xdm(1M) xdm(1M)
NAME
xdm - X Display Manager
SYNOPSIS
xdm [-config config_file] [-nodaemon] [-debug debug_level]
[-error error_log_file] [-resources resource_file]
[-server server_entry]
DESCRIPTION
xdm manages a set of X displays, on local host or remote
servers, and provides services similar to init, getty and
login services on character terminals, that is, prompting for
login name and password, authenticating the user, and running
a session. After a session is terminated, xdm resets the X
server and restarts the process.
xdm is an arbitrary session manager. In a windowing
environment, a user's login shell process does not necessarily
connect to a terminal-like interface. When a terminal session
manager does not exist, a window manager or terminal emulator
is treated as the ``session manager,'' and xdm terminates the
session when that process terminates.
The options are:
-config config_file
config_file specifies resources to control the behavior
of xdm; the default is /usr/X/lib/xdm/xdm-config
-nodaemon
suppress normal behavior; that is, do not close all file
descriptors, disassociate from the controlling terminal,
or start up in the background. The
DisplayManager.daemonMode resource is false.
-debug debug_level
print debugging statements to the terminal if
debug_level is non-zero. This option also disables the
DisplayManager.daemonMode resource, forces xdm to run
synchronously, and sets the value of the
DisplayManager.debugLevel resource.
-error error_log_file
write xdm errors and stderr output of scripts and
programs run during the progress of the session to
error_log_file. This option also sets the value of the
Copyright 1994 Novell, Inc. Page 1
xdm(1M) xdm(1M)
DisplayManager.errorLogFile resource.
-server server_entry
specify a display to manage constantly and set the value
of the DisplayManager.servers resource
-xrm resource_specification
specify an arbitrary resource
Resources
xdm behavior can be specified in a configuration file in the X
resource format. Resources which apply to a specific display
have the display name in the resource name between
DisplayManager and the final resource name segment. All other
resources apply to all displays.
Colons (:) are used by the resource manager to separate the
name of the resource from its value and dots (.) to separate
resource name parts, so xdm replaces both dots and colons with
underscores (_) when generating the resource name.
DisplayManager.DISPLAY.authComplain
If set to false, disables the use of the
unsecureGreeting in the login window. See the
Authentication Widget subsection. The default is true.
DisplayManager.authDir
This names a directory in which xdm stores authorization
files while initializing the session. The default value
is /usr/X/lib/xdm.
DisplayManager.DISPLAY.authFile
This file is used to communicate the authorization data
from xdm to the server, using the -auth server command
line option. It should be kept in a directory which is
not world-writable as it could easily be removed,
disabling the authorization mechanism in the server.
DisplayManager.DISPLAY.authorize
DisplayManager.DISPLAY.authName
authorize is a boolean resource which controls whether
xdm generates and uses authorization for the local
server connections. If authorization is used, authName
is a whitespace-separated list of authorization
mechanisms to use. When authorize is set for a display
Copyright 1994 Novell, Inc. Page 2
xdm(1M) xdm(1M)
and authorization is not available, the user is informed
by having a different message displayed in the login
widget. By default, authorize is true; authName is
MIT-MAGIC-COOKIE-1.
DisplayManager.autoRescan
This boolean controls whether xdm rescans the
configuration, servers, access control and
authentication keys files after a session terminates and
the files have changed. By default it is true. You can
force xdm to reread these files by sending a SIGHUP to
the main process.
DisplayManager.daemonMode
Normally, xdm attempts to make itself into a daemon
process unassociated with any terminal. This is
accomplished by forking and leaving the parent process
to exit, then closing file descriptors and releasing the
controlling terminal. In some environments this is not
desired (particularly when debugging). Setting this
resource to false will disable this feature.
DisplayManager.debugLevel
If the integer value of this resource is greater than
zero, reams of debugging information will be printed.
It also disables daemon mode, which would redirect the
information into the bit-bucket, and allows non-root
users to run xdm, which would normally not be useful.
DisplayManager.errorLogFile
Error output is normally directed at the system console.
To redirect it, set this resource to a file name. A
method to send these messages to syslog should be
developed for systems which support it; however, the
wide variety of interfaces precludes any system-
independent implementation. This file also contains any
output directed to stderr by the Xsetup, Xstartup, and
Xreset files, so it will contain descriptions of
problems in those scripts as well.
DisplayManager.exportList
A whitespace-separated list of additional environment
variables to pass on to the Xsetup, Xstartup, and Xreset
programs.
