diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-01-22 01:02:36 -0600 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-01-22 01:02:36 -0600 |
commit | b81e43465b14836b17e4fe2dea91c78a2bdd29b3 (patch) | |
tree | 7815d61ce59a6ccb6e655ed44f5fea786f520985 /doc/tdm | |
parent | 7021f40c13f949b7cb5ded32d0241d648a43bf6c (diff) | |
download | tdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.tar.gz tdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.zip |
Part 2 of prior commit
Diffstat (limited to 'doc/tdm')
-rw-r--r-- | doc/tdm/CMakeLists.txt | 12 | ||||
-rw-r--r-- | doc/tdm/Makefile.am | 6 | ||||
-rw-r--r-- | doc/tdm/index.docbook | 1472 | ||||
-rw-r--r-- | doc/tdm/tdmrc-ref.docbook | 2316 |
4 files changed, 3806 insertions, 0 deletions
diff --git a/doc/tdm/CMakeLists.txt b/doc/tdm/CMakeLists.txt new file mode 100644 index 000000000..9a29fa8f8 --- /dev/null +++ b/doc/tdm/CMakeLists.txt @@ -0,0 +1,12 @@ +################################################# +# +# (C) 2010-2011 Serghei Amelian +# serghei (DOT) amelian (AT) gmail.com +# +# Improvements and feedback are welcome +# +# This file is released under GPL >= 2 +# +################################################# + +tde_create_handbook( DESTINATION tdm ) diff --git a/doc/tdm/Makefile.am b/doc/tdm/Makefile.am new file mode 100644 index 000000000..3db537e3f --- /dev/null +++ b/doc/tdm/Makefile.am @@ -0,0 +1,6 @@ +conf_def = $(top_srcdir)/tdm/config.def +ref: $(conf_def) $(top_srcdir)/tdm/confproc.pl + $(PERL) -w $(top_srcdir)/tdm/confproc.pl --doc $(conf_def) tdmrc-ref.docbook + +KDE_LANG = en +KDE_DOCS = AUTO diff --git a/doc/tdm/index.docbook b/doc/tdm/index.docbook new file mode 100644 index 000000000..dde535328 --- /dev/null +++ b/doc/tdm/index.docbook @@ -0,0 +1,1472 @@ +<?xml version="1.0" ?> +<!DOCTYPE book PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN" +"dtd/kdex.dtd" [ + <!ENTITY kappname "&tdm;"> + <!ENTITY package "tdebase"> + <!ENTITY tdmrc "<filename>tdmrc</filename>"> + <!ENTITY ksmserver "<application>ksmserver</application>"> + <!ENTITY kdesktop "<application>kdesktop</application>"> + <!ENTITY XDMCP "<acronym>XDMCP</acronym>"> + <!ENTITY xdm "<application>xdm</application>"> + <!ENTITY tdmrc-ref SYSTEM "tdmrc-ref.docbook"> + <!ENTITY % addindex "INCLUDE"> + <!ENTITY % English "INCLUDE" > <!-- change language only here --> +]> + +<book lang="&language;"> +<bookinfo> +<title>The &tdm; Handbook</title> + +<authorgroup> +<author> +&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail; +</author><!-- +<othercredit role="developer"> +&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail; +<contrib>Developer</contrib> +</othercredit> +<othercredit role="reviewer"> +&Lauri.Watts; &Lauri.Watts.mail; +<contrib>Reviewer</contrib> +</othercredit> --> + +<!-- TRANS:ROLES_OF_TRANSLATORS --> + +</authorgroup> + +<copyright> +<year>2000</year> +<holder>&Neal.Crook;</holder> +</copyright> + +<copyright> +<year>2002</year> +<holder>&Oswald.Buddenhagen;</holder> +</copyright> + +<copyright> +<year>2003</year> +<holder>&Lauri.Watts;</holder> +</copyright> + +<date>2003-03-01</date> +<releaseinfo>0.05.02</releaseinfo> + +<abstract> +<para>This document describes &tdm; the &kde; Display Manager. &tdm; +is also known as the <quote>Login Manager</quote>.</para> +</abstract> + +<keywordset> +<keyword>KDE</keyword> +<keyword>tdm</keyword> +<keyword>xdm</keyword> +<keyword>display manager</keyword> +<keyword>login manager</keyword> +</keywordset> +</bookinfo> + +<!-- ********************************************************************** --> +<chapter id="introduction"> +<title>Introduction</title> + +<para>&tdm; provides a graphical interface that allows you to log in to a +system. It prompts for login (username) and password, authenticates the user +and starts a <quote>session</quote>. &tdm; is superior to &xdm;, the X +Display Manager, in a number of ways.</para> + +</chapter> + +<!-- Chapters to write --> +<!-- * Just enough config to get it to run and login to KDE + * Adding more session types (GNOME, etc) + * Adding other customizations to XSession (ssh/gpg-agent, etc) + * Further customization to TDM (via the kcontrol module, and by + hand) + * XDMCP by query + * XDMCP by broadcast + * Sound transparency (if Ade can tell me how!) + * Document all Keys in the Config File + * Pull in all options from the KControl Module + * More resources +--> + +<chapter id="quickstart"> +<title>Quick Start Guide</title> + +<para>This is a quick start guide for users who fit the following +pattern:</para> + +<itemizedlist> +<listitem> +<para>X is configured and works with the command +<command>startx</command> from the commandline.</para> +</listitem> +<listitem> +<para>Each user will generally only use a single window manager or +desktop environment, and does not change this choice very +often, or is comfortable editing a single text file in order to change +their choice.</para> +</listitem> +</itemizedlist> + +<para>This scenario will be sufficient for many environments where a single +user or several users normally boot the computer and log into their +preferred environment.</para> + +<procedure> +<title>Setting up a Default Session</title> +<step> +<para>Create or open the file <filename>~/.xinitrc</filename></para> +<para>If you already have a working <filename>~/.xinitrc</filename>, go to +the next step</para> +</step> +<step> +<para>If one does not already exist, add a line to the +<filename>~/.xinitrc</filename> to start your preferred window manager +or desktop environment.</para> +<para>For &kde; you should enter:</para> +<screen><userinput>starttde</userinput></screen> +<para>For other window managers or desktop environments, you should +look in their documentation for the correct command.</para> +</step> +<step><para>Make a link as follows:</para> +<screen><userinput><command>ln</command> <option>-s</option> <parameter>~/.xinitrc ~/.xsession</parameter></userinput></screen> +</step> +</procedure> + +<para>At this point, typing <userinput><command>startx</command></userinput> +on the commandline should start X, with a &kde; session. The next task is +to try &tdm;.</para> + +<para>As <systemitem class="username">root</systemitem>, type +<userinput><command>tdm</command></userinput> at the prompt.</para> + +<para>You should see a login window, which is described more fully in <xref +linkend="login" />.</para> + +<para>Typing your normal username and password in the fields provided, and +leaving <option>default</option> selected as the session type should now +open a &kde; session for your user.</para> + +<para>If you have other users to configure, you should repeat the procedure +above for each of them.</para> + +<note> +<para>This is a quick guide to getting up and running only. You probably +will want to customize &tdm; further, for example, to hide the names of the +system accounts, to allow further sessions, and much more. Please read +through the rest of this manual to find out how to do these things.</para> +</note> + +</chapter> + +<chapter id="login"> +<title>The Login Window</title> + +<para> The user interface to &tdm; consists of two dialog boxes. The main +dialog box has these controls:</para> + +<itemizedlist> +<listitem> +<para>A <guilabel>Username:</guilabel> field for you to enter your +username.</para> +</listitem> + +<listitem> +<para>A <guilabel>Password:</guilabel> field for you to enter your +password.</para> +</listitem> + +<listitem> +<para>(Optionally) a graphical image of each user (for example, a digitized +photograph). Clicking on an image is equivalent to typing the associated +username into the <guilabel>Username:</guilabel> field. (This feature is an +imitation of the login box on &IRIX;).</para> +</listitem> + +<listitem> +<para>A <guilabel>Menu</guilabel> drop down box that allows &tdm; to be used +to start sessions with various different window managers or desktop +environments installed on the system.</para> +</listitem> + +<listitem> +<para>(Optionally) a region to the right of the +<guilabel>Username:</guilabel>, <guilabel>Password:</guilabel> and +<guilabel>Session Type:</guilabel> fields which can be used to display +either a static image or an analog clock.</para> +</listitem> + +<listitem> +<para>A <guibutton>Login</guibutton> button that validates the +username/password combination and attempts to start a session of the +selected type.</para> +</listitem> + +<listitem> +<para>A <guibutton>Clear</guibutton> button that clears the text from +the <guilabel>Login</guilabel> and <guilabel>Pass</guilabel> +fields.</para> +</listitem> + +<listitem> +<para>A <guibutton>Menu</guibutton> button that opens an action menu +with the following items:</para> + +<itemizedlist> +<listitem> +<para>(On local displays) A <guimenuitem>Restart X Server</guimenuitem> item +that terminates the currently running &X-Server;, starts a new one and +displays the login dialog again. You can use this if the display content +seems to be broken somehow.</para> +</listitem> + +<listitem> +<para>(On remote displays) A <guimenuitem>Close Connection</guimenuitem> +item that closes the connection to the &XDMCP; server you are currently +connected to. If you got to this server through a host chooser, this will +bring you back to the chooser, otherwise it will only reset the &X-Server; +and bring up the login dialog again.</para> +</listitem> + +<listitem> +<para>(Optionally on local displays) A <guimenuitem>Console +Mode</guimenuitem> item that terminates the currently running &X-Server; and +leaves you alone with a console login. &tdm; will resume the graphical login +if nobody is logged in at the console for some time.</para> +</listitem> +</itemizedlist> +</listitem> + +<listitem> +<para>(Optionally) A <guibutton>Shutdown</guibutton> button that displays +the <guilabel>Shutdown</guilabel> dialog box.</para> +</listitem> +</itemizedlist> + +<para>The <guilabel>Shutdown</guilabel> dialog box presents a set of +radio buttons that allow one of these options to be selected:</para> + +<variablelist> +<varlistentry> +<term>Shutdown</term> +<listitem> +<para>Shut the system down in a controlled manner, ready for +power-down.</para> +</listitem> +</varlistentry> +<varlistentry> +<term>Restart</term> +<listitem> +<para>Shut the system down and reboot. For systems that use +<application>Lilo</application>, an optional drop down box allows you to +select a particular operating-system kernel to be used for the +reboot.</para> +</listitem> +</varlistentry> +<varlistentry> +<term>Restart X Server</term> +<listitem> +<para>Stop and then restart the X-server. Typically, you might need to use +this option if you have changed your X11 configuration in some way.</para> +</listitem> +</varlistentry> +<varlistentry> +<term>Console Mode</term> +<listitem> +<para>Stop the &X-Server; and return the system to console mode. This is +achieved by bringing the system down to runlevel 3. Typically, the system +manager might need to use this option before upgrading or re-configuring X11 +software.</para> +</listitem> +</varlistentry> +</variablelist> + +<para>Pressing the <guibutton>OK</guibutton> button initiates the selected +action; pressing the <guibutton>Cancel</guibutton> button returns to the +main &tdm; dialog box. </para> + +</chapter> + +<!-- *********************************************************************** --> +<chapter id="configuring-tdm"> +<title>Configuring &tdm;</title> + +<para>This chapter assumes that &tdm; is already up and running on your +system, and that you simply want to change its behavior in some way.</para> + +<para>When &tdm; starts up, it reads its configuration from the folder +<filename class="directory">$TDEDIR/share/config/tdm/</filename> (this may +be <filename class="directory">/etc/trinity/tdm/</filename> or something else +on your system).</para> + +<para>The main configuration file is &tdmrc;; all other files are +referenced from there and could be stored under any name anywhere on +the system - but usually that would not make much sense for obvious +reasons (one particular exception is referencing configuration files +of an already installed &xdm; - however when a new &tdm; is installed, +it will import settings from those files if it finds an already installed +&xdm;).</para> + +<para>Since &tdm; must run before any user is logged in, it is not +associated with any particular user. Therefore, it is not possible to have +user-specific configuration files; all users share the common &tdmrc;. It +follows from this that the configuration of &tdm; can only be altered by +those users that have write access to +<filename>$<envar>TDEDIR</envar>/share/config/tdm/tdmrc</filename> (normally +restricted to system administrators logged in as <systemitem +class="username">root</systemitem>).</para> + +<para>You can view the &tdmrc; file currently in use on your system, and you +can configure &tdm; by editing this file. Alternatively, you can use the +graphical configuration tool provided by the &kcontrolcenter; (under +<menuchoice><guisubmenu>System Administration</guisubmenu><guimenuitem>Login +Manager</guimenuitem></menuchoice>), which is described in <ulink +url="help:/kcontrol/login-manager.html">the &kcontrolcenter; help files</ulink>. +</para> + +<para>The remainder of this chapter describes configuration of &tdm; +via the &kcontrolcenter; module, and the <link linkend="tdm-files">next +chapter</link> describes the options available in &tdmrc; itself. If +you only need to configure for local users, the &kcontrolcenter; module +should be sufficient for your needs. If you need to configure remote +logins, or have multiple &tdm; sessions running, you will need to read +on.</para> + +<sect1 id="tdm-kcontrol-module"> +<sect1info> +<authorgroup> +<author>&Thomas.Tanghus; &Thomas.Tanghus.mail;</author> +<author>&Steffen.Hansen; &Steffen.Hansen.mail;</author> +<author>&Mike.McBride; &Mike.McBride.mail;</author> +</authorgroup> +</sect1info> + +<title>The Login Manager &kcontrolcenter; Module</title> + +<para>Using this module, you can configure the &kde; graphical login +manager, &tdm;. You can change how the login screen looks, who has +access using the login manager and who can shutdown the +computer.</para> + +<note><para>All settings will be written to the configuration file +&tdmrc;, which in its original state has many comments to help you +configure &tdm;. Using this &kcontrolcenter; module will strip these +comments from the file. All available options in &tdmrc; are covered +in <xref linkend="tdm-files"/>.</para> + +<para>The options listed in this chapter are cross referenced with +their equivalents in &tdmrc;. All options available in the &kcontrol; +module are also available directly in &tdmrc; but the reverse is not +true.</para></note> + +<para>In order to organize all of these options, this module is +divided into several sections: <link +linkend="tdmconfig-appearance"><guilabel>Appearance</guilabel></link>, +<link linkend="tdmconfig-font"><guilabel>Font</guilabel></link>, <link +linkend="tdmconfig-background"><guilabel>Background</guilabel></link>, +<link +linkend="tdmconfig-shutdown"><guilabel>Shutdown</guilabel></link>, +<link linkend="tdmconfig-users"><guilabel>Users</guilabel></link> and +<link +linkend="tdmconfig-convenience"><guilabel>Convenience</guilabel></link>.</para> + +<para>You can switch between the sections using the tabs at the top of +the window.</para> + +<note><para>If you are not currently logged in as a superuser, you +will need to click the <guibutton>Administrator Mode...</guibutton> +Button. You will then be asked for a superuser password. Entering a +correct password will allow you to modify the settings of this +module.</para></note> + +<sect2 id="tdmconfig-appearance"> +<title>Appearance</title> + +<para>From this page you can change the visual appearance of &tdm;, +&kde;'s graphical login manager.</para> + +<para>The <guilabel>Greeting:</guilabel> is the title of the login + screen. Setting this is especially useful if you have many servers users + may log in to. You may use various placeholders, which are described + along with the corresponding key + <link linkend="option-greetstring"><option>GreetString</option></link> + in &tdmrc;. +</para> + +<para>You can then choose to show either the current system time, a logo or +nothing special in the login box. Make your choice in the radio buttons +labeled <guilabel>Logo area:</guilabel>. This corresponds to <link +linkend="option-logoarea"><option>LogoArea</option></link> in &tdmrc;</para> + +<para>If you chose <guilabel>Show logo</guilabel> you can now choose a +logo:</para> + +<itemizedlist> +<listitem> +<para>Drop an image file on the image button.