes the domain name portion of the host name if it is the same as the domain name for the local host when this variable is set.
requestPort
This indicates the UDP port number that vuelogin uses to listen for incoming XDMCP requests. Unless you need to debug the system, leave this with its default value.
servers
This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. Each entry indicates a display that should constantly be managed and that is not using XDMCP. Each entry consists of at least three parts: a display name, a display class, a display type, and (for local servers) a command line to start the server. A typical entry for local display number 0 is:
:0 Local local@console /usr/bin/X11/X :0
The display types are:
locala local display, i.e. one that has a server program to run
foreigna remote display, i.e. one that has no server program to run
The display name must be something that can be passed in the -display option to any X program. This string is used in the display-specific resources to specify the particular display, so be careful to match the names (e.g., use ":0 local /usr/bin/X11/X :0" instead of "localhost:0 local /usr/bin/X11/X :0" if your other resources are specified as "Vuelogin._0.session"). The display class portion is also used in the display-specific resources as the class portion of the resource. This is useful if you have a large collection of similar displays (a group of X terminals, for example) and want to set resources for groups of them. When using XDMCP, the display is required to specify the display class, so perhaps your X terminal documentation describes a reasonably standard display class string for your device. On local bitmaps, the user may choose a "No Windows" option via the login screen, which temporarily suspends the X-server and presents the traditional character "login:" prompt. The user can then log in and perform non-X related tasks. When the user finishes and logs out, the X-server is restarted, and the login screen is redisplayed. In order to support "No Windows" mode, the display must have an associated Internal Terminal Emulator (ITE) device. By default, vuelogin associates the ITE device "console" (/dev/console) with display ":0". If your configuration does not match this default, specify "@<device>" for the display(s) with an associated ITE and "@none" for all other displays listed in the servers file. Arguments in the command line portion of the entry may be environment variables (usually defined and exported in /etc/src.sh or /etc/vuerc). If used, they must be of the simple form $variable, and must represent entire command arguments. Variables embedded in strings or enclosed in braces are not allowed. If font path modifications have been specified (via fontPathHead and fontPathTail resources, or via FONT_PATH_HEAD and FONT_PATH_TAIL environment variables in /etc/src.sh), the modifications will be applied to the X server’s font path each time just before the greet screen appears.
sysParmsFile
This resource specifies a file containing shell commands, one of which sets the timezone environment variable (TZ) for the system. If the timezone is set via the shell syntax, "TZ=", vuelogin can use this information to set the timezone for the user session. In a similar fashion, the file may also set FONT_PATH_HEAD and FONT_PATH_TAIL variables.
timeZone
This resource specifies the local time zone for vuelogin. It is loaded into the environment of vuelogin as the value of the variable TZ and inherited by all subsequent sessions. Some systems maintain a configuration file that contains the timezone setting (ex. /etc/src.sh). See the resource sysParmsFile.
wakeupInterval
If the user selects "No Windows" mode from the login screen, vuelogin terminates the X-server and allows the traditional character-based login prompt, "login:" to become visible. If the user does not log in within 2 * wakeupInterval seconds, the X-server is restarted. Once the user has logged in, vuelogin checks every wakeupInterval seconds to see if the user has logged out. If so, the X-server is restarted and the login screen is redisplayed.