Copyright 1994 Novell, Inc. Page 3
xdm(1M) xdm(1M)
DisplayManager.DISPLAY.failsafeClient
If the default session fails to execute, xdm will fall
back to this program. This program is executed with no
arguments, but executes using the same environment
variables as the session would have had (see the Session
Program subsection). By default, /usr/X/bin/nondesktop
is used.
DisplayManager.DISPLAY.grabServer
DisplayManager.DISPLAY.grabTimeout
To improve security, xdm grabs the server and keyboard
while reading the login name and password. The
grabServer resource specifies if the server should be
held for the duration of the name/password reading.
When false, the server is ungrabbed after the keyboard
grab succeeds, otherwise the server is grabbed until
just before the session begins. The default is false.
The grabTimeout resource specifies the maximum time xdm
will wait for the grab to succeed. The grab may fail if
some other client has the server grabbed, or possibly if
the network latencies are very high. This resource has
a default value of 3 seconds; you should be cautious
when raising it, as a user can be spoofed by a look-
alike window on the display. If the grab fails, xdm
kills and restarts the server (if possible) and the
session.
DisplayManager.lockPidFile
This is the resource which controls whether xdm uses
file locking to keep multiple display managers from
running amok.
DisplayManager.DISPLAY.openDelay
DisplayManager.DISPLAY.openRepeat
DisplayManager.DISPLAY.openTimeout
DisplayManager.DISPLAY.startAttempts
These numeric resources control the behavior of xdm when
attempting to open intransigent servers. openDelay is
the length of the pause (in seconds) between successive
attempts, openRepeat is the number of attempts to make,
openTimeout is the amount of time to wait while actually
attempting the open and startAttempts is the number of
Copyright 1994 Novell, Inc. Page 4
xdm(1M) xdm(1M)
times this entire process is done before giving up on
the server. After openRepeat attempts have been made,
or if openTimeout seconds elapse in any particular
attempt, xdm terminates and restarts the server,
attempting to connect again. This process is repeated
startAttempts times, at which point the display is
declared dead and disabled. Although this behavior may
seem arbitrary, it has been empirically developed and
works quite well on most systems. The default values
are 5 for openDelay, 5 for openRepeat, 30 for
openTimeout and 4 for startAttempts.
DisplayManager.pidFile
The filename specified will be created to contain an
ASCII representation of the process-id of the main xdm
process. xdm also uses file locking on this file to
attempt to eliminate multiple daemons running on the
same machine, which would cause quite a bit of havoc.
DisplayManager.DISPLAY.pingInterval
DisplayManager.DISPLAY.pingTimeout
To discover when remote displays disappear, xdm
occasionally pings them, using an X connection and XSync
calls. pingInterval specifies the time (in minutes)
between each ping attempt, pingTimeout specifies the
maximum amount of time (in minutes) to wait for the
terminal to respond to the request. If the terminal
does not respond, the session is declared dead and
terminated. By default, both are set to 5 minutes. If
you frequently use X terminals which can become isolated
from the managing host, you may wish to increase this
value. The only worry is that sessions will continue to
exist after the terminal has been accidentally disabled.
xdm will not ping local displays. Although it would
seem harmless, it is unpleasant when the workstation
session is terminated as a result of the server hanging
for NFS service and not responding to the ping.
DisplayManager.randomFile
A file to checksum to generate the seed of authorization
keys. This should be a file that changes frequently.
The default is /dev/mem.
Copyright 1994 Novell, Inc. Page 5
xdm(1M) xdm(1M)
DisplayManager.DISPLAY.reset
This specifies a program which is run (as root) after
the session terminates. Again, by default no program is
run. The conventional name is Xreset. See the Reset
Program subsection.
DisplayManager.DISPLAY.resetForAuth
The original implementation of authorization in the
sample server reread the authorization file at server
reset time, instead of when checking the initial
connection. As xdm generates the authorization
information just before connecting to the display, an
old server would not get up-to-date authorization
information. This resource causes xdm to send SIGHUP to
the server after setting up the file, causing an
additional server reset to occur, during which time the
new authorization information will be read. The default
is false.
DisplayManager.DISPLAY.resetSignal
The number of the signal xdm sends to reset the server.
See the Controlling the Server subsection. The default
is 1 (SIGHUP).
DisplayManager.servers
This resource either specifies a file name full of
server entries, one per line (if the value starts with a
slash), or a single server entry. See the Server
Specification subsection for the details.
DisplayManager.DISPLAY.setup
This specifies a program which is run (as root) before
offering the Login window. This may be used to change
the appearance of the screen around the Login window or
to put up other windows (for example, you may want to
run xconsole here). The conventional name for a file
used here is Xsetup. See the Setup Program subsection.