</para> +</listitem> +<listitem> +<para>Click on the image button and select a new image from the image chooser +dialog.</para> +</listitem> +</itemizedlist> + +<para>If you do not specify a logo the default +<filename>$<envar>TDEDIR</envar>/share/apps/tdm/pics/kdelogo.xpm</filename> +will be displayed.</para> + +<para>Normally the login box is centered on the screen. Use the +<guilabel>Position:</guilabel> options if you want it to appear +elsewhere on the screen. You can specify the relative position +(percentage of the screen size) for the center of the login window, +relative to the top left of the display, in the fields labeled +<guilabel>X:</guilabel> and <guilabel>Y:</guilabel> respectively. +These correspond to the key +<link linkend="option-greeterpos"><option>GreeterPos</option></link> +in &tdmrc;.</para> + +<para>While &kde;'s style depends on the settings of the user logged +in, the style used by &tdm; can be configured using the <guilabel>GUI +Style:</guilabel> and <guilabel>Color Scheme:</guilabel> options. +These correspond to the keys <link +linkend="option-guistyle"><option>GUIStyle</option></link> and <link +linkend="option-colorscheme"><option>ColorScheme</option></link> in +&tdmrc; respectively.</para> + +<para>Below that, you have a drop down box to choose the language for +your login box, corresponding to setting <option>Language</option> in +&tdmrc;.</para> + +</sect2> + +<sect2 id="tdmconfig-font"> +<title>Font</title> + +<para>From this section of the module you can change the fonts used in the +login window. Only fonts available to all users are available here, not +fonts you have installed on a per user basis.</para> + +<para>You can select three different font styles from the drop down box +(<guilabel>General:</guilabel>, <guilabel>Failures:</guilabel>, +<guilabel>Greeting:</guilabel>). When you click on the +<guibutton>Choose...</guibutton> button a dialog appears from which you can +select the new characteristics for the font style.</para> + +<itemizedlist> +<listitem> +<para>The <guilabel>General:</guilabel> font is used in all other places in the +login window.</para> +</listitem> +<listitem> +<para>The <guilabel>Failures:</guilabel> font is used when a login +fails.</para> +</listitem> +<listitem> +<para>The <guilabel>Greeting:</guilabel> font is the font used for the title +(Greeting String).</para> +</listitem> +</itemizedlist> + +<para>You can also check the box labeled <guilabel>Use anti-aliasing for +fonts</guilabel> if you want smoothed fonts in the login dialog.</para> + +</sect2> + +<sect2 id="tdmconfig-background"> +<title>Background</title> + +<para>Here you can change the desktop background which will be displayed +before a user logs in. You can have a single color or an image as a +background. If you have an image as the background and select center, the +selected background color will be used around the image if it is not +large enough to cover the entire desktop.</para> + +<para>The background colors and effects are controlled by the options on +the tab labeled <guilabel>Background</guilabel> and you select a +background image and its placement from the options on the tab labeled +<guilabel>Wallpaper</guilabel>.</para> + +<para>To change the default background color(s) simply click either of +the color buttons and select a new color.</para> + +<para>The drop down box above the color buttons provides you with several +different blend effects. Choose one from the list, and it will be +previewed on the small monitor at the top of the window. Your choices +are:</para> + +<variablelist> +<varlistentry> +<term>Flat</term> +<listitem><para>By choosing this mode, you select one color (using the color +button labeled <guibutton>Color 1</guibutton>), and the entire background is +covered with this one color.</para></listitem> +</varlistentry> +<varlistentry> +<term>Pattern</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). </para> <para>You then select a pattern by clicking +<guilabel>Setup</guilabel>. This opens a new dialog window, which gives you +the opportunity to select a pattern. Simply click once on the pattern of your +choice, then click on <guilabel>OK</guilabel>, and &kde; will render the pattern +you selected using the two colors you selected. For more on patterns, see the +section <ulink url="help:/kcontrol/background/index.html#bkgnd-patterns">Background: Adding, Removing and Modifying +Patterns</ulink>.</para></listitem> +</varlistentry> +<varlistentry> +<term>Background Program</term> +<listitem><para>By selecting this option, you can have &kde; use an external +program to determine the background. This can be any program of your choosing. +For more information on this option, see the section entitled <ulink +url="help:/kcontrol/background/index.html#bkgnd-programs">Background: Using an external program</ulink>.</para></listitem> +</varlistentry> +<varlistentry> +<term>Horizontal Gradient</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by <guilabel>Color +1</guilabel> on the left edge of the screen, and slowly transform into the +color selected by <guilabel>Color 2</guilabel> by the time it gets to the +right edge of the screen.</para></listitem> +</varlistentry> +<varlistentry> +<term>Vertical Gradient</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by <guilabel>Color +1</guilabel> on the top edge of the screen, and slowly transform into the color +selected by <guilabel>Color 2</guilabel> as it moves to the bottom of the +screen.</para></listitem> +</varlistentry> +<varlistentry> +<term>Pyramid Gradient</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by <guilabel>Color +1</guilabel> in each corner of the screen, and slowly transform into the color +selected by <guilabel>Color 2</guilabel> as it moves to the center of the +screen.</para></listitem> +</varlistentry> +<varlistentry> +<term>Pipecross Gradient</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by <guilabel>Color +1</guilabel> in each corner of the screen, and slowly transform into the color +selected by <guilabel>Color 2</guilabel> as it moves to the center of the +screen. The <quote>shape</quote> of this gradient is different then the pyramid +gradient.</para></listitem> +</varlistentry> +<varlistentry> +<term>Elliptic Gradient</term> +<listitem><para>By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by <guilabel>Color +2</guilabel> in the center of the screen, and slowly transform into the color +selected by <guilabel>Color 1</guilabel> as it moves to the edges, in an +elliptical pattern.</para></listitem> +</varlistentry> +</variablelist> + +<para>The setup button is only needed for if you select <guilabel>Background +program</guilabel> or <guilabel>Patterns</guilabel>. In these instances, +another window will appear to configure the specifics.</para> +<para><emphasis>Wallpaper</emphasis></para> +<para>To select a new background image first, click on the +<guilabel>Wallpapers</guilabel> tab, then you can either select an image from the drop down list labeled <guilabel>Wallpaper</guilabel> or select +<guibutton>Browse...</guibutton> and select an image file from a file +selector.</para> + +<para>The image can be displayed in six different ways:</para> +<variablelist> +<varlistentry> +<term>No wallpaper</term> +<listitem><para>No image is displayed. Just the background colors.</para> +</listitem></varlistentry> +<varlistentry> +<term>Centered</term> +<listitem><para>The image will be centered on the screen. The background colors +will be present anywhere the image does not cover.</para> </listitem> +</varlistentry> +<varlistentry> +<term>Tiled</term> +<listitem><para>The image will be duplicated until it fills the entire +desktop. The first image will be placed in the upper left corner of the screen, +and duplicated downward and to the right.</para> </listitem> +</varlistentry> +<varlistentry> +<term>Center Tiled</term> +<listitem><para>The image will be duplicated until it fills the entire +desktop. The first image will be placed in the center of the screen, and +duplicated upward, downward to the right, and to the left.</para> </listitem> +</varlistentry> +<varlistentry> +<term>Centered Maxpect</term> +<listitem><para>The image will be placed in the center of the screen. It will +be scaled to fit the desktop, but it will not change the aspect ratio of the +original image. This will provide you with an image that is not distorted. +</para> </listitem> +</varlistentry> +<varlistentry> +<term>Scaled</term> +<listitem><para>The image will be scaled to fit the desktop. It will be +stretched to fit all four corners.</para> </listitem> +</varlistentry> +</variablelist> + +</sect2> + +<sect2 id="tdmconfig-shutdown"> +<title><guilabel>Shutdown</guilabel></title> + +<para><guilabel>Allow Shutdown</guilabel></para> +<para>Use this drop down box to choose who is allowed to shut down:</para> +<itemizedlist> +<listitem> +<para><guilabel>Nobody</guilabel>: No one can shutdown the computer using +&tdm;. You must be logged in, and execute a command.</para> +</listitem> +<listitem> +<para><guilabel>Everybody</guilabel>: Everyone can shutdown the computer using +&tdm;.</para> +</listitem> +<listitem><para><guilabel>Only Root</guilabel>: &tdm; requires that the +<systemitem>root</systemitem> password be entered before shutting down the +computer.</para></listitem> +</itemizedlist> + +<para>You can independently configure who is allowed to issue a +shutdown command for the <guilabel>Local:</guilabel> and +<guilabel>Remote:</guilabel> users.</para> + +<para><emphasis>Commands</emphasis></para> <para>Use these text fields to +define the exact shutdown command.</para> <para>The +<guilabel>Halt:</guilabel> command defaults to <!-- Are these defaults still +correct? they disagree with what's in --> <!-- tdmrc --> +<command>/sbin/halt</command>. The <guilabel>Restart:</guilabel> command +defaults to +<command>/sbin/reboot</command>.</para> + +<para>When <guilabel>Show boot options</guilabel> is enabled, &tdm; +will on reboot offer you options for the lilo boot manager. For this +feature to work, you will need to supply the correct paths to your +<command>lilo</command> command and to lilo's map file. Note that this +option is not available on all operating systems.</para> + +</sect2> + +<sect2 id="tdmconfig-users"> +<title>Users</title> + +<para>From here you can change the way users are represented in the +login window.</para> + +<para>You may disable the user list in &tdm; entirely in the +<guilabel>Show Users</guilabel> section. You can choose from:</para> + +<variablelist> +<varlistentry> +<term><guilabel>Show List</guilabel></term> +<listitem> +<para>Only show users you have specifically enabled in the list +alongside</para> +<para>If you do not check this box, no list will be shown. This is the most secure setting, since an +attacker would then have to guess a valid login name as well as a +password. It's also the preferred option if you have more than a +handful of users to list, or the list itself would become +unwieldy.</para> +</listitem> +</varlistentry> +<varlistentry> +<term><guilabel>Inverse selection</guilabel></term> +<listitem> +<para>Allows you to intead select a list of users that should +<emphasis>not</emphasis> be shown, and all other users will be +listed.</para> +</listitem> +</varlistentry> +</variablelist> + +<para>Independently of the users you specify by name, you can use the +<guilabel>System UIDs</guilabel> to specify a range of valid +<acronym>UID</acronym>s that are shown in the list. By default user +id's under 1000, which are often system or daemon users, and user id's +over 65000, are not shown.</para> + +<para>You can also enable the <guilabel>Sort users</guilabel> +checkbox, to have the user list sorted alphabetically. If this is +disabled, users will appear in the order they are listed in the +password file. &tdm; will also autocomplete user names if you enable the +<guilabel>Autocompletion</guilabel> option.</para> + +<para>If you choose to show users, then the login window will show +images (which you select), of a list of users. When someone is ready +to login, they may select their user name/image, enter their password, +and they are granted access.</para> + +<para>If you permit a user image, then you can configure the source +for those images.</para> + +<para>You can configure the admin picture here, for each user on the +system. Depending on the order selected above, users may be able to +override your selection.</para> + +<para>If you choose not to show users, then the login window will be +more traditional. Users will need to type their username and password +to gain entrance. This is the preferred way if you have many users on +this terminal.</para> + +</sect2> + +<sect2 id="tdmconfig-convenience"> +<title>Convenience</title> + +<para>In the <guilabel>convenience</guilabel> tab you can configure +some options that make life easier for lazy people, like automatic +login or disabling passwords.</para> + +<important><para>Please think more than twice before using these +options. Every option in the <guilabel>Convenience</guilabel> tab is +well-suited to seriously compromise your system security. Practically, +these options are only to be used in a completely non-critical +environment, ⪚ a private computer at home. </para></important> + +<sect3 id="loginmanager-convenience-autologin"> +<title>Automatic Login</title> + +<para>Automatic login will give anyone access to a certain account on +your system without doing any authentication. You can enable it using +the option <guilabel>Enable Auto-login</guilabel>.</para> + +<para>You can choose the account to be used for automatic login from +the list labeled <guilabel>User:</guilabel>.</para> + +</sect3> + +<sect3 id="loginmanager-convenience-nopasswd"> +<title><guilabel>Password-Less Login</guilabel></title> + +<para>Using this feature, you can allow certain users to login without +having to provide their password. Enable this feature using the +<guilabel>Enable Password-less logins</guilabel> option.</para> + +<para>Below this option you'll see a list of users on the system. +Enable password-less login for specific users by checking the checkbox +next to the login names. By default, this feature is disabled for +all users.</para> + +<important><para>Again, this option should only be used in a safe +environment. If you enable it on a rather public system you should +take care that only users with heavy access restrictions are granted +password-less login, ⪚ +<systemitem>guest</systemitem>.</para></important> + +<para>You can also choose which user is <quote>preselected</quote> +when &tdm; starts. The default is <guilabel>None</guilabel>, but you +can choose <guilabel>Previous</guilabel> to have &tdm; default to the +last successfully logged in user, or you can +<guilabel>Specify</guilabel> a particular user to always be selected +from the list. You can also have &tdm; set the focus to the password +field, so that when you reach the &tdm; login screen, you can type the +password immediately.</para> + +<para>The <guilabel>Automatically login after X server crash</guilabel> +option allows you to skip the authentication procedure when your X +server accidentally crashed.</para> + +</sect3> + +</sect2> + +</sect1> + +</chapter> + +&tdmrc-ref; + +<!-- ************************************************************ --> +<chapter id="configuring-your-system-for-tdm"> +<title>Configuring your system to use &tdm;</title> + +<para>This chapter assumes that your system is already configured to +run the &X-Window;, and that you only need to reconfigure it to +allow graphical login.