| Vuelogin Display Resource Set | |||
| Name | Class | Type | Default |
| authorize | Authorize | Boolean | False |
| authName | AuthName | String | MIT-MAGIC-COOKIE-1 |
| authFile | AuthFile | String | /usr/vue/config/auth-server |
| cpp | Cpp | String | /lib/cpp |
| environment | Environment | String | NULL |
| failsafeClient | FailsafeClient | String | /usr/bin/X11/xterm |
| grabServer | GrabServer | Boolean | True |
| grabTimeout | GrabTimeout | Int | 3 sec. |
| language | Language | String | NULL |
| languageList | LanguageList | String | NULL |
| openDelay | OpenDelay | Int | 5 sec. |
| openRepeat | OpenRepeat | Int | 5 sec. |
| openTimeout | OpenTimeout | Int | 30 sec. |
| pingInterval | PingInterval | Int | 5 min. |
| pingTimeout | PingTimeout | Int | 5 min. |
| reset | Reset | String | NULL |
| resetForAuth | ResetForAuth | Boolean | False |
| resetSignal | Signal | Int | 1 (SIGHUP) |
| resources | Resources | String | NULL |
| session | Session | String | NULL |
| startAttempts | StartAttempts | Int | 4 |
| startup | Startup | String | NULL |
| systemPath | SystemPath | String | /usr/bin/X11:/bin:/usr/bin:/etc |
| systemShell | SystemShell | String | /bin/sh |
| terminateServer | TerminateServer | Boolean | False |
| termSignal | Signal | Int | 15 (SIGTERM) |
| userAuthDir | UserAuthDir | String | /tmp |
| userPath | UserPath | String | /usr/bin/X11:/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin |
| vuelite | Vuelite | Boolean | False |
| xrdb | Xrdb | String | /usr/bin/X11/xrdb |
Vuelogin display resources can be specified for all displays or for a particular display. To specify a particular display, the display name is inserted into the resource name between “Vuelogin” and the final resource name segment. For example, Vuelogin.expo_0.startup is the name of the resource defining the startup shell file on the “expo:0” display. The resource manager separates the name of the resource from its value with colons, and separates resource name parts with dots, so vuelogin uses underscores for the dots and colons when generating the resource name. Resources can also be specified for a class of displays by inserting the class name instead of a display name. A display that is not managed by XDMCP can have its class affiliation specified in the file referenced by the servers resource. A display using XDMCP supplies its class affiliation as part of the XDMCP packet.
authorize
authorize is a boolean resource that controls whether vuelogin generates and uses authorization for the server connections. (See authName.)
authName
If authorize is used, authName specifies the type of authorization to be used. Currently, vuelogin supports only MIT-MAGIC-COOKIE-1 authorization, XDM-AUTHORIZATION-1 could be supported, but DES is not generally distributable. XDMCP connections state which authorization types are supported dynamically, so authName is ignored in this case. (See authorize.)
authFile
This file is used to communicate the authorization data from vuelogin to the server, using the -auth server command line option. It should be kept in a write-protected directory to prevent its erasure, which would disable the authorization mechanism in the server.
cppThis specifies the name of the C preprocessor that is used by xrdb.
environment
This resource can contain a set of <name>=<value> pairs separated by a space or tab. Each item is loaded into the environment of the server and session. See the Environment section for details.
failsafeClient
If the default session fails to execute, vuelogin falls back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had. (See The Xsession File below.)
grabServer (See grabTimeout.)
grabTimeout
To improve security, vuelogin grabs the server and keyboard while reading the name and password. The grabServer resource specifies if the server should be held while the name and password is read. When FALSE, the server is ungrabbed after the keyboard grab succeeds; otherwise, the server is grabbed until just before the session begins. The grabTimeout resource specifies the maximum time vuelogin will wait for the grab to succeed. The grab may fail if some other client has the server grabbed, or possibly if the network latencies are very high. The grabTimeout resource has a default of 3 seconds; be cautious when using this resource, since a user can be deceived by a look-alike window on the display. If the grab fails, vuelogin kills and restarts the server (if possible) and session. Some X-terminals cannot display their configuration screens while the server is grabbed. Setting grabServer to false will allow the screens to be displayed, but opens the possibility that a user’s login name can be stolen by copying the contents of the login screen. Since the keyboard is still grabbed and the password is not echoed, the password cannot be stolen.
language
This resource specifies the default setting for the LANG environment variable. If the vuelogin screen is localized for that language, it is displayed appropriately; otherwise, it is displayed in the language "C". The user may temporarily override this setting via an option on the login screen. When the subsequent session terminates, the LANG variable reverts to this setting.
languageList
This resource allows the user to override the default set of languages displayed in the "Language" menu of the login screen. It is useful if the set of languages actually used on a particular display is smaller than the set installed on the system. The resource value is a list of valid values for the LANG environment variable. Language values should be separated by one or more spaces or tabs.
openDelay (See startAttempts.)
openRepeat (See startAttempts.)
openTimeout (See startAttempts.)