DisplayManager.DISPLAY.startup
This specifies a program which is run (as root) after
the authentication process succeeds. By default, no
program is run. The conventional name for a file used
here is Xstartup. See the Startup Program subsection.
Copyright 1994 Novell, Inc. Page 6
xdm(1M) xdm(1M)
DisplayManager.DISPLAY.systemPath
Xdm sets the PATH environment variable for the startup
and reset scripts to the value of this resource. The
default for this resource is specified at build time by
the DefaultSystemPath entry in the system configuration
file; /sbin:/usr/sbin:/usr/bin:/etc:/usr/X/bin is the
default setting. Note the absence of ``.'' from this
entry. This is a good practice to follow for root; it
avoids many common Trojan Horse system penetration
schemes.
DisplayManager.DISPLAY.systemShell
xdm sets the SHELL environment variable for the startup
and reset scripts to the value of this resource. It is
/bin/sh by default.
DisplayManager.DISPLAY.termSignal
The number of the signal xdm sends to terminate the
server. See the Controlling the Server subsection. The
default is 15 (SIGTERM).
DisplayManager.DISPLAY.terminateServer
This boolean resource specifies whether the X server
should be terminated when a session terminates (instead
of resetting it). This option can be used when the
server tends to grow without bound over time, in order
to limit the amount of time the server is run. The
default value is false.
DisplayManager.thrashThreshold
This is the maximum time xdm will attempt to restart a
failed server. xdm will attempt to restart the server
DisplayManager.trashThreshold times during this
interval, and if it does not succeed, will completely
shut down, dumping an error message to /tmp/xdm-errors.
The default is 60 seconds.
DisplayManager.trashThreshold
This is the number of attempts xdm will attempt to
restart a failed server during the threshold time (see
DisplayManager.Threshold) before giving up. The default
is 5 tries.
DisplayManager.DISPLAY.userAuthDir
When xdm is unable to write to the usual user
authorization file ($HOME/.Xauthority), it creates a
Copyright 1994 Novell, Inc. Page 7
xdm(1M) xdm(1M)
unique file name in this directory and points the
environment variable XAUTHORITY at the created file. It
uses /tmp by default.
DisplayManager.DISPLAY.userPath
xdm sets the PATH environment variable for the session
to this value. It should be a colon separated list of
directories [see sh(1) for a full description].
:/usr/bin:/usr/X/bin is the default setting. The
default value can be specified at build time in the X
system configuration file with DefaultUserPath.
USAGE
First, the xdm configuration file should be set up. Make a
directory (usually /usr/X/lib/xdm) to contain all of the
relevant files. Here is a reasonable configuration file,
which could be named xdm-config:
DisplayManager.servers: /usr/X/lib/xdm/Xservers
DisplayManager.errorLogFile: /tmp/xdm-errors
DisplayManager*startup: /usr/X/lib/xdm/Xstartup
DisplayManager.pidFile: /dev/X/xdm-pid
DisplayManager._0.authorize: true
DisplayManager*authorize: false
Note that this file simply contains references to other files.
Note also that some of the resources are specified with ``*''
separating the components. These resources can be made unique
for each different display, by replacing the ``*'' with the
display-name, but normally this is not very useful. See the
Resources subsection for a complete discussion.
The first file, /usr/X/lib/xdm/Xservers, contains the list of
displays to manage. Most workstations have only one display,
numbered 0, so the file will look something like this:
:0 Local local /usr/X/bin/X :0
This will keep /usr/X/bin/X running on this display and manage
a continuous cycle of sessions.
The file /tmp/xdm-errors will contain error messages from xdm
and anything output to stderr by Xsetup, Xstartup, or Xreset.
When you have trouble getting xdm working, check this file to
see if xdm has any clues to the trouble.
Copyright 1994 Novell, Inc. Page 8
xdm(1M) xdm(1M)
The Xstartup file shown here simply prevents login while the
file /etc/nologin exists. As there is no provision for
displaying any messages here (there isn't any core X client
which displays files), the user will probably be baffled by
this behavior. Thus this is not a complete example, but
simply a demonstration of the available functionality.
Here is a sample Xstartup script:
#!/bin/sh
#
# Xstartup
#
# This program is run as root after the user is verified
#
if [-f /etc/nologin]; then
exit 1
fi
exit 0
Normally, xdm will execute /usr/bin/shserv which executes the
file $HOME/.olsetup to start the UnixWare desktop after login.
The post-login behavior of xdm can be customized by adding the
line DisplayManager.session: /usr/X/lib/xdm/Xsession to the
/usr/X/lib/xdm/xdm-config file. The sample Xsession file shown
below is located in the directory /usr/X/lib/xdm . When
Xsession is used, the user is expected to provide the desired
run time clients in an executable file called $HOME/.xsession
if a $HOME/.xsession file is not found the Xsession script
will execute /usr/bin/shserv.