</para> + +<sect1 id="setting-up-tdm"> +<title>Setting up &tdm;</title> + +<para>The fundamental thing that controls whether your computer boots to a +terminal prompt (console mode) or a graphical login prompt is the default +runlevel. The runlevel is set by the program <application> <ulink +url="man:init">/sbin/init</ulink></application> under the control of the +configuration file <filename>/etc/inittab</filename>. The default runlevels +used by different &UNIX; systems (and different &Linux; distributions) vary, +but if you look at <filename>/etc/inittab</filename> the start of it should +be something like this:</para> + +<screen># Default runlevel. The runlevels used by RHS are: +# 0 - halt (Do NOT set initdefault to this) +# 1 - Single user mode +# 2 - Multiuser, without NFS +# 3 - Full multiuser mode +# 4 - unused +# 5 - X11 +# 6 - reboot (Do NOT set initdefault to this) + +id:3:initdefault: +</screen> + +<para>All but the last line of this extract are comments. The comments +show that runlevel 5 is used for X11 and that runlevel 3 is used for +multi-user mode without X11 (console mode). The final line specifies +that the default runlevel of the system is 3 (console mode). If your +system currently uses graphical login (for example, using &xdm;) its +default runlevel will match the runlevel specified for X11.</para> + +<para>The runlevel with graphical login (&xdm;) for some common &Linux; +distributions is:</para> + +<itemizedlist> +<listitem><para>5 for &RedHat; 3.x and later, and for &Mandrake;</para></listitem> +<listitem><para>4 for Slackware</para></listitem> +<listitem><para>3 for &SuSE;. 4.x and 5.x</para></listitem> +</itemizedlist> + +<para>The first step in configuring your system is to ensure that you +can start &tdm; from the command line. Once this is working, you can +change your system configuration so that &tdm; starts automatically +each time you reboot your system.</para> + +<para>To test &tdm;, you must first bring your system to a runlevel +that does not run &xdm;. To do so, issue a command like this:</para> + +<screen><command>/sbin/init <option>3</option></command></screen> + +<para>Instead of the number <option>3</option> you should specify the +appropriate runlevel for console mode on your system.</para> + +<para>If your system uses Pluggable Authentication Modules +(<abbrev>PAM</abbrev>), which is normal with recent &Linux; and &Solaris; +systems, you should check that your <abbrev>PAM</abbrev> configuration permits +login through the service named <literal>kde</literal>. If you previously used +&xdm; successfully, you should not need to make any +changes to your <abbrev>PAM</abbrev> configuration in order to use +&tdm;. <filename>/etc/pam.conf</filename> or +<filename>/etc/pam.d/kde</filename>. Information on configuring +<abbrev>PAM</abbrev> is beyond the scope of this handbook, but +<abbrev>PAM</abbrev> comes with comprehensive documentation (try looking in +<filename>/usr/share/doc/*pam*/html/</filename>).</para> + +<para>Now it's time for you to test &tdm; by issuing the following +command:</para> + +<screen><command>tdm <option>-nodaemon</option></command> +</screen> + +<para>If you get a &tdm; login dialog and you are able to log in, +things are going well. The main thing that can go wrong here is that +the run-time linker might not find the shared &Qt; or &kde; libraries. +If you have a binary distribution of the &kde; libraries, make sure +&tdm; is installed where the libraries believe &kde; is installed and +try setting some environment variables to point to your &kde; and &Qt; +libraries.</para> + +<para>For example:</para> + +<screen><command>export +<option>TDEDIR=<replaceable>/opt/kde</replaceable></option></command> +<command>export +<option>QTDIR=<replaceable>/usr/lib/qt2</replaceable></option></command> +<command>export +<option>PATH=<replaceable>$TDEDIR/bin:$QTDIR/bin:$PATH</replaceable></option></command> +<command>export +<option>LD_LIBRARY_PATH=<replaceable>$TDEDIR/lib:$QTDIR/lib</replaceable></option></command> +</screen> + +<para>If you are still unsuccessful, try starting &xdm; instead, to +make sure that you are not suffering from a more serious X +configuration problem.</para> + +<para>When you are able to start &tdm; successfully, you can start to +replace &xdm; by &tdm;. Again, this is distribution-dependent.</para> + +<itemizedlist> +<listitem> +<para>For &RedHat;, edit <filename>/etc/inittab</filename>, look for this + line:</para> +<screen>x:5:respawn:/usr/X11/bin/xdm -nodaemon</screen> +<para>and replace with:</para> +<screen>x:5:respawn:/opt/kde/bin/tdm</screen> +<para>This tells <command>init</command>(8) to respawn &tdm; when the +system is in run level 5. Note that &tdm; does not need the + <option>-nodaemon</option> option.</para> +</listitem> +<listitem> +<para>For &Mandrake;, the X11 runlevel in +<filename>/etc/inittab</filename> invokes the shell script +<filename>/etc/X11/prefdm</filename>, which is set up to select from +amongst several display managers, including &tdm;. Make sure that all +the paths are correct for your installation.</para> +</listitem> +<listitem> +<para>For &SuSE;, edit <filename>/sbin/init.d/xdm</filename> to add a +first line:</para> + +<screen>. /etc/rc.config +DISPLAYMANAGER=tdm +export DISPLAYMANAGER</screen> +</listitem> +<listitem><para>For FreeBSD, edit <filename>/etc/ttys</filename> and find +the line like this:</para> +<screen>ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</screen> +<para>and edit it to this:</para> +<screen>ttyv8 "/usr/local/bin/tdm" xterm on secure</screen> +</listitem> + +<listitem><para>Most other distributions are a variation of one of +these.</para></listitem> +</itemizedlist> + +<para>At this stage, you can test &tdm; again by bringing your system +to the runlevel that should now run &tdm;. To do so, issue a command +like this:</para> + +<screen><command>/sbin/init <option>5</option></command> +</screen> + +<para>Instead of the number <option>5</option> you should specify the +appropriate runlevel for running X11 on your system.</para> + +<para>The final step is to edit the <parameter>initdefault</parameter> +entry in <filename>/etc/inittab</filename> to specify the appropriate +runlevel for X11.</para> + +<warning><para>Before you make this change, ensure that you have a way +to reboot your system if a problem occurs. This might be a +<quote>rescue</quote> floppy-disk provided by your operating system +distribution or a specially-designed <quote>rescue</quote> +floppy-disk, such as <literal>tomsrtbt</literal>. Ignore this advice +at your peril.</para></warning> + +<para>This usually involves changing the line:</para> +<screen>id:3:initdefault:</screen> +<para>to</para> +<screen>id:5:initdefault:</screen> + +<para>When you reboot your system, you should end up with the +graphical &tdm; login dialog.</para> + +<para>If this step is unsuccessful the most likely problem is that the +environment used at boot time differs from the environment that you used for +testing at the command line. If you are trying to get two versions of &kde; +to co-exist, be particularly careful that the settings you use for your +<envar>PATH</envar> and <envar>LD_LIBRARY_PATH</envar> environment variables +are consistent, and that the startup scripts are not over-riding them in +some way.</para> + +</sect1> + +</chapter> + +<chapter id="different-window-managers-with-tdm"> +<title>Supporting multiple window managers</title> + +<para>&tdm; detects most available window manager and desktop environments when +it is run. Installing a new one should make it automatically available in +the &tdm; main dialog <guilabel>Session Type:</guilabel>.</para> + +<para>If you have a very new window manager, or something that &tdm; does +not support, the first thing you should check is that the application to be +run is in the <envar>PATH</envar> and has not been renamed during the +install into something unexpected.</para> + +<para>If the case is that the application is too new and not yet supported +by &tdm;, you can quite simply add a new session.</para> + +<para>The sessions are defined in <firstterm>.desktop</firstterm> files in +<filename +class="directory">$<envar>TDEDIR</envar>/share/apps/tdm/sessions</filename>. +You can simply add an appropriately named <literal +role="extension">.desktop</literal> file in this directory. The fields +are:</para> + +<programlisting>[Desktop Entry] +Encoding=UTF-8 <lineannotation>This is fixed to <option>UTF-8</option> and +may be omitted</lineannotation> +Type=XSession <lineannotation>This is fixed to <option>XSession</option> and +may be omitted</lineannotation> +Exec=<replaceable>executable name</replaceable> <lineannotation>Passed to +<command>eval exec</command> in a Bourne shell</lineannotation> +TryExec=<replaceable>executable name</replaceable> <lineannotation>Supported +but not required</lineannotation> +Name=<replaceable>name to show in the &tdm; session list</replaceable></programlisting> + +<para>There are also three <quote>magic</quote>:</para> + +<variablelist> +<varlistentry> +<term>default</term> +<listitem> +<para> +The default session for &tdm; is normally &kde; but can be configured by the +system administrator. +</para> +</listitem> +</varlistentry> +<varlistentry> +<term>custom</term> +<listitem> +<para> +The Custom session will run the users ~/.xsession if it exists. +</para> +</listitem> +</varlistentry> +<varlistentry> +<term>failsafe</term> +<listitem> +<para> +Failsafe will run a very plain session, and is useful only for debugging +purposes. +</para> +</listitem> +</varlistentry> +</variablelist> + +<para>To override a session type, copy the .desktop file from the data dir +to the config dir and edit it at will. Removing the shipped session types +can be accomplished by <quote>shadowing</quote> them with .desktop files +containing Hidden=true. For the magic session types no .desktop files exist +by default, but &tdm; pretends they would, so you can override them like any +other type. I guess you already know how to add a new session type by +now. ;-)</para> + +</chapter> + +<chapter id="xdmcp-with-tdm"> +<title>Using &tdm; for Remote Logins (&XDMCP;)</title> + +<para>&XDMCP; is the Open Group standard, the <quote>X Display Manager +Control Protocol</quote>. This is used to set up connections between +remote systems over the network.</para> + +<para>&XDMCP; is useful in multiuser situations where there are users +with workstations and a more powerful server that can provide the +resources to run multiple X sessions. For example, &XDMCP; is a good +way to reuse old computers - a Pentium or even 486 computer with 16 Mb +RAM is sufficient to run X itself, and using &XDMCP; such a computer can +run a full modern &kde; session from a server. For the server part, +once a single &kde; (or other environment) session is running, running +another one requires very few extra resources.</para> + +<para>However, allowing another method of login to your machine +obviously has security implications. You should run this service only +if you need to allow remote X Servers to start login sessions on your +system. Users with a single &UNIX; computer should not need to run +this.</para> + +</chapter> + +<chapter id="advanced-topics"> +<title>Advanced Topics</title> + +<sect1 id="command-sockets"> +<title>Command Sockets</title> + +<para>This is a feature you can use to remote-control &tdm;. It's mostly +intended for use by &ksmserver; and &kdesktop; from a running session, but +other applications are possible as well.</para> + +<para>The sockets are &UNIX; domain sockets which live in subdirectories of the +directory specified by <option>FifoDir</option>=. The subdir is the key to +addressing and security; the sockets all have the file name +<filename>socket</filename> and file permissions +<literal>rw-rw-rw-</literal> (0666). This is because some systems don't care +for the file permission of the socket files.</para> + +<para>There are two types of sockets: the global one (dmctl) and the +per-display ones (dmctl-<display>).</para> + +<para>The global one's subdir is owned by root, the subdirs of the per-display +ones' are owned by the user currently owning the session (root or the +logged in user). Group ownership of the subdirs can be set via FifoGroup=, +otherwise it is root. The file permissions of the subdirs are rwxr-x--- +(0750).</para> + +<para>The fields of a command are separated by tabs (<token>\t</token>), the +fields of a list are separated by spaces, literal spaces in list fields are +denoted by <token>\s</token>.</para> + +<para>The command is terminated by a newline (<token>\n</token>).</para> + +<para>The same applies to replies. The reply on success is +<returnvalue>ok</returnvalue>, possibly followed by the requested +information. The reply on error is an errno-style word (⪚ +<returnvalue>perm</returnvalue>, <returnvalue>noent</returnvalue>, &etc;) +followed by a longer explanation.</para> + +<variablelist> +<title>Global commands:</title> +<varlistentry> +<term><command>login</command> <option>display</option> +(<parameter>now</parameter> | <parameter>schedule</parameter>) <parameter>user</parameter> <parameter>password</parameter> +[session_arguments]</term> +<listitem> +<para>login user at specified display. if <parameter>now</parameter> is +specified, a possibly running session is killed, otherwise the login is done +after the session exits. session_arguments are printf-like escaped contents +for .dmrc. Unlisted keys will default to previously saved values.</para> +</listitem> +</varlistentry> +</variablelist> + +<variablelist> +<title>Per-display commands:</title> +<varlistentry> +<term><command>lock</command></term> +<listitem> +<para>The display is marked as locked. If the &X-Server; crashes in this +state, no auto-relogin will be performed even if the option is on.</para> +</listitem> +</varlistentry> +<varlistentry> +<term><command>unlock</command></term> +<listitem> +<para>Reverse the effect of <command>lock</command>, and re-enable +auto-relogin.</para> +</listitem> +</varlistentry> +<varlistentry> +<term><command>suicide</command></term> +<listitem> +<para>The currently running session is forcibly terminated. No auto-relogin +is attempted, but a scheduled "login" command will be executed.</para> +</listitem> +</varlistentry> +</variablelist> + +<variablelist> +<title>Commands for all sockets</title> +<varlistentry> +<term><command>caps</command></term> +<listitem> +<para>Returns a list of this socket's capabilities:</para> + +<variablelist> +<varlistentry> +<term><returnvalue>&tdm;</returnvalue></term> +<listitem> +<para>identifies &tdm;, in case some other DM implements this protocol, +too</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>list</returnvalue>, <returnvalue>lock</returnvalue>, +<returnvalue>suicide</returnvalue>, <returnvalue>login</returnvalue></term> +<listitem> +<para>The respective command is supported</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>bootoptions</returnvalue></term> +<listitem> +<para>The <command>listbootoptions</command> command and the +<option>=</option> to <command>shutdown</command> are supported</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>shutdown <list></returnvalue></term> +<listitem> +<para><command>shutdown</command> is supported and allowed for the listed +users (a comma separated list.) <returnvalue>*</returnvalue> means all +authenticated users.</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>nuke <list></returnvalue></term> +<listitem> +<para>Forced shutdown may be performed by the listed users.</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>nuke</returnvalue></term> +<listitem> +<para>Forced shutdown may be performed by everybody</para> +</listitem> +</varlistentry> +<varlistentry> +<term><returnvalue>reserve <number></returnvalue></term> +<listitem> +<para>Reserve displays are configured, and <returnvalue>number</returnvalue> +are available at this time</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>list</command> [<parameter>all</parameter> | +<parameter>alllocal</parameter>]</term> +<listitem> +<para>Return a list of running sessions. By default all active sessions are +listed. if <parameter>all</parameter> is specified, passive sessions are +listed as well. If <parameter>alllocal</parameter> is specified, passive +sessions are listed as well, but all incoming remote sessions are +skipped.