pingInterval (See pingTimeout.)
pingTimeout
To discover when remote displays disappear, vuelogin occasionally "pings" them, using an X connection and sending XSync requests. pingInterval specifies the time (in minutes) between successive ping attempts, and pingTimeout specifies the maximum wait time (in minutes) for the terminal to respond to the request. If the terminal does not respond, the session is terminated. Vuelogin does not ping local displays. Although it may seem harmless, it is undesirable when the workstation session is terminated as a result of the server hanging for NFS service and not responding to the ping.
resetThis specifies a program that is run (as root) after the session terminates. By default no program is run. The conventional name is Xreset. See The Xreset File below.
resetForAuth
The original implementation of authorization in the sample server reread the authorization file at server reset time, instead of when checking the initial connection. Since vuelogin generates the authorization information just before connecting to the display, an old server does not get current authorization information. This resource causes vuelogin to send SIGHUP to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information is read.
resetSignal
This resource specifies the signal vuelogin sends to reset the server. See the section Controlling The Server
resources
This resource specifies the name of the file to be loaded by xrdb (1) as the resource data-base onto the root window of screen 0 of the display. This resource data base is loaded just before the authentication procedure is started, so it can control the appearance of the "login" window. See the section below on the authentication screen, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but the conventional name is Xresources. See Authentication Screen Resources below.
session
This specifies the session to be executed (not running as root). By default, /usr/bin/X11/xterm is run. The conventional name is Xsession. See The Xsession File below.
startAttempts
Four numeric resources control the behavior of vuelogin when attempting to open reluctant servers: openDelay, openRepeat, openTimeout, and startAttempts. openDelay is the duration (in seconds) between successive attempts; openRepeat is the number of attempts to make; openTimeout is the amount of time to wait while actually attempting the opening (i.e., the maximum time spent in the connect (2) syscall); and startAttempts is the number of times the entire process occurs before giving up on the server. After openRepeat attempts have been made, or if openTimeout seconds elapse in any particular attempt, vuelogin terminates and restarts the server, attempting to connect again. This process is repeated startAttempts time, at which point the display is declared dead and disabled. (See openDelay, openRepeat, and openTimeout.)
startup
This specifies a program that is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is Xstartup. See the Xstartup section below.
systemPath
Vuelogin sets the PATH environment variable for the startup and reset scripts to the value of this resource. Note the conspicuous absence of "." from this entry. This is a good practice to follow for root; it avoids many system penetration schemes.
systemShell
Vuelogin sets the SHELL environment variable for the startup and reset scripts to the value of this resource.
terminateServer
This boolean resource specifies whether the X server should be terminated when a session terminates (instead of resetting it). This option can be used if the server tends to grow without bound over time in order to limit the amount of time the server is run continuously.
termSignal
This resource specifies the signal vuelogin sends to terminate the server. See the section Controlling The Server
userAuthDir
When vuelogin cannot write to the usual user authorization file ($HOME/.Xauthority), it creates a unique file name in this directory and points the environment variable XAUTHORITY at the created file.
userPath
Vuelogin sets the PATH environment variable for the session to this value. It should be a colon-separated list of directories; see sh(1) for a full description.
vuelite
Setting this resource to "True" restricts the display to only allowing fail-safe or VUE Lite sessions. The "HP VUE Session" selection is disabled.
xrdbSpecifies the program used to load the resources.
AUTHENTICATION SCREEN RESOURCES
The authentication screen reads a name-password pair from the keyboard. As this is a Motif toolkit client, colors, fonts and some layout options can be controlled with resources. Resources for this screen should be put into the file named by the resources resource. The default logo on the authentication screen may be replaced with a bitmap of the user’s choice. The following resources are available in addition to the standard Motif set in order to control positioning of the logo and the drop shadow. The resources should be prefaced with the string Vuelogin*logo* when specified.