#!/bin/sh # # Xsession # # This is the program that is
run as the client # for the display manager. This
example is # quite friendly as it attempts to run a
per-user # .xsession file instead of forcing a
particular # session layout #
errfile=$HOME/.xsession-errors
if [ -f $errfile ]; then /bin/rm $errfile fi
exec > $errfile 2>&1
XGUI=MOTIF export XGUI CONSEM=no export CONSEM XWINHOME=/usr/X
export XWINHOME LD_LIBRARY_PATH=$LD_LIBARY_PATH:$XWINHOME/lib
export LD_LIBRARY_PATH
Copyright 1994 Novell, Inc. Page 9
xdm(1M) xdm(1M)
startup=$HOME/.xsession resources=$HOME/.Xdefaults
olsetup=$HOME/.olsetup
if [ -f $startup ]; then
exec $startup elif [ -f $olsetup ]; then
exec /usr/bin/shserv else
if [ -f $resources ]; then
xrdb -load $resources fi
$XWINHOME/bin/nondesktop -motif ; exit $? fi
Server Specification
The resource DisplayManager.servers gives a server
specification or, if the values starts with a slash (/), the
name of a file containing server specifications, one per line.
Each specification indicates a display which should constantly
be managed. Each consists of at least three parts: a display
name, a display class, a display type, and (for local servers)
a command line to start the server. A typical entry for local
display number 0 would be:
:0 local /usr/X/bin/X -xnetaccess on
The display types are:
local 8
local display: xdm must run the server
foreign
remote display: xdm opens an X connection to a
running server
The display name must be something that can be passed in the
-display option to an X program. This string is used to
generate the display-specific resource names, so be careful to
match the names (for example use :0 local /usr/X/bin/X :0
instead of localhost:0 local /usr/X/bin/X :0 if your other
resources are specified as DisplayManager._0.startup). The
display class portion is also used in the display-specific
resources, as the class of the resource. This is useful if
you have a large collection of similar displays (like a corral
of X terminals) and would like to set resources for groups of
them. You can run xdm in debug mode and look at the resource
strings it generates for that device, which will include the
class string.
Copyright 1994 Novell, Inc. Page 10
xdm(1M) xdm(1M)
Setup Program
The Xsetup file is run after the server is reset, but before
the Login window is offered. The file is typically a shell
script. It is run as root, so users should be careful about
security. This is the place to change the root background or
bring up other windows that should appear on the screen along
with the Login widget.
In addition to any specified by DisplayManager.exportList, the
following environment variables are passed:
DISPLAY 14
the associated display name
PATH the value of DisplayManager.DISPLAY.systemPath
SHELL the value of DisplayManager.DISPLAY.systemShell
XAUTHORITY
may be set to an authority file
Note that since xdm grabs the keyboard, any other windows will
not be able to receive keyboard input. They will be able to
interact with the mouse, however; beware of potential security
holes here. If DisplayManager.DISPLAY.grabServer is set,
Xsetup will not be able to connect to the display at all.
Resources for this program can be put into the file named by
DisplayManager.DISPLAY.resources.
Authentication Widget
The authentication widget reads a name/password pair from the
keyboard. Some of the other actions taken by the widget are:
check for account expiration and inactivity
check for password expiration and prompt for a new
password and make sure that password passes the
rules specified by passwd
check for a valid shell program to execute
check for the existence of the user's home
directory
Copyright 1994 Novell, Inc. Page 11
xdm(1M) xdm(1M)
Resources for this widget are stored in the file
/usr/X/lib/app-defaults/Dtlogin. The default resources are:
dtlogin*background: #aa00aa00aa00
dtlogin*foreground: black
dtlogin*inputFocusColor: #00000000e000
dtlogin*company_logo*string: UNIX System Laboratories
Users who wish to display their company name should change the
dtlogin*company_logo*string line. For example:
dtlogin*company_logo*string: Univel Inc.
Localization of Authentication Widget
The graphical login can be localized on a system basis.