</para> +<para>Each session entry is a comma separated tuple of:</para> +<itemizedlist> +<listitem><para>Display or TTY name</para></listitem> +<listitem><para>VT name for local sessions</para></listitem> +<listitem><para>Logged in user's name, empty for passive sessions and +outgoing remote sessions (local chooser mode)</para></listitem> +<listitem><para>Session type or <quote><remote></quote> for outgoing +remote sessions, empty for passive sessions.</para></listitem> +<listitem><para>A Flag field:</para> +<itemizedlist><listitem><para><literal>*</literal> for the display belonging +to the requesting socket.</para></listitem> +<listitem><para><literal>!</literal> for sessions that cannot be killed by the +reqeusting socket.</para></listitem> +</itemizedlist> +</listitem> +</itemizedlist> +<para>New fields may be added in the future.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>reserve</command> [<parameter>timeout in +seconds</parameter>]</term> +<listitem> +<para>Start a reserve login screen. If nobody logs in within the specified +amount of time (one minute by default), the display is removed again. When +the session on the display exits, the display is removed, too.</para> +<para>Permitted only on sockets of local displays and the global +socket.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>activate</command> +(<parameter>vt</parameter>|<parameter>display</parameter>)</term> +<listitem> +<para>Switch to a particular VT (virtual terminal). The VT may be specified +either directly (⪚ <parameter>vt3</parameter>) or by a display using it +(eg; <parameter>:2</parameter>).</para> +<para>Permitted only on sockets of local displays and the global +socket.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>listbootoptions</command></term> +<listitem> +<para>List available boot options.</para> +<!--FIXME: "ok" list default current + default and current are indices into the list and are -1 if unset or + undeterminable. --> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>shutdown</command> (<parameter>reboot</parameter> | +<parameter>halt</parameter>) +[<parameter>=<replaceable>bootchoice</replaceable></parameter>] +(<parameter>ask</parameter>|<parameter>trynow</parameter>|<parameter>forcenow</parameter>|<parameter>schedule</parameter>|<parameter>start +(<parameter>-1</parameter>|<parameter>end +(<parameter>force</parameter>|<parameter>forcemy</parameter>|<parameter>cancel)</parameter>)</parameter>)</parameter>)</term> +<listitem> +<para>Request a system shutdown, either a reboot or a halt/poweroff.</para> +<para>An OS choice for the next boot may be specified from the list returned +by <command>listbootoptions</command></para> +<para>Shutdowns requested from per-display sockets are executed when the +current sessino on that display exits. Such a request may pop up a dialog +asking for confirmation and/or authentication</para> +<para><parameter>start</parameter> is the time for which the shutdown is +scheduled. If it starts with a plus-sign, the current time is added. Zero +means immediately.</para> +<para><parameter>end</parameter> is the latest time at which the shutdown +should be performed if active sessions are still running. If it starts with +a plus-sign, the start time is added. -1 means wait infinitely. If end is +through and active sessions are still running, &tdm; can do one of the +following:</para> +<itemizedlist> +<listitem><para><parameter>cancel</parameter> - give up the +shutdown</para></listitem> +<listitem><para><parameter>force</parameter> - shut down +nonetheless</para></listitem> +<listitem><para><parameter>forcemy</parameter> - shut down nonetheless if +all active sessions belong to the requesting user. Only for per-display sockets.</para></listitem> +</itemizedlist> +<para><parameter>start</parameter> and <parameter>end</parameter> are +specified in seconds since the &UNIX; epoch.</para> +<para><parameter>trynow</parameter> is a synonym for <parameter>0 0 +cancel</parameter>, <parameter>forcenow</parameter> for <parameter>0 0 +force</parameter> and <parameter>schedule</parameter> for <parameter>0 +-1</parameter>.</para> +<para><parameter>ask</parameter> attempts an immediate shutdown and +interacts with the user if active sessions are still running. Only for +per-display sockets.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>shutdown cancel</command> +[<parameter>local</parameter>|<parameter>global</parameter>}</term> +<listitem> +<para>Cancel a scheduled shutdown. The global socket always cancels the +currently pending shutdown, while per-display sockets default to cancelling +their queued request.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term><command>shutdown status</command></term> +<listitem> +<para>Return a list with information about shutdowns.</para> +<para>The entries are a comma-separated tuples of:</para> +<itemizedlist> +<listitem> +<para>(<returnvalue>global</returnvalue>|<returnvalue>local</returnvalue>) - +pending vs. queued shutdown. A local entry can be returned only by a +per-display socket.</para> +</listitem> +<listitem><para>(<returnvalue>halt</returnvalue>|<returnvalue>reboot</returnvalue>)</para></listitem> +<listitem><para>start</para></listitem> +<listitem><para>end</para></listitem> +<listitem><para>("ask"|"force"|"forcemy"|"cancel")</para></listitem> +<listitem><para>Numeric user ID of the requesting user, -1 for the global +socket.</para></listitem> +<listitem><para>The next boot OS choice or "-" for none.</para></listitem> +</itemizedlist> +<para>New fields might be added later</para> +</listitem> +</varlistentry> +</variablelist> +</listitem> +</varlistentry> +</variablelist> +<para>There are two ways of using the sockets:</para> +<itemizedlist> +<listitem> +<para>Connecting them directly. FifoDir is exported as +$<envar>DM_CONTROL</envar>; the name of per-display sockets can be derived +from $<envar>DISPLAY</envar>.</para> +</listitem> +<listitem> +<para>By using the <command>tdmctl</command> command (⪚ from within a +shell script). Try <command>tdmctl</command> <option>-h</option> to find out +more.</para> +</listitem> +</itemizedlist> + +<para>Here is an example bash script <quote>reboot into FreeBSD</quote>:</para> + +<programlisting>if tdmctl | grep -q shutdown; then + IFS=$'\t' + set -- `tdmctl listbootoptions` + if [ "$1" = ok ]; then + fbsd=$(echo "$2" | tr ' ' '\n' | sed -ne 's,\\s, ,g;/freebsd/I{p;q}') + if [ -n "$fbsd" ]; then + tdmctl shutdown reboot "=$fbsd" ask > /dev/null + else + echo "FreeBSD boot unavailable." + fi + else + echo "Boot options unavailable." + fi +else + echo "Cannot reboot system." +fi</programlisting> + +</sect1> +<!-- Riddell: so there's no GUI you need to edit tdmrc to say UseTheme=true and Theme=/path/to/theme.xml +[13:31] <Riddell> jriddell.org/programs has an example theme + +<sect1 id="dm-themes"> +<title>Themes</title> + +&tdm; has limited support for desktop manager themes. You may enable them +by adding <userinput>UseTheme=true</userinput> to <filename>tdmrc</filename> +and <userinput>Theme=/path/to/theme.xml</userinput>. +</sect1> +--> +</chapter> + +<chapter id="Other-Information"> +<title>Other sources of information</title> + +<para>Since &tdm; is descended from &xdm;, the <ulink +url="man:xdm">&xdm; man page</ulink> may provide useful background +information. For X-related problems try the man pages <ulink +url="man:X">X</ulink> and <ulink url="man:startx">startx</ulink>. If you have +questions about &tdm; that are not answered by this handbook, take advantage of +the fact the &tdm; is provided under the terms of the <abbrev>&GNU;</abbrev> +General Public License: look at the source code. +</para> + +</chapter> + + +<chapter id="credits"><title>Credits and License</title> + +<para>&tdm; is derived from, and includes code from, +&xdm; (C) Keith Packard, MIT X Consortium.</para> + +<para>&tdm; 0.1 was written by &Matthias.Ettrich;. Later versions till &kde; +2.0.x were written by &Steffen.Hansen;. Some new features for &kde; 2.1.x and +a major rewrite for &kde; 2.2.x made by &Oswald.Buddenhagen;.</para> + +<para>Other parts of the &tdm; code are copyright by the authors, and +licensed under the terms of the <ulink url="common/gpl-license.html">&GNU; +GPL</ulink>. Anyone is allowed to change &tdm; and redistribute the result +as long as the names of the authors are mentioned.</para> + +<para>&tdm; requires the &Qt; library, which is copyright Troll Tech AS.</para> + +<para>Documentation contributors: +<itemizedlist> + +<listitem><para>Documentation written by &Steffen.Hansen; +<email>stefh@dit.ou.dk</email></para></listitem> + +<listitem><para>Documentation extended by Gregor +Zumstein<email>zumstein@ssd.ethz.ch</email>. Last update August 9, +1998</para></listitem> + +<listitem><para>Documentation revised for &kde; 2 by &Neal.Crook; &Neal.Crook.mail;. Last update August 6, 2000</para></listitem> + +<listitem><para>Documentation extended and revised for &kde; 2.2 by &Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;. Last update August, +2001</para></listitem> + +</itemizedlist></para> + +<para>Documentation copyright &Steffen.Hansen;, Gregor Zumstein, &Neal.Crook; +and &Oswald.Buddenhagen;. This document also includes large parts of the &xdm; +man page, which is © Keith Packard.</para> + +<!--TRANS:CREDIT_FOR_TRANSLATORS --> + +&underFDL; +&underGPL; + +</chapter> + +<glossary id="glossary"> +<title>Glossary</title> + +<glossentry id="gloss-greeter"> +<glossterm>greeter</glossterm> +<glossdef><para>The greeter is the login dialog, &ie; the part of &tdm; +which the user sees.</para> +</glossdef> +</glossentry> + +<glossentry> +<glossterm id="gloss-entropy">entropy</glossterm> +<glossdef><para>The entropy of a system is the measure of its +unpredictability. This is used during the generation of random numbers.</para></glossdef> +</glossentry> + +</glossary> +</book> +<!-- +Local Variables: +mode: xml +sgml-omittag: nil +sgml-shorttag: t +End: +--> + diff --git a/doc/tdm/tdmrc-ref.docbook b/doc/tdm/tdmrc-ref.docbook new file mode 100644 index 000000000..f2cfd2f0e --- /dev/null +++ b/doc/tdm/tdmrc-ref.docbook @@ -0,0 +1,2316 @@ +<!-- generated from ../../tdm/config.def - DO NOT EDIT! --> + +<chapter id="tdm-files"> +<title>The Files &tdm; Uses for Configuration</title> + +<para>This chapter documents the files that control &tdm;'s behavior. +Some of this can be also controlled from the &kcontrol; module, but +not all.</para> + +<sect1 id="tdmrc"> +<title>&tdmrc; - The &tdm; master configuration file</title> + +<para>The basic format of the file is <quote>INI-like</quote>. +Options are key/value pairs, placed in sections. +Everything in the file is case sensitive. +Syntactic errors and unrecognized key/section identifiers cause &tdm; to +issue non-fatal error messages.</para> + +<para>Lines beginning with <literal>#</literal> are comments; empty lines +are ignored as well.</para> + +<para>Sections are denoted by +<literal>[</literal><replaceable>Name of Section</replaceable><literal>]</literal>. +</para> + +<para>You can configure every X-display individually.</para> +<para>Every display has a display name, which consists of a host name +(which is empty for local displays specified in <option>StaticServers</option> +or <option>ReserveServers</option>), a colon, and a display number. +Additionally, a display belongs to a +display class (which can be ignored in most cases).</para> + +<para>Sections with display-specific settings have the formal syntax +<literal>[X-</literal> <replaceable>host</replaceable> [ <literal>:</literal> <replaceable>number</replaceable> [ <literal>_</literal> <replaceable>class</replaceable> ] ] <literal>-</literal> <replaceable>sub-section</replaceable> <literal>]</literal> +</para> +<para>All sections with the same <replaceable>sub-section</replaceable> +make up a section class.</para> + +<para>You can use the wildcard <literal>*</literal> (match any) for +<replaceable>host</replaceable>, <replaceable>number</replaceable>, +and <replaceable>class</replaceable>. You may omit trailing components; +they are assumed to be <literal>*</literal> then. The host part may be a +domain specification like <replaceable>.inf.tu-dresden.de</replaceable> +or the wildcard <literal>+</literal> (match non-empty).</para> + +<para>From which section a setting is actually taken is determined by +these rules:</para> + +<itemizedlist> +<listitem> +<para>An exact match takes precedence over a partial match (for the +host part), which in turn takes precedence over a wildcard +(<literal>+</literal> taking precendence over <literal>*</literal>).</para> +</listitem> + +<listitem> +<para>Precedence decreases from left to right for equally exact matches.</para> +</listitem> + +<listitem> + +<para> +Example: display name <quote>myhost.foo:0</quote>, class <quote>dpy</quote> +</para> +<itemizedlist> +<listitem> +<para>[X-myhost.foo:0_dpy] precedes</para> +</listitem> +<listitem> +<para>[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes</para> +</listitem> +<listitem> +<para>[X-myhost.foo:*_dpy] precedes</para> +</listitem> +<listitem> +<para>[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes</para> +</listitem> +<listitem> +<para>[X-.foo:*_*] (same as [X-.foo]) precedes</para> +</listitem> +<listitem> +<para>[X-+:0_dpy] precedes</para> +</listitem> +<listitem> +<para>[X-*:0_dpy] precedes</para> +</listitem> +<listitem> +<para>[X-*:0_*] (same as [X-*:0]) precedes</para> +</listitem> +<listitem> +<para>[X-*:*_*] (same as [X-*]).</para> +</listitem> +<listitem> +<para>These sections do <emphasis>not</emphasis> match this display:</para> +<para>[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*]</para> +</listitem> +</itemizedlist> + +</listitem> + +</itemizedlist> + +<para>Common sections are [X-*] (all displays), [X-:*] (all local displays) +and [X-:0] (the first local display).</para> + +<para>The format for all keys is +<userinput><option><replaceable>key</replaceable></option> <literal>=</literal> <parameter>value</parameter></userinput>. +Keys are only valid in the section class they are defined for. +Some keys do not apply to particular displays, in which case they are ignored. +</para> + +<para>If a setting is not found in any matching section, the default +is used.</para> + +<para>Special characters need to be backslash-escaped (leading and trailing +spaces (<literal>\s</literal>), tab (<literal>\t</literal>), linefeed +(<literal>\n</literal>), carriage return (<literal>\r</literal>) and the +backslash itself (<literal>\\</literal>)).</para> +<para>In lists, fields are separated with commas without whitespace in between. +</para> +<para>Some command strings are subject to simplified sh-style word splitting: +single quotes (<literal>'</literal>) and double quotes (<literal>"</literal>) +have the usual meaning; the backslash quotes everything (not only special +characters). Note that the backslashes need to be doubled because of the +two levels of quoting.</para> + +<note><para>A pristine &tdmrc; is very thoroughly commented. +All comments will be lost if you change this file with the +kcontrol frontend.</para></note> + + +<sect2 id="tdmrc-general"> +<title>The [General] section of &tdmrc;</title> + +<para> +This section contains global options that do not fit into any specific section. +</para> + +<variablelist> + +<varlistentry> +<term id="option-configversion"><option>ConfigVersion</option></term> +<listitem> +<para> +This option exists solely for the purpose of clean automatic upgrades. +<emphasis>Do not</emphasis> change it, you may interfere with future +upgrades and this could result in &tdm; failing to run. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-staticservers"><option>StaticServers</option></term> +<listitem> +<para> +List of displays (&X-Server;s) permanently managed by &tdm;. Displays with a +hostname are foreign displays which are expected to be already running, +the others are local displays for which &tdm; starts an own &X-Server;; +see <option>ServerCmd</option>. Each display may belong to a display class; +append it to the display name separated by an underscore. +See <xref linkend="tdmrc-xservers"/> for the details. +</para> +<para>The default is <quote>:0</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-reserveservers"><option>ReserveServers</option></term> +<listitem> +<para> +List of on-demand displays. See <option>StaticServers</option> for syntax. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-servervts"><option>ServerVTs</option></term> +<listitem> +<para> +List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the +absolute value is used, and the <acronym>VT</acronym> will be allocated only +if the kernel says it is free. If &tdm; exhausts this list, it will allocate +free <acronym>VT</acronym>s greater than the absolute value of the last entry +in this list. +Currently Linux only. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-consolettys"><option>ConsoleTTYs</option></term> +<listitem> +<para> +This option is for operating systems (<acronym>OS</acronym>s) with support +for virtual terminals (<acronym>VT</acronym>s), by both &tdm; and the +<acronym>OS</acronym>s itself. +Currently this applies only to Linux. +</para><para> +When &tdm; switches to console mode, it starts monitoring all +<acronym>TTY</acronym> lines listed here (without the leading +<literal>/dev/</literal>). +If none of them is active for some time, &tdm; switches back to the X login. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pidfile"><option>PidFile</option></term> +<listitem> +<para> +The filename specified will be created to contain an ASCII representation +of the process ID of the main &tdm; process; the PID will not be stored +if the filename is empty. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-lockpidfile"><option>LockPidFile</option></term> +<listitem> +<para> +This option controls whether &tdm; uses file locking to keep multiple +display managers from running onto each other. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-authdir"><option>AuthDir</option></term> +<listitem> +<para> +This names a directory under which &tdm; stores &X-Server; authorization +files while initializing the session. &tdm; expects the system to clean up +this directory from stale files on reboot. +</para><para> +The authorization file to be used for a particular display can be +specified with the <option>AuthFile</option> option in [X-*-Core]. +</para> +<para>The default is <quote>/var/run/xauth</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autorescan"><option>AutoRescan</option></term> +<listitem> +<para> +This boolean controls whether &tdm; automatically re-reads its +configuration files if it finds them to have changed. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-exportlist"><option>ExportList</option></term> +<listitem> +<para> +Additional environment variables &tdm; should pass on to all programs it runs. +<envar>LD_LIBRARY_PATH</envar> and <envar>XCURSOR_THEME</envar> are good candidates; +otherwise, it should not be necessary very often. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-randomfile"><option>RandomFile</option></term> +<listitem> +<para> +If the system has no native entropy source like /dev/urandom (see +<option>RandomDevice</option>) and no entropy daemon like EGD (see +<option>PrngdSocket</option> and <option>PrngdPort</option>) is running, +&tdm; will fall back to its own pseudo-random number generator +that will, among other things, successively checksum parts of this file +(which, obviously, should change frequently). +</para><para> +This option does not exist on Linux and various BSDs. +</para> +<para>The default is <quote>/dev/mem</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-prngdsocket"><option>PrngdSocket</option></term> +<listitem> +<para> +If the system has no native entropy source like /dev/urandom (see +<option>RandomDevice</option>), read random data from a Pseudo-Random +Number Generator Daemon, +like EGD (http://egd.sourceforge.net) via this UNIX domain socket. +</para><para> +This option does not exist on Linux and various BSDs. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-prngdport"><option>PrngdPort</option></term> +<listitem> +<para> +Same as <option>PrngdSocket</option>, only use a TCP socket on localhost. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-randomdevice"><option>RandomDevice</option></term> +<listitem> +<para> +The path to a character device which &tdm; should read random data from. +Empty means to use the system's preferred entropy device if there is one. +</para><para> +This option does not exist on OpenBSD, as it uses the arc4_random +function instead. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-fifodir"><option>FifoDir</option></term> +<listitem> +<para> +The directory in which the command <acronym>FiFo</acronym>s should +be created; make it empty to disable them. +</para> +<para>The default is <quote>/var/run/xdmctl</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-fifogroup"><option>FifoGroup</option></term> +<listitem> +<para> +The group to which the global command <acronym>FiFo</acronym> should belong; +can be either a name or a numerical ID. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-datadir"><option>DataDir</option></term> +<listitem> +<para> +The directory in which &tdm; should store persistent working data; such data +is, for example, the previous user that logged in on a particular display. +</para> +<para>The default is <quote>/var/lib/tdm</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-dmrcdir"><option>DmrcDir</option></term> +<listitem> +<para> +The directory in which &tdm; should store users' <filename>.dmrc</filename> files. This is only +needed if the home directories are not readable before actually logging in +(like with AFS). +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +</variablelist> +</sect2> + + +<sect2 id="tdmrc-xdmcp"> +<title>The [Xdmcp] section of &tdmrc;</title> + +<para> +This section contains options that control &tdm;'s handling of +&XDMCP; requests. +</para> + +<variablelist> + +<varlistentry> +<term id="option-enable"><option>Enable</option></term> +<listitem> +<para> +Whether &tdm; should listen to incoming &XDMCP; requests. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-port"><option>Port</option></term> +<listitem> +<para> +This indicates the UDP port number which &tdm; uses to listen for incoming +&XDMCP; requests. Unless you need to debug the system, leave this with its +default value. +</para> +<para>The default is <quote>177</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-keyfile"><option>KeyFile</option></term> +<listitem> +<para> +XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private +key to be shared between &tdm; and the terminal. This option specifies +the file containing those values. Each entry in the file consists of a +display name and the shared key. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-xaccess"><option>Xaccess</option></term> +<listitem> +<para> +To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP; +IndirectQuery requests, this file contains a database of hostnames which +are either allowed direct access to this machine, or have a list of hosts +to which queries should be forwarded to. The format of this file is +described in <xref linkend="tdmrc-xaccess"/>. +</para> +<para>The default is <quote>${<envar>kde_confdir</envar>}/tdm/Xaccess</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-choicetimeout"><option>ChoiceTimeout</option></term> +<listitem> +<para> +Number of seconds to wait for the display to respond after the user has +selected a host from the chooser. If the display sends an &XDMCP; +IndirectQuery within this time, the request is forwarded to the chosen +host; otherwise, it is assumed to be from a new session and the chooser +is offered again. +</para> +<para>The default is <quote>15</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-removedomainname"><option>RemoveDomainname</option></term> +<listitem> +<para> +When computing the display name for &XDMCP; clients, the name resolver will +typically create a fully qualified host name for the terminal. As this is +sometimes confusing, &tdm; will remove the domain name portion of the host +name if it is the same as the domain name of the local host when this option +is enabled. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-sourceaddress"><option>SourceAddress</option></term> +<listitem> +<para> +Use the numeric IP address of the incoming connection on multihomed hosts +instead of the host name. This is to avoid trying to connect on the wrong +interface which might be down at this time. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-willing"><option>Willing</option></term> +<listitem> +<para> +This specifies a program which is run (as +<systemitem class="username">root</systemitem>) when an &XDMCP; +DirectQuery or BroadcastQuery is received and this host is configured +to offer &XDMCP; display management. The output of this program may be +displayed in a chooser window. If no program is specified, the string +<quote>Willing to manage</quote> is sent. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +</variablelist> +</sect2> + + +<sect2 id="tdmrc-shutdown"> +<title>The [Shutdown] section of &tdmrc;</title> + +<para> +This section contains global options concerning system shutdown. +</para> + +<variablelist> + +<varlistentry> +<term id="option-haltcmd"><option>HaltCmd</option></term> +<listitem> +<para> +The command (subject to word splitting) to run to halt/poweroff the system. +</para><para> +The default is something reasonable for the system on which &tdm; was built, like +<command>/sbin/shutdown <option>-h</option> <parameter>now</parameter></command>. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-rebootcmd"><option>RebootCmd</option></term> +<listitem> +<para> +The command (subject to word splitting) to run to reboot the system. +</para><para> +The default is something reasonable for the system &tdm; on which was built, like +<command>/sbin/shutdown <option>-r</option> <parameter>now</parameter></command>. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowfifo"><option>AllowFifo</option></term> +<listitem> +<para> +Whether it is allowed to shut down the system via the global command <acronym>FiFo</acronym>. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowfifonow"><option>AllowFifoNow</option></term> +<listitem> +<para> +Whether it is allowed to abort active sessions when shutting down the +system via the global command <acronym>FiFo</acronym>. +</para><para> +This will have no effect unless <option>AllowFifo</option> is enabled. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-bootmanager"><option>BootManager</option></term> +<listitem> +<para> +The boot manager &tdm; should use for offering boot options in the +shutdown dialog. +</para> +<variablelist> +<varlistentry> +<term><parameter>None</parameter></term> +<listitem><para>no boot manager</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Grub</parameter></term> +<listitem><para>Grub boot manager</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Lilo</parameter></term> +<listitem><para>Lilo boot manager (Linux on i386 & x86-64 only)</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>None</quote>.</para> +</listitem> +</varlistentry> + +</variablelist> +</sect2> + + +<sect2 id="tdmrc-core"> +<title>The [X-*-Core] section class of &tdmrc;</title> + +<para> +This section class contains options concerning the configuration +of the &tdm; backend (core). +</para> + +<variablelist> + +<varlistentry> +<term id="option-opendelay"><option>OpenDelay</option></term> +<listitem> +<para> +See <option>OpenRepeat</option>. +</para> +<para>The default is <quote>15</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-opentimeout"><option>OpenTimeout</option></term> +<listitem> +<para> +See <option>OpenRepeat</option>. +</para> +<para>The default is <quote>120</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-openrepeat"><option>OpenRepeat</option></term> +<listitem> +<para> +These options control the behavior of &tdm; when attempting to open a +connection to an &X-Server;. <option>OpenDelay</option> is the length +of the pause (in seconds) between successive attempts, +<option>OpenRepeat</option> is the number of attempts to make and +<option>OpenTimeout</option> is the amount of time to spend on a +connection attempt. After <option>OpenRepeat</option> attempts have been +made, or if <option>OpenTimeout</option> seconds elapse in any particular +connection attempt, the start attempt is considered failed. +</para> +<para>The default is <quote>5</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-startattempts"><option>StartAttempts</option></term> +<listitem> +<para> +How many times &tdm; should attempt to start a <literal>foreign</literal> +display listed in <option>StaticServers</option> before giving up +and disabling it. +Local displays are attempted only once, and &XDMCP; displays are retried +indefinitely by the client (unless the option <option>-once</option> +was given to the &X-Server;). +</para> +<para>The default is <quote>4</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-serverattempts"><option>ServerAttempts</option></term> +<listitem> +<para> +How many times &tdm; should attempt to start up a local &X-Server;. +Starting up includes executing it and waiting for it to come up. +</para> +<para>The default is <quote>1</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-servertimeout"><option>ServerTimeout</option></term> +<listitem> +<para> +How many seconds &tdm; should wait for a local &X-Server; to come up. +</para> +<para>The default is <quote>15</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-servercmd"><option>ServerCmd</option></term> +<listitem> +<para> +The command line to start the &X-Server;, without display number and VT spec. +This string is subject to word splitting. +</para><para> +The default is something reasonable for the system on which &tdm; was built, +like <command>/usr/X11R6/bin/X</command>. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-serverargslocal"><option>ServerArgsLocal</option></term> +<listitem> +<para> +Additional arguments for the &X-Server;s for local sessions. +This string is subject to word splitting. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-serverargsremote"><option>ServerArgsRemote</option></term> +<listitem> +<para> +Additional arguments for the &X-Server;s for remote sessions. +This string is subject to word splitting. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-servervt"><option>ServerVT</option></term> +<listitem> +<para> +The VT the &X-Server; should run on. +<option>ServerVTs</option> should be used instead of this option. +Leave it zero to let &tdm; assign a <acronym>VT</acronym> automatically. +Set it to <literal>-1</literal> to avoid assigning a <acronym>VT</acronym> +alltogether - this is required for setups with multiple physical consoles. +Currently Linux only. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-servertty"><option>ServerTTY</option></term> +<listitem> +<para> +This option is for <acronym>OS</acronym>s without support for +<acronym>VT</acronym>s, either by &tdm; or the <acronym>OS</acronym> itself. +Currently this applies to all <acronym>OS</acronym>s but Linux. +</para><para> +When &tdm; switches to console mode, it starts monitoring this +<acronym>TTY</acronym> line (specified without the leading +<literal>/dev/</literal>) for activity. If the line is not used for some time, +&tdm; switches back to the X login. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pinginterval"><option>PingInterval</option></term> +<listitem> +<para> +See <option>PingTimeout</option>. +</para> +<para>The default is <quote>5</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pingtimeout"><option>PingTimeout</option></term> +<listitem> +<para> +To discover when <emphasis>remote</emphasis> displays disappear, &tdm; +regularly pings them. +<option>PingInterval</option> specifies the time (in minutes) between the +pings and <option>PingTimeout</option> specifies the maximum amount of +time (in minutes) to wait for the terminal to respond to the request. If +the terminal does not respond, the session is declared dead and terminated. +</para><para> +If you frequently use X terminals which can become isolated from +the managing host, you may wish to increase the timeout. The only worry +is that sessions will continue to exist after the terminal has been +accidentally disabled. +</para> +<para>The default is <quote>5</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-terminateserver"><option>TerminateServer</option></term> +<listitem> +<para> +Whether &tdm; should restart the local &X-Server; after session exit instead +of resetting it. Use this if the &X-Server; leaks memory or crashes the system +on reset attempts. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-resetsignal"><option>ResetSignal</option></term> +<listitem> +<para> +The signal number to use to reset the local &X-Server;. +</para> +<para>The default is <quote>1 (SIGHUP)</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-termsignal"><option>TermSignal</option></term> +<listitem> +<para> +The signal number to use to terminate the local &X-Server;. +</para> +<para>The default is <quote>15 (SIGTERM)</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-authorize"><option>Authorize</option></term> +<listitem> +<para> +Controls whether &tdm; generates and uses authorization for +<emphasis>local</emphasis> &X-Server; connections. +For &XDMCP; displays the authorization requested by the display is used; +foreign non-&XDMCP; displays do not support authorization at all. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-authnames"><option>AuthNames</option></term> +<listitem> +<para> +If <option>Authorize</option> is true, use the authorization mechanisms +listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available; +XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well, +depending on the build configuration. +</para> +<para>The default is <quote>DEF_AUTH_NAME</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-resetforauth"><option>ResetForAuth</option></term> +<listitem> +<para> +Some <emphasis>old</emphasis> &X-Server;s re-read the authorization file +at &X-Server; reset time, instead of when checking the initial connection. +As &tdm; generates the authorization information just before connecting to +the display, an old &X-Server; would not get up-to-date authorization +information. This option causes &tdm; to send SIGHUP to the &X-Server; +after setting up the file, causing an additional &X-Server; reset to occur, +during which time the new authorization information will be read. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-authfile"><option>AuthFile</option></term> +<listitem> +<para> +This file is used to communicate the authorization data from &tdm; to +the &X-Server;, using the <option>-auth</option> &X-Server; command line +option. It should be kept in a directory which is not world-writable +as it could easily be removed, disabling the authorization mechanism in +the &X-Server;. If not specified, a random name is generated from +<option>AuthDir</option> and the name of the display. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-resources"><option>Resources</option></term> +<listitem> +<para> +This option specifies the name of the file to be loaded by +<command>xrdb</command> as the resource database onto the root window +of screen 0 of the display. KDE programs generally do not use +X-resources, so this option is only needed if the <option>Setup</option> +program needs some X-resources. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-xrdb"><option>Xrdb</option></term> +<listitem> +<para> +The <command>xrdb</command> program to use to read the X-resources file +specified in <option>Recources</option>. +The command is subject to word splitting. +</para> +<para>The default is <quote>${<envar>x_bindir</envar>}/xrdb</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-setup"><option>Setup</option></term> +<listitem> +<para> +This string is subject to word splitting. +It specifies a program which is run (as +<systemitem class="username">root</systemitem>) before offering the +greeter window. This may be used to change the appearance of the screen +around the greeter window or to put up other windows (e.g., you may want +to run <command>xconsole</command> here). +The conventional name for a program used here is <command>Xsetup</command>. +See <xref linkend="tdmrc-xsetup"/>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-startup"><option>Startup</option></term> +<listitem> +<para> +This string is subject to word splitting. +It specifies a program which is run (as +<systemitem class="username">root</systemitem>) after the user +authentication process succeeds. +The conventional name for a program used here is <command>Xstartup</command>. +See <xref linkend="tdmrc-xstartup"/>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-reset"><option>Reset</option></term> +<listitem> +<para> +This string is subject to word splitting. +It specifies a program which is run (as +<systemitem class="username">root</systemitem>) after the session +terminates. +The conventional name for a program used here is <command>Xreset</command>. +See <xref linkend="tdmrc-xreset"/>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-session"><option>Session</option></term> +<listitem> +<para> +This string is subject to word splitting. +It specifies the session program to be executed (as the user owning +the session). +The conventional name for a program used here is <command>Xsession</command>. +See <xref linkend="tdmrc-xsession"/>. +</para> +<para>The default is <quote>${<envar>x_bindir</envar>}/xterm -ls -T</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-failsafeclient"><option>FailsafeClient</option></term> +<listitem> +<para> +If the <option>Session</option> program fails to execute, &tdm; will +fall back to this program. This program is executed with no arguments, +but executes using the same environment variables as the session would +have had (see <xref linkend="tdmrc-xsession"/>). +</para> +<para>The default is <quote>${<envar>x_bindir</envar>}/xterm</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-userpath"><option>UserPath</option></term> +<listitem> +<para> +The <envar>PATH</envar> environment variable for +non-<systemitem class="username">root</systemitem> <option>Session</option>s. +</para><para> +The default depends on the system &tdm; was built on. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-systempath"><option>SystemPath</option></term> +<listitem> +<para> +The <envar>PATH</envar> environment variable for all programs but +non-<systemitem class="username">root</systemitem> +<option>Session</option>s. Note that it is good practice not to include +<literal>.</literal> (the current directory) into this entry. +</para><para> +The default depends on the system &tdm; was built on. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-systemshell"><option>SystemShell</option></term> +<listitem> +<para> +The <envar>SHELL</envar> environment variable for all programs but the +<option>Session</option>. +</para> +<para>The default is <quote>/bin/sh</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-userauthdir"><option>UserAuthDir</option></term> +<listitem> +<para> +When &tdm; is unable to write to the usual user authorization file +($<envar>HOME</envar>/.Xauthority), it creates a unique file name in this +directory and points the environment variable <envar>XAUTHORITY</envar> +at the created file. +</para> +<para>The default is <quote>/tmp</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autorelogin"><option>AutoReLogin</option></term> +<listitem> +<para> +If enabled, &tdm; will automatically restart a session after an &X-Server; +crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this +feature opens a security hole: a secured display lock can be circumvented +(unless &kde;'s built-in screen locker is used). +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowrootlogin"><option>AllowRootLogin</option></term> +<listitem> +<para> +If disabled, do not allow <systemitem class="username">root</systemitem> +(and any other user with UID = 0) to log in directly. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allownullpasswd"><option>AllowNullPasswd</option></term> +<listitem> +<para> +If disabled, only users that have passwords assigned can log in. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowshutdown"><option>AllowShutdown</option></term> +<listitem> +<para> +Who is allowed to shut down the system. This applies both to the +greeter and to the command <acronym>FiFo</acronym>. +</para> +<variablelist> +<varlistentry> +<term><parameter>None</parameter></term> +<listitem><para>no <guilabel>Shutdown...</guilabel> menu entry is shown at all</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Root</parameter></term> +<listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>All</parameter></term> +<listitem><para>everybody can shut down the machine</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>All</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowsdforcenow"><option>AllowSdForceNow</option></term> +<listitem> +<para> +Who is allowed to abort active sessions when shutting down. +</para> +<variablelist> +<varlistentry> +<term><parameter>None</parameter></term> +<listitem><para>no forced shutdown is allowed at all</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Root</parameter></term> +<listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down forcibly</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>All</parameter></term> +<listitem><para>everybody can shut down the machine forcibly</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>All</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-defaultsdmode"><option>DefaultSdMode</option></term> +<listitem> +<para> +The default choice for the shutdown condition/timing. +</para> +<variablelist> +<varlistentry> +<term><parameter>Schedule</parameter></term> +<listitem><para>shut down after all active sessions exit (possibly at once)</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>TryNow</parameter></term> +<listitem><para>shut down, if no active sessions are open; otherwise, do nothing</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>ForceNow</parameter></term> +<listitem><para>shut down unconditionally</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>Schedule</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-scheduledsd"><option>ScheduledSd</option></term> +<listitem> +<para> +How to offer shutdown scheduling options: +</para> +<variablelist> +<varlistentry> +<term><parameter>Never</parameter></term> +<listitem><para>not at all</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Optional</parameter></term> +<listitem><para>as a button in the simple shutdown dialogs</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Always</parameter></term> +<listitem><para>instead of the simple shutdown dialogs</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>Never</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-nopassenable"><option>NoPassEnable</option></term> +<listitem> +<para> +Enable password-less logins on this display. <emphasis>Use with extreme care!</emphasis> +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-nopassusers"><option>NoPassUsers</option></term> +<listitem> +<para> +The users that do not need to provide a password to log in. +Items which are prefixed with <literal>@</literal> represent all users in the +user group named by that item. +<literal>*</literal> means all users but +<systemitem class="username">root</systemitem> +(and any other user with UID = 0). +<emphasis>Never</emphasis> list <systemitem class="username">root</systemitem>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologinenable"><option>AutoLoginEnable</option></term> +<listitem> +<para> +Enable automatic login. <emphasis>Use with extreme care!</emphasis> +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologinagain"><option>AutoLoginAgain</option></term> +<listitem> +<para> +If true, auto-login after logout. If false, auto-login is performed only +when a display session starts up. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologindelay"><option>AutoLoginDelay</option></term> +<listitem> +<para> +The delay in seconds before automatic login kicks in. This is also known as +<quote>Timed Login</quote>. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologinuser"><option>AutoLoginUser</option></term> +<listitem> +<para> +The user to log in automatically. <emphasis>Never</emphasis> specify <systemitem class="username">root</systemitem>! +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologinpass"><option>AutoLoginPass</option></term> +<listitem> +<para> +The password for the user to log in automatically. This is <emphasis>not</emphasis> required +unless the user is logged into a <acronym>NIS</acronym> or Kerberos domain. If you use this +option, you should <command>chmod <option>600</option> <filename>tdmrc</filename></command> for obvious reasons. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-autologinlocked"><option>AutoLoginLocked</option></term> +<listitem> +<para> +Immediately lock the automatically started session. This works only with +KDE sessions. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-sessionsdirs"><option>SessionsDirs</option></term> +<listitem> +<para> +A list of directories containing session type definitions. +</para> +<para>The default is <quote>${<envar>kde_datadir</envar>}/tdm/sessions</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-clientlogfile"><option>ClientLogFile</option></term> +<listitem> +<para> +The file (relative to the user's home directory) to redirect the session +output to. One occurrence of <parameter>%s</parameter> in this string will be +substituted with the display name. Use <parameter>%%</parameter> to obtain a +literal <literal>%</literal>. +</para> +<para>The default is <quote>.xsession-errors</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-usesessreg"><option>UseSessReg</option></term> +<listitem> +<para> +Specify whether &tdm;'s built-in utmp/wtmp/lastlog registration should +be used. If it is not, the tool <command>sessreg</command> should be used +in the <option>Startup</option> and <option>Reset</option> scripts, or, +alternatively, the pam_lastlog module should be used on +<acronym>PAM</acronym>-enabled systems. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +</variablelist> +</sect2> + + +<sect2 id="tdmrc-greeter"> +<title>The [X-*-Greeter] section class of &tdmrc;</title> + +<para> +This section class contains options concerning the configuration +of the &tdm; frontend (greeter). +</para> + +<variablelist> + +<varlistentry> +<term id="option-guistyle"><option>GUIStyle</option></term> +<listitem> +<para> +Specify the widget style for the greeter. Empty means to use the +built-in default which currently is <literal>Plastik</literal>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-colorscheme"><option>ColorScheme</option></term> +<listitem> +<para> +Specify the widget color scheme for the greeter. Empty means to use +the built-in default which currently is yellowish grey with some light +blue and yellow elements. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-logoarea"><option>LogoArea</option></term> +<listitem> +<para> +What should be shown in the greeter righthand of the input lines (if +<option>UserList</option> is disabled) or above them (if +<option>UserList</option> is enabled): +</para> +<variablelist> +<varlistentry> +<term><parameter>None</parameter></term> +<listitem><para>nothing</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Logo</parameter></term> +<listitem><para>the image specified by <option>LogoPixmap</option></para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Clock</parameter></term> +<listitem><para>a neat analog clock</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>Clock</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-logopixmap"><option>LogoPixmap</option></term> +<listitem> +<para> +The image to show in the greeter if <option>LogoArea</option> is +<literal>Logo</literal>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-greeterpos"><option>GreeterPos</option></term> +<listitem> +<para> +The relative coordinates (percentages of the screen size; X,Y) at which +the center of the greeter is put. &tdm; aligns the greeter to the edges +of the screen it would cross otherwise. +</para> +<para>The default is <quote>50,50</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-greeterscreen"><option>GreeterScreen</option></term> +<listitem> +<para> +The screen the greeter should be displayed on in multi-headed and Xinerama +setups. The numbering starts with 0. For Xinerama, it corresponds to the +listing order in the active ServerLayout section of XF86Config; -1 means +to use the upper-left screen, -2 means to use the upper-right screen. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-greetstring"><option>GreetString</option></term> +<listitem> +<para> +The headline in the greeter. An empty greeting means none at all. +</para><para> +The following character pairs are replaced by their value: +<variablelist> +<varlistentry> +<term><parameter>%d</parameter></term> +<listitem><para>name of the current display</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%h</parameter></term> +<listitem><para>local host name, possibly with the + domain name</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%n</parameter></term> +<listitem><para>local node name, most probably the host name without the + domain name</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%s</parameter></term> +<listitem><para>operating system</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%r</parameter></term> +<listitem><para>operating system version</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%m</parameter></term> +<listitem><para>machine (hardware) type</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>%%</parameter></term> +<listitem><para>a single <literal>%</literal></para></listitem> +</varlistentry> +</variablelist> +</para> +<para>The default is <quote>Welcome to %s at %n</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-antialiasing"><option>AntiAliasing</option></term> +<listitem> +<para> +Whether the fonts used in the greeter should be antialiased. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-greetfont"><option>GreetFont</option></term> +<listitem> +<para> +The font for the greeter headline. +</para> +<para>The default is <quote>Serif,20,bold</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-stdfont"><option>StdFont</option></term> +<listitem> +<para> +The normal font used in the greeter. +</para> +<para>The default is <quote>Sans Serif,10</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-failfont"><option>FailFont</option></term> +<listitem> +<para> +The font used for the <quote>Login Failed</quote> message. +</para> +<para>The default is <quote>Sans Serif,10,bold</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-numlock"><option>NumLock</option></term> +<listitem> +<para> +What to do with the Num Lock modifier for the time the greeter is running: +</para> +<variablelist> +<varlistentry> +<term><parameter>Off</parameter></term> +<listitem><para>turn off</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>On</parameter></term> +<listitem><para>turn on</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Keep</parameter></term> +<listitem><para>do not change the state</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>Keep</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-language"><option>Language</option></term> +<listitem> +<para> +Language and locale to use in the greeter, encoded like $<envar>LC_LANG</envar>. +</para> +<para>The default is <quote>en_US</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-usercompletion"><option>UserCompletion</option></term> +<listitem> +<para> +Enable autocompletion in the username line edit. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-userlist"><option>UserList</option></term> +<listitem> +<para> +Show a user list with unix login names, real names, and images in the greeter. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-showusers"><option>ShowUsers</option></term> +<listitem> +<para> +This option controls which users will be shown in the user view +(<option>UserList</option>) and/or offered for autocompletion +(<option>UserCompletion</option>). +If it is <literal>Selected</literal>, <option>SelectedUsers</option> contains +the final list of users. +If it is <literal>NotHidden</literal>, the initial user list contains all users +found on the system. Users contained in <option>HiddenUsers</option> are +removed from the list, just like all users with a UID greater than specified +in <option>MaxShowUID</option> and users with a non-zero UID less than +specified in <option>MinShowUID</option>. +Items in <option>SelectedUsers</option> and <option>HiddenUsers</option> +which are prefixed with <literal>@</literal> represent all users in the +user group named by that item. +Finally, the user list will be sorted alphabetically, if +<option>SortUsers</option> is enabled. +</para> +<para>The default is <quote>NotHidden</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-selectedusers"><option>SelectedUsers</option></term> +<listitem> +<para> +See <option>ShowUsers</option>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-hiddenusers"><option>HiddenUsers</option></term> +<listitem> +<para> +See <option>ShowUsers</option>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-minshowuid"><option>MinShowUID</option></term> +<listitem> +<para> +See <option>ShowUsers</option>. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-maxshowuid"><option>MaxShowUID</option></term> +<listitem> +<para> +See <option>ShowUsers</option>. +</para> +<para>The default is <quote>65535</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-sortusers"><option>SortUsers</option></term> +<listitem> +<para> +See <option>ShowUsers</option>. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-facesource"><option>FaceSource</option></term> +<listitem> +<para> +If <option>UserList</option> is enabled, this specifies where &tdm; gets the +images from: +</para> +<variablelist> +<varlistentry> +<term><parameter>AdminOnly</parameter></term> +<listitem><para>from <filename><<option>FaceDir</option>>/$<envar>USER</envar>.face[.icon]</filename></para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>PreferAdmin</parameter></term> +<listitem><para>prefer <<option>FaceDir</option>>, fallback on $<envar>HOME</envar></para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>PreferUser</parameter></term> +<listitem><para>... and the other way round</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>UserOnly</parameter></term> +<listitem><para>from the user's <filename>$<envar>HOME</envar>/.face[.icon]</filename></para></listitem> +</varlistentry> +</variablelist> + +<para> +The images can be in any format Qt recognizes, but the filename +must match &tdm;'s expectations: <literal>.face.icon</literal> should be a +48x48 icon, while <literal>.face</literal> should be a 300x300 image. +Currently the big image is used only as a fallback and is scaled down, +but in the future it might be displayed full-size in the logo area or a +tooltip. +</para> +<para>The default is <quote>AdminOnly</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-facedir"><option>FaceDir</option></term> +<listitem> +<para> +See <option>FaceSource</option>. +</para> +<para>The default is <quote>${<envar>kde_datadir</envar>}/tdm/faces</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-preselectuser"><option>PreselectUser</option></term> +<listitem> +<para> +Specify, if/which user should be preselected for log in: +</para> +<variablelist> +<varlistentry> +<term><parameter>None</parameter></term> +<listitem><para>do not preselect any user</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Previous</parameter></term> +<listitem><para>the user which successfully logged in last time</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>Default</parameter></term> +<listitem><para>the user specified in the <option>DefaultUser</option> option</para></listitem> +</varlistentry> +</variablelist> + +<para> +If <option>FocusPasswd</option> is enabled and a user was preselected, +the cursor is placed in the password input field automatically. +</para> +<note><para>Enabling user preselection can be considered a security hole, +as it presents a valid login name to a potential attacker, so he +<quote>only</quote> needs to guess the password. On the other hand, +one could set <option>DefaultUser</option> to a fake login name.</para></note> +<para> +</para> +<para>The default is <quote>None</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-defaultuser"><option>DefaultUser</option></term> +<listitem> +<para> +See <option>PreselectUser</option>. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-focuspasswd"><option>FocusPasswd</option></term> +<listitem> +<para> +See <option>PreselectUser</option>. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-echomode"><option>EchoMode</option></term> +<listitem> +<para> +The password input fields cloak the typed in text. Specify, how to do it: +</para> +<variablelist> +<varlistentry> +<term><parameter>OneStar</parameter></term> +<listitem><para><literal>*</literal> is shown for every typed +character</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>ThreeStars</parameter></term> +<listitem><para><literal>***</literal> is shown for every typed +character</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>NoEcho</parameter></term> +<listitem><para>nothing is shown at all, the cursor does not move</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>OneStar</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-usebackground"><option>UseBackground</option></term> +<listitem> +<para> +If enabled, &tdm; will automatically start the <command>krootimage</command> +program to set up the background; otherwise, the <option>Setup</option> +program is responsible for the background. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-backgroundcfg"><option>BackgroundCfg</option></term> +<listitem> +<para> +The configuration file to be used by <command>krootimage</command>. +It contains a section named <literal>[Desktop0]</literal> like +<filename>kdesktoprc</filename> does. Its options are not described +herein; guess their meanings or use the control center. +</para> +<para>The default is <quote>${<envar>kde_confdir</envar>}/tdm/backgroundrc</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-grabserver"><option>GrabServer</option></term> +<listitem> +<para> +To improve security, the greeter grabs the &X-Server; and then the keyboard +when it starts up. This option specifies if the &X-Server; grab should be held +for the duration of the name/password reading. When disabled, the &X-Server; +is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is +grabbed until just before the session begins. +</para> +<note><para>Enabling this option disables <option>UseBackground</option> and +<option>Setup</option>.</para></note> +<para> +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-grabtimeout"><option>GrabTimeout</option></term> +<listitem> +<para> +This option specifies the maximum time &tdm; will wait for the grabs to +succeed. A grab may fail if some other X-client has the &X-Server; or the +keyboard grabbed, or possibly if the network latencies are very high. You +should be cautious when raising the timeout, as a user can be spoofed by +a look-alike window on the display. If a grab fails, &tdm; kills and +restarts the &X-Server; (if possible) and the session. +</para> +<para>The default is <quote>3</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-authcomplain"><option>AuthComplain</option></term> +<listitem> +<para> +Warn, if a display has no X-authorization. This will be the case if +<itemizedlist> + <listitem><para> + the authorization file for a local &X-Server; could not be created, + </para></listitem> + <listitem><para> + a remote display from &XDMCP; did not request any authorization or + </para></listitem> + <listitem><para> + the display is a <quote>foreign</quote> display specified in + <option>StaticServers</option>. + </para></listitem> +</itemizedlist> +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-loginmode"><option>LoginMode</option></term> +<listitem> +<para> +Specify whether the greeter of local displays should start up in host chooser +(remote) or login (local) mode and whether it is allowed to switch to the +other mode. +</para> +<variablelist> +<varlistentry> +<term><parameter>LocalOnly</parameter></term> +<listitem><para>only local login possible</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>DefaultLocal</parameter></term> +<listitem><para>start up in local mode, but allow switching to remote mode</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>DefaultRemote</parameter></term> +<listitem><para>... and the other way round</para></listitem> +</varlistentry> +<varlistentry> +<term><parameter>RemoteOnly</parameter></term> +<listitem><para>only choice of remote host possible</para></listitem> +</varlistentry> +</variablelist> +<para>The default is <quote>LocalOnly</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-chooserhosts"><option>ChooserHosts</option></term> +<listitem> +<para> +A list of hosts to be automatically added to the remote login menu. +The special name <literal>*</literal> means broadcast. +Has no effect if <option>LoginMode</option> is <literal>LocalOnly</literal>. +</para> +<para>The default is <quote>*</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-forgingseed"><option>ForgingSeed</option></term> +<listitem> +<para> +Use this number as a random seed when forging saved session types, etc. of +unknown users. This is used to avoid telling an attacker about existing users +by reverse conclusion. This value should be random but constant across the +login domain. +</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-showlog"><option>ShowLog</option></term> +<listitem> +<para> +Enable &tdm;'s built-in <command>xconsole</command>. +Note that this can be enabled for only one display at a time. +This option is available only if &tdm; was <command>configure</command>d +with <option>--enable-tdm-xconsole</option>. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-logsource"><option>LogSource</option></term> +<listitem> +<para> +The data source for &tdm;'s built-in <command>xconsole</command>. +If empty, a console log redirection is requested from +<filename>/dev/console</filename>. +Has no effect if <option>ShowLog</option> is disabled. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pluginslogin"><option>PluginsLogin</option></term> +<listitem> +<para> +Specify conversation plugins for the login dialog; the first in the list +is selected initially. +Each plugin can be specified as a base name (which expands to +<filename>$<envar>kde_modulesdir</envar>/kgreet_<replaceable>base</replaceable></filename>) +or as a full pathname. +</para><para> +Conversation plugins are modules for the greeter which obtain authentication +data from the user. Currently only the <literal>classic</literal> plugin is +shipped with &kde;; it presents the well-known username and password form. +</para> +<para>The default is <quote>classic</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pluginsshutdown"><option>PluginsShutdown</option></term> +<listitem> +<para> +Same as <option>PluginsLogin</option>, but for the shutdown dialog. +</para> +<para>The default is <quote>classic</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-pluginoptions"><option>PluginOptions</option></term> +<listitem> +<para> +A list of options of the form +<replaceable>Key</replaceable><literal>=</literal><replaceable>Value</replaceable>. +The conversation plugins can query these settings; it is up to them what +possible keys are. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowconsole"><option>AllowConsole</option></term> +<listitem> +<para> +Show the <guilabel>Console Login</guilabel> action in the greeter (if <option>ServerTTY</option>/<option>ConsoleTTYs</option> +is configured). +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-allowclose"><option>AllowClose</option></term> +<listitem> +<para> +Show the <guilabel>Restart X Server</guilabel>/<guilabel>Close Connection</guilabel> action in the greeter. +</para> +<para>The default is <quote>true</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-preloader"><option>Preloader</option></term> +<listitem> +<para> +A program to run while the greeter is visible. It is supposed to preload +as much as possible of the session that is going to be started (most +probably). +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-usetheme"><option>UseTheme</option></term> +<listitem> +<para> +Whether the greeter should be themed. +</para> +<para>The default is <quote>false</quote>.