| Logo Resource Set | |||
| Name | Class | Type | Default |
| bitmapFile | BitmapFile | String | NULL |
| dropShadowBackground | DropShadowBackground | Pixel | dynamic |
| dropShadowForeground | DropShadowForeground | Pixel | dynamic |
| dropShadowBackgroundPixmap | DropShadowBackgroundPixmap | String | dynamic |
| dropShadowThickness | DropShadowThickness | Int | dynamic |
| verticalOffset | VerticalOffset | Int | dynamic |
| x | X | Position | -1 |
| y | X | Position | -1 |
bitmapFile
Specifies the absolute path name to the bitmap file to be used for the logo.
dropShadowBackground
Specifes the background color for the drop shadow.
dropShadowForeground
Specifes the foreground color for the drop shadow.
dropShadowBackgroundPixmap
Specifes the pixmap to be used for the drop shadow. This can either be a built-in Motif pixmap or the absolute path name to a bitmap to be used as the tile for the drop shadow.
dropShadowThickness
Specifes the thickness of the drop shadow in units of pixels.
verticalOffset
Specifes the percentage of the logo to be positioned vertically off the main matte. By default the logo is centered horizontally and positioned vertically by this amount above the matte. This resource is ignored if y is specified.
xSpecifes the x origin for the logo in units of pixels. This resource overrides the default horizontal centering of the logo.
ySpecifes the y origin for the logo in units of pixels. This resource overrides the default vertical positioning of the logo. The default welcome message on the authentication screen may also be replaced with a message of the user’s choice. The following resources are available to control content and positioning of the welcome message. The resources should be prefaced with the string Vuelogin*greeting* when specified.
| Greeting Resource Set | |||
| Name | Class | Type | Default |
| alignment | Alignment | char | ALIGNMENT_CENTER |
| background | Background | Pixel | dynamic |
| foreground | Foreground | Pixel | dynamic |
| fontList | FontList | FontList | dynamic |
| labelString | String | String | Welcome to %LocalHost% |
| x | X | Position | dynamic |
| y | X | Position | dynamic |
alignment
Specifies the alignment of text in the welcome message. Possible values are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER, and ALIGNMENT_END.
background
Specifes the background color for the welcome message.
foreground
Specifes the foreground color for the welcome message.
fontList
Specifes the font to use for the welcome message.
labelString
Specifes the text to use in the welcome message. Multiple lines can be specified by including newline characters, "\n", in the text. If the token %LocalHost% is included in the text, it will be replaced with the name of the host providing login service. If the token %DisplayName% is included in the text, it will be replaced with the name of the X display showing the login screen.
xSpecifes the x origin for the welcome message in units of pixels. By default the welcome message is centered horizontally in the login matte. While in the matte it is clipped to the matte boundaries. If it is positioned outside the matte, it may extend to the screen boundaries.
ySpecifes the y origin for the welcome message in units of pixels. By default the message is positioned slightly above the login area of the login matte.
XDMCP ACCESS CONTROL
The database file specified by the Vuelogin.accessFile resource provides information which vuelogin uses to control access from displays requesting XDMCP service. This file contains entries which control the response to Direct and Broadcast queries.
The format of an entry is either a host name or a pattern. A pattern is distinguished from a host name by the inclusion of one or more meta characters (‘*’ matches any sequence of 0 or more characters, and ‘?’ matches any single character) which are compared against the host name of the display device. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct network address may be used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Preceding either a host name or a pattern with a ‘!’ character causes hosts which match that entry to be excluded.
When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response.
Blank lines are ignored, ‘#’ is treated as a comment delimiter causing the rest of that line to be ignored, and ‘\newline’ causes the newline to be ignored, allowing indirect host lists to span multiple lines.
Here is an example Xaccess file:
#
# Xaccess − XDMCP access control file
#
!xtra.lcs.mit.edu# disallow direct/broadcast service for xtra
bambi.ogi.edu# allow access from this particular display
*.lcs.mit.edu# allow access from any display in LCS
If XDMCP access is granted, a temporary file may be created in the authDir directory which contains authorization information for the X-terminal. It is deleted when the session starts.
AUTOMATIC LOGIN OPTION
The Xaccess file also provides a means for selected X terminals to bypass the usual greet screen and automatically login as a specified user without requesting a password. To enable this behavior, after the name of the display host you must specify the string "BYPASS_LOGIN" followed by the name of the user under which to log in. For example:
# The terminals listed below will be logged in as the user
# specified without a greet screen and with no password required.
shop1BYPASS_LOGINjones# terminal "shop1" logs
# in as user "jones"
Be aware use of this feature can compromise the security of your system.