Localization on a per user basis is not available. Several
files need changed to localize the graphical login, they are
dtlogin.h
update the location of message catalog files
/usr/X/lib/app-defaults/Dtlogin
add any pertinent system locale dependent
resources, for example, the following for a
Japanese localization:
#
# Sample Japanese localization settings
#
dtlogin*xnlLanguage: japan
dtlogin*basicLocale: japan
dtlogin*displayLang: japan
dtlogin*fontGroup: mincho
dtlogin*fontGroupDef: mincho=r14/k14/r14
dtlogin*inputLang: japan
/usr/X/lib/app-defaults/Nondesktop
add any pertinent system locale dependent
resources, for example, the following for a
Japanese localization:
#
# Sample Japanese localization settings
#
nondesktop*xnlLanguage: japan
nondesktop*basicLocale: japan
nondesktop*displayLang: japan
nondesktop*fontGroup: mincho
nondesktop*fontGroupDef: mincho=r14/k14/r14
nondesktop*inputLang: japan
Copyright 1994 Novell, Inc. Page 12
xdm(1M) xdm(1M)
/etc/rc2.d/S69xdm
add all pertinent system locale dependent
environment variables
Startup Program
The Xstartup file is typically a shell script. It is run as
root and should be very careful about security. This is the
place to put commands which mount users' home directories from
file servers, display the message of the day, or abort the
session if logins are not allowed.
In addition to any specified by DisplayManager.exportList, the
following environment variables are passed:
DISPLAY the associated display name
HOME the initial working directory of the user
USER the user name
PATH the value of
DisplayManager.DISPLAY.systemPath
SHELL the value of
DisplayManager.DISPLAY.systemShell
XAUTHORITY may be set to an authority file
No arguments are passed to the script. xdm waits until this
script exits before starting the user session. If the exit
value of this script is non-zero, xdm discontinues the session
and starts another authentication cycle.
Reset Program
Symmetrical with Xstartup, the Xreset script is run after the
user session has terminated. Run as root, it should contain
commands that undo the effects of commands in Xstartup,
removing entries from /etc/utmp or unmounting directories from
file servers. The environment variables that were passed to
Xstartup are also passed to Xreset.
Controlling the Server
xdm controls local servers using POSIX signals. SIGHUP is
expected to reset the server, closing all client connections
and performing other cleanup duties. SIGTERM is expected to
terminate the server. If these signals do not perform the
Copyright 1994 Novell, Inc. Page 13
xdm(1M) xdm(1M)
expected actions, the resources
DisplayManager.DISPLAY.resetSignal and
DisplayManager.DISPLAY.termSignal can specify alternate
signals.
To control remote terminals, xdm searches the window hierarchy
on the display and uses the protocol request KillClient in an
attempt to clean up the terminal for the next session. This
may not actually kill all of the clients, as only those which
have created windows will be noticed.
Controlling xdm
xdm responds to two signals: SIGHUP and SIGTERM. When sent a
SIGHUP, xdm rereads the configuration file, the access control
file, and the servers file. For the servers file, it notices
if entries have been added or removed. If a new entry has
been added, xdm starts a session on the associated display.
Entries which have been removed are disabled immediately,
meaning that any session in progress will be terminated
without notice and no new session will be started.
When sent a SIGTERM, xdm terminates all sessions in progress
and exits. This can be used when shutting down the system.
xdm attempts to mark its various sub-processes for ps(1) by
editing the command line argument list in place. Because xdm
can't allocate additional space for this task, it is useful to
start xdm with a reasonably long command line (using the full
path name should be enough). Each process which is servicing
a display is marked -display.
Other Possibilities
You can use xdm to run a single session at a time, using the
4.3 init options or other suitable daemon by specifying the
server on the command line:
xdm -server ":0 SUN-3/60CG4 local /usr/bin/X :0"
Or, you might have a file server and a collection of X
terminals. The configuration for this is identical to the
sample above, except the Xservers file would look like
extol:0 VISUAL-19 foreign
exalt:0 NCD-19 foreign
explode:0 NCR-TOWERVIEW3000 foreign
Copyright 1994 Novell, Inc. Page 14
xdm(1M) xdm(1M)
This directs xdm to manage sessions on all three of these
terminals. See the Controlling xdm subsection for a
description of using signals to enable and disable these
terminals in a manner reminiscent of init(1M).
NOTICES
One thing that xdm isn't very good at doing is coexisting with
other window systems. To use multiple window systems on the
same hardware, you'll probably be more interested in xinit.
Portions of this page are derived from material which is
copyright 1988 Massachusetts Institute of Technology.
FILES
$(HOME)/.Xauthority user authorization file
/usr/X/lib/xdm/Xaccess
access file (lists authorized displays)
/usr/X/lib/xdm/xdm-config
configuration file
/usr/X/bin/xrdb resource database loader
/usr/X/lib/xdm/Xservers
server file (lists servers to manage)
/usr/X/bin/nondesktop
failsafe client
/usr/X/bin/X server
/dev/X/Ahost-suffix authorization files location
REFERENCES
ps(1), sh(1), X(1)
Copyright 1994 Novell, Inc. Page 15