summaryrefslogtreecommitdiffstats
path: root/doc/tdm
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2012-01-22 01:02:36 -0600
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2012-01-22 01:02:36 -0600
commitb81e43465b14836b17e4fe2dea91c78a2bdd29b3 (patch)
tree7815d61ce59a6ccb6e655ed44f5fea786f520985 /doc/tdm
parent7021f40c13f949b7cb5ded32d0241d648a43bf6c (diff)
downloadtdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.tar.gz
tdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.zip
Part 2 of prior commit
Diffstat (limited to 'doc/tdm')
-rw-r--r--doc/tdm/CMakeLists.txt12
-rw-r--r--doc/tdm/Makefile.am6
-rw-r--r--doc/tdm/index.docbook1472
-rw-r--r--doc/tdm/tdmrc-ref.docbook2316
4 files changed, 3806 insertions, 0 deletions
diff --git a/doc/tdm/CMakeLists.txt b/doc/tdm/CMakeLists.txt
new file mode 100644
index 000000000..9a29fa8f8
--- /dev/null
+++ b/doc/tdm/CMakeLists.txt
@@ -0,0 +1,12 @@
+#################################################
+#
+# (C) 2010-2011 Serghei Amelian
+# serghei (DOT) amelian (AT) gmail.com
+#
+# Improvements and feedback are welcome
+#
+# This file is released under GPL >= 2
+#
+#################################################
+
+tde_create_handbook( DESTINATION tdm )
diff --git a/doc/tdm/Makefile.am b/doc/tdm/Makefile.am
new file mode 100644
index 000000000..3db537e3f
--- /dev/null
+++ b/doc/tdm/Makefile.am
@@ -0,0 +1,6 @@
+conf_def = $(top_srcdir)/tdm/config.def
+ref: $(conf_def) $(top_srcdir)/tdm/confproc.pl
+ $(PERL) -w $(top_srcdir)/tdm/confproc.pl --doc $(conf_def) tdmrc-ref.docbook
+
+KDE_LANG = en
+KDE_DOCS = AUTO
diff --git a/doc/tdm/index.docbook b/doc/tdm/index.docbook
new file mode 100644
index 000000000..dde535328
--- /dev/null
+++ b/doc/tdm/index.docbook
@@ -0,0 +1,1472 @@
+<?xml version="1.0" ?>
+<!DOCTYPE book PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
+"dtd/kdex.dtd" [
+ <!ENTITY kappname "&tdm;">
+ <!ENTITY package "tdebase">
+ <!ENTITY tdmrc "<filename>tdmrc</filename>">
+ <!ENTITY ksmserver "<application>ksmserver</application>">
+ <!ENTITY kdesktop "<application>kdesktop</application>">
+ <!ENTITY XDMCP "<acronym>XDMCP</acronym>">
+ <!ENTITY xdm "<application>xdm</application>">
+ <!ENTITY tdmrc-ref SYSTEM "tdmrc-ref.docbook">
+ <!ENTITY % addindex "INCLUDE">
+ <!ENTITY % English "INCLUDE" > <!-- change language only here -->
+]>
+
+<book lang="&language;">
+<bookinfo>
+<title>The &tdm; Handbook</title>
+
+<authorgroup>
+<author>
+&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;
+</author><!--
+<othercredit role="developer">
+&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;
+<contrib>Developer</contrib>
+</othercredit>
+<othercredit role="reviewer">
+&Lauri.Watts; &Lauri.Watts.mail;
+<contrib>Reviewer</contrib>
+</othercredit> -->
+
+<!-- TRANS:ROLES_OF_TRANSLATORS -->
+
+</authorgroup>
+
+<copyright>
+<year>2000</year>
+<holder>&Neal.Crook;</holder>
+</copyright>
+
+<copyright>
+<year>2002</year>
+<holder>&Oswald.Buddenhagen;</holder>
+</copyright>
+
+<copyright>
+<year>2003</year>
+<holder>&Lauri.Watts;</holder>
+</copyright>
+
+<date>2003-03-01</date>
+<releaseinfo>0.05.02</releaseinfo>
+
+<abstract>
+<para>This document describes &tdm; the &kde; Display Manager. &tdm;
+is also known as the <quote>Login Manager</quote>.</para>
+</abstract>
+
+<keywordset>
+<keyword>KDE</keyword>
+<keyword>tdm</keyword>
+<keyword>xdm</keyword>
+<keyword>display manager</keyword>
+<keyword>login manager</keyword>
+</keywordset>
+</bookinfo>
+
+<!-- ********************************************************************** -->
+<chapter id="introduction">
+<title>Introduction</title>
+
+<para>&tdm; provides a graphical interface that allows you to log in to a
+system. It prompts for login (username) and password, authenticates the user
+and starts a <quote>session</quote>. &tdm; is superior to &xdm;, the X
+Display Manager, in a number of ways.</para>
+
+</chapter>
+
+<!-- Chapters to write -->
+<!-- * Just enough config to get it to run and login to KDE
+ * Adding more session types (GNOME, etc)
+ * Adding other customizations to XSession (ssh/gpg-agent, etc)
+ * Further customization to TDM (via the kcontrol module, and by
+ hand)
+ * XDMCP by query
+ * XDMCP by broadcast
+ * Sound transparency (if Ade can tell me how!)
+ * Document all Keys in the Config File
+ * Pull in all options from the KControl Module
+ * More resources
+-->
+
+<chapter id="quickstart">
+<title>Quick Start Guide</title>
+
+<para>This is a quick start guide for users who fit the following
+pattern:</para>
+
+<itemizedlist>