SESSION STARTUP
Three files are provided to assist in session startup. They can be replaced by other mechanisms via vuelogin resources.
The Xstartup File
This file is typically a shell script. It is run as "root" and should be very careful about security. This is the place to put commands that display the message of the day or do other system-level functions on behalf of the user. Various environment variables are set for the use of this script:
DISPLAYis set to the associated display name
HOMEis set to the home directory of the user
PATHis set to the value of the systemPath resource
USERis set to the user name
SHELLis set to the value of the systemShell resource
No arguments of any kind are passed to the script. Vuelogin waits until this script exits before starting the user session. If the exit value of this script is non-zero, vuelogin discontinues the session immediately and starts another authentication cycle.
The Xsession File
This script reads in the user’s personal environment from $HOME/.vueprofile and then invokes the desired session manager. It is run with the permissions of the authorized user, and has several environment variables pre-set. See the Environment section for a list of the pre-set variables.
The Xreset File
Symmetrical with Xstartup, this script is run after the user session has terminated. Run as root, it should probably contain commands that undo the effects of commands in Xstartup, such as unmounting directories from file servers. The collection of environment variables that were passed to Xstartup are also given to Xreset.
TYPICAL USAGE
Vuelogin is designed to operate in a wide variety of environments. The following setup is a good place to start, but may not be "typical" in many environments.
First off, the vuelogin configuration file should be set up. A good thing to do is to make a directory (ex. /usr/vue/config) that contains all of the relevant files. Here is a typical configuration file, which could be named Xconfig :
Vuelogin.errorLogFile: /usr/vue/config/Xerrors
Vuelogin.pidFile:/usr/vue/config/Xpid
Vuelogin.accessFile:/usr/vue/config/Xaccess
Vuelogin.servers:/usr/vue/config/Xservers
Vuelogin*resources:/usr/vue/config/Xresources
Vuelogin*startup:/usr/vue/config/Xstartup
Vuelogin*session:/usr/vue/config/Xsession
Vuelogin*reset:/usr/vue/config/Xreset
As you can see, this file simply contains references to other files. Note that some of the resources are specified with “*” separating the components. These resources can be made unique for each different display, by replacing the “*” with the display-name. See the Resources section for a complete discussion.
The first file /usr/vue/config/Xservers contains the list of displays to manage. Most workstations have only one display, numbered 0, so the file looks like this:
:0 Local local /usr/bin/X11/X :0
This keeps /usr/bin/X11/X running on this display and manage a continuous cycle of sessions.
The file /usr/vue/config/Xerrors contains error messages from vuelogin and anything output to stderr by Xstartup, Xsession or Xreset. When you have trouble getting vuelogin working, check this file to see if vuelogin has any clues to the trouble. Xerrors can become quite large and should be trimmed periodically.
The next configuration entry, /usr/vue/config/Xresources, is loaded onto the display as a resource database using xrdb (1). As the authentication screen reads this database before starting up, it usually contains parameters for that screen.
SOME OTHER POSSIBILITIES
You can also use vuelogin to run a single session at a time by specifying the server on the command line:
vuelogin -server ":0 HP-TVRX local /usr/bin/X11/X :0"
If you have an X terminal that supports the XDMCP protocol, an entry for that terminal in Xservers is not required. If you have a file server and all X terminals support XDMCP, then Xservers would contain no entries.
Configurations may contain combinations of local servers, X terminals without XDMCP, and X terminals with XDCMP.
COPYRIGHT
Copyright 1988, Massachusetts Institute of Technology.
See X(1) for a full statement of rights and permissions.
AUTHOR
Vuelogin is based on the MIT client XDM, authored by Keith Packard. Additional modifications were developed by Hewlett Packard.
ORIGIN
Hewlett-Packard Company.
SEE ALSO
connect(2), login(1), getty(1M), sh(1), stty(1), tset(1), X(1), xinit(1M), xrdb(1), and XDMCP.
— HP VUE 3.0 (6/92)