</para> +</listitem> +</varlistentry> + +<varlistentry> +<term id="option-theme"><option>Theme</option></term> +<listitem> +<para> +The theme to use for the greeter. Can point to either a directory or an XML +file. +</para> +<para>Empty by default.</para> +</listitem> +</varlistentry> + +</variablelist> +</sect2> + + + +</sect1> + +<sect1 id="tdmrc-xservers"> +<title>Specifying permanent &X-Server;s</title> + +<para>Each entry in the <option>StaticServers</option> list indicates a +display which should constantly be +managed and which is not using &XDMCP;. This method is typically used only for +local &X-Server;s that are started by &tdm;, but &tdm; can manage externally +started (<quote>foreign</quote>) &X-Server;s as well, may they run on the +local machine or rather remotely.</para> + +<para>The formal syntax of a specification is +<screen> +<userinput><replaceable>display name</replaceable> [<literal>_</literal><replaceable>display class</replaceable>]</userinput> +</screen> +for all &X-Server;s. <quote>Foreign</quote> displays differ in having +a host name in the display name, may it be <literal>localhost</literal>.</para> + +<para>The <replaceable>display name</replaceable> must be something that can +be passed in the <option>-display</option> option to an X program. This string +is used to generate the display-specific section names, so be careful to match +the names. +The display name of &XDMCP; displays is derived from the display's address by +reverse host name resolution. For configuration purposes, the +<literal>localhost</literal> prefix from locally running &XDMCP; displays is +<emphasis>not</emphasis> stripped to make them distinguishable from local +&X-Server;s started by &tdm;.</para> + +<para>The <replaceable>display class</replaceable> portion is also used in the +display-specific sections. This is useful if you have a large collection of +similar displays (such as a corral of X terminals) and would like to set +options for groups of them. +When using &XDMCP;, the display is required to specify the display class, +so the manual for your particular X terminal should document the display +class string for your device. If it does not, you can run &tdm; in debug +mode and <command>grep</command> the log for <quote>class</quote>.</para> + +<para>The displays specified in <option>ReserveServers</option> will not be +started when &tdm; starts up, but when it is explicitly requested via +the command socket (or <acronym>FiFo</acronym>). +If reserve displays are specified, the &kde; menu will have a +<guilabel>Start New Session</guilabel> item near the bottom; use that to +activate a reserve display with a new login session. The monitor will switch +to the new display, and you will have a minute to login. If there are no more +reserve displays available, the menu item will be disabled.</para> + +<para>When &tdm; starts a session, it sets up authorization data for the +&X-Server;. For local servers, &tdm; passes +<command><option>-auth</option> <filename><replaceable>filename</replaceable></filename></command> +on the &X-Server;'s command line to point it at its authorization data. +For &XDMCP; displays, &tdm; passes the authorization data to the &X-Server; +via the <quote>Accept</quote> &XDMCP; message.</para> + +</sect1> + +<sect1 id="tdmrc-xaccess"> +<title>&XDMCP; access control</title> + +<para>The file specified by the <option>AccessFile</option> option provides +information which &tdm; uses to control access from displays requesting service +via &XDMCP;. +The file contains four types of entries: entries which control the response +to <quote>Direct</quote> and <quote>Broadcast</quote> queries, entries which +control the response to <quote>Indirect</quote> queries, macro definitions for +<quote>Indirect</quote> entries, and entries which control on which network +interfaces &tdm; listens for &XDMCP; queries. +Blank lines are ignored, <literal>#</literal> is treated as a comment +delimiter causing the rest of that line to be ignored, and <literal>\</literal> +causes an immediately following newline to be ignored, allowing indirect host +lists to span multiple lines. +</para> + +<para>The format of the <quote>Direct</quote> entries is simple, either a +host name or a pattern, which is compared against the host name of the display +device. +Patterns are distinguished from host names by the inclusion of one or more +meta characters; <literal>*</literal> matches any sequence of 0 or more +characters, and <literal>?</literal> matches any single character. +If the entry is a host name, all comparisons are done using network addresses, +so any name which converts to the correct network address may be used. Note +that only the first network address returned for a host name is used. +For patterns, only canonical host names are used in the comparison, so ensure +that you do not attempt to match aliases. +Host names from &XDMCP; queries always contain the local domain name +even if the reverse lookup returns a short name, so you can use +patterns for the local domain. +Preceding the entry with a <literal>!</literal> character causes hosts which +match that entry to be excluded. +To only respond to <quote>Direct</quote> queries for a host or pattern, +it can be followed by the optional <literal>NOBROADCAST</literal> keyword. +This can be used to prevent a &tdm; server from appearing on menus based on +<quote>Broadcast</quote> queries.</para> + +<para>An <quote>Indirect</quote> entry also contains a host name or pattern, +but follows it with a list of host names or macros to which the queries +should be forwarded. <quote>Indirect</quote> entries can be excluding as well, +in which case a (valid) dummy host name must be supplied to make the entry +distinguishable from a <quote>Direct</quote> entry. +If compiled with IPv6 support, multicast address groups may also be included +in the list of addresses the queries are forwarded to. +<!-- Not actually implemented! +Multicast addresses may be followed by an optional <literal>/</literal> +character and hop count. If no hop count is specified, the multicast hop count +defaults to 1, keeping the packet on the local network. For IPv4 multicasting, +the hop count is used as the TTL. +--> +If the indirect host list contains the keyword <literal>CHOOSER</literal>, +<quote>Indirect</quote> queries are not forwarded, but instead a host chooser +dialog is displayed by &tdm;. The chooser will send a <quote>Direct</quote> +query to each of the remaining host names in the list and offer a menu of +all the hosts that respond. The host list may contain the keyword +<literal>BROADCAST</literal>, to make the chooser send a +<quote>Broadcast</quote> query as well; note that on some operating systems, +UDP packets cannot be broadcast, so this feature will not work. +</para> + +<para>When checking access for a particular display host, each entry is scanned +in turn and the first matching entry determines the response. +<quote>Direct</quote> and <quote>Broadcast</quote> entries are ignored when +scanning for an <quote>Indirect</quote> entry and vice-versa.</para> + +<para>A macro definition contains a macro name and a list of host names and +other macros that the macro expands to. To distinguish macros from hostnames, +macro names start with a <literal>%</literal> character.</para> + +<para>The last entry type is the <literal>LISTEN</literal> directive. +The formal syntax is +<screen> +<userinput> <literal>LISTEN</literal> [<replaceable>interface</replaceable> [<replaceable>multicast list</replaceable>]]</userinput> +</screen> +If one or more <literal>LISTEN</literal> lines are specified, &tdm; listens +for &XDMCP; requests only on the specified interfaces. +<replaceable>interface</replaceable> may be a hostname or IP address +representing a network interface on this machine, or the wildcard +<literal>*</literal> to represent all available network interfaces. +If multicast group addresses are listed on a <literal>LISTEN</literal> line, +&tdm; joins the multicast groups on the given interface. For IPv6 multicasts, +the IANA has assigned ff0<replaceable>X</replaceable>:0:0:0:0:0:0:12b as the +permanently assigned range of multicast addresses for &XDMCP;. The +<replaceable>X</replaceable> in the prefix may be replaced by any valid scope +identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and +so on (see IETF RFC 2373 or its replacement for further details and scope +definitions). &tdm; defaults to listening on the Link-Local scope address +ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior. +If no <literal>LISTEN</literal> lines are given, &tdm; listens on all +interfaces and joins the default &XDMCP; IPv6 multicast group (when +compiled with IPv6 support). +To disable listening for &XDMCP; requests altogether, a +<literal>LISTEN</literal> line with no addresses may be specified, but using +the <literal>[Xdmcp]</literal> <option>Enable</option> option is preferred. +</para> + +</sect1> + +<sect1 id="tdm-scripts"> +<title>Supplementary programs</title> + +<para> +The following programs are run by &tdm; at various stages of a session. +They typically are shell scripts. +</para> + +<para> +The Setup, Startup and Reset programs are run as +<systemitem class="username">root</systemitem>, so they should be careful +about security. +Their first argument is <literal>auto</literal> if the session results +from an automatic login; otherwise, no arguments are passed to them. +</para> + +<sect2 id="tdmrc-xsetup"> +<title>Setup program</title> + +<para> +The <filename>Xsetup</filename> program is run after the &X-Server; is +started or reset, but before the greeter is offered. +This is the place to change the root background (if +<option>UseBackground</option> is disabled) or bring up other windows that +should appear on the screen along with the greeter. +</para> + +<para> +In addition to any specified by <option>ExportList</option>, +the following environment variables are passed:</para> +<variablelist> + <varlistentry> + <term>DISPLAY</term> + <listitem><para>the associated display name</para></listitem> + </varlistentry> + <varlistentry> + <term>PATH</term> + <listitem><para>the value of <option>SystemPath</option></para></listitem> + </varlistentry> + <varlistentry> + <term>SHELL</term> + <listitem><para>the value of <option>SystemShell</option></para></listitem> + </varlistentry> + <varlistentry> + <term>XAUTHORITY</term> + <listitem><para>may be set to an authority file</para></listitem> + </varlistentry> + <varlistentry> + <term>DM_CONTROL</term> + <listitem><para>the value of <option>FifoDir</option></para></listitem> + </varlistentry> +</variablelist> + +<para> Note that since &tdm; grabs the keyboard, any other windows will not be +able to receive keyboard input. They will be able to interact with the mouse, +however; beware of potential security holes here. If <option>GrabServer</option> +is set, <filename>Xsetup</filename> will not be able to connect to the display +at all. Resources for this program can be put into the file named by +<option>Resources</option>. +</para> + +</sect2> + +<sect2 id="tdmrc-xstartup"> +<title>Startup program</title> + +<para>The <filename>Xstartup</filename> program is run as +<systemitem class="username">root</systemitem> when the user logs in. +This is the place to put commands which add entries to +<filename>utmp</filename> (the <command>sessreg</command> program +may be useful here), mount users' home directories from file servers, +or abort the session if some requirements are not met (but note that on +modern systems, many of these tasks are already taken care of by +<acronym>PAM</acronym> modules).</para> + +<para>In addition to any specified by <option>ExportList</option>, +the following environment variables are passed:</para> +<variablelist> + <varlistentry> + <term>DISPLAY</term> + <listitem><para>the associated display name</para></listitem> + </varlistentry> + <varlistentry> + <term>HOME</term> + <listitem><para>the initial working directory of the user</para></listitem> + </varlistentry> + <varlistentry> + <term>LOGNAME</term> + <listitem><para>the username</para></listitem> + </varlistentry> + <varlistentry> + <term>USER</term> + <listitem><para>the username</para></listitem> + </varlistentry> + <varlistentry> + <term>PATH</term> + <listitem><para>the value of <option>SystemPath</option></para></listitem> + </varlistentry> + <varlistentry> + <term>SHELL</term> + <listitem><para>the value of <option>SystemShell</option></para></listitem> + </varlistentry> + <varlistentry> + <term>XAUTHORITY</term> + <listitem><para>may be set to an authority file</para></listitem> + </varlistentry> + <varlistentry> + <term>DM_CONTROL</term> + <listitem><para>the value of <option>FifoDir</option></para></listitem> + </varlistentry> +</variablelist> + +<para>&tdm; waits until this program exits before starting the user session. +If the exit value of this program is non-zero, &tdm; discontinues the session +and starts another authentication cycle.</para> + +</sect2> + +<sect2 id="tdmrc-xsession"> +<title>Session program</title> + +<para>The <filename>Xsession</filename> program is the command which is run +as the user's session. It is run with the permissions of the authorized user. +One of the keywords <literal>failsafe</literal>, <literal>default</literal> +or <literal>custom</literal>, or a string to <command>eval</command> by a +Bourne-compatible shell is passed as the first argument.</para> + +<para>In addition to any specified by <option>ExportList</option>, +the following environment variables are passed:</para> +<variablelist> + <varlistentry> + <term>DISPLAY</term> + <listitem><para>the associated display name</para></listitem> + </varlistentry> + <varlistentry> + <term>HOME</term> + <listitem><para>the initial working directory of the user</para></listitem> + </varlistentry> + <varlistentry> + <term>LOGNAME</term> + <listitem><para>the username</para></listitem> + </varlistentry> + <varlistentry> + <term>USER</term> + <listitem><para>the username</para></listitem> + </varlistentry> + <varlistentry> + <term>PATH</term> + <listitem><para>the value of <option>UserPath</option> + (or <option>SystemPath</option> for + <systemitem class="username">root</systemitem> user sessions)</para> + </listitem> + </varlistentry> + <varlistentry> + <term>SHELL</term> + <listitem><para>the user's default shell</para></listitem> + </varlistentry> + <varlistentry> + <term>XAUTHORITY</term> + <listitem><para>may be set to a non-standard authority file</para></listitem> + </varlistentry> + <varlistentry> + <term>KRBTKFILE</term> + <listitem><para>may be set to a Kerberos4 credentials cache name</para> + </listitem> + </varlistentry> + <varlistentry> + <term>KRB5CCNAME</term> + <listitem><para>may be set to a Kerberos5 credentials cache name</para> + </listitem> + </varlistentry> + <varlistentry> + <term>DM_CONTROL</term> + <listitem><para>the value of <option>FifoDir</option></para></listitem> + </varlistentry> + <varlistentry> + <term>XDM_MANAGED</term> + <listitem><para>will contain a comma-separated list of parameters the + session might find interesting, like the location of the command + <acronym>FiFo</acronym> and its capabilities, and which conversation + plugin was used for the login</para> + </listitem> + </varlistentry> + <varlistentry> + <term>DESKTOP_SESSION</term> + <listitem><para>the name of the session the user has chosen to run</para> + </listitem> + </varlistentry> +</variablelist> + +</sect2> + +<sect2 id="tdmrc-xreset"> +<title>Reset program</title> + +<para>Symmetrical with <filename>Xstartup</filename>, the +<filename>Xreset</filename> program is run after the user session has +terminated. Run as <systemitem class="username">root</systemitem>, it should +contain commands that undo the effects of commands in +<filename>Xstartup</filename>, removing entries from <filename>utmp</filename> +or unmounting directories from file servers.</para> + +<para>The environment variables that were passed to +<filename>Xstartup</filename> are also passed to <filename>Xreset</filename>. +</para> + +</sect2> + +</sect1> + +</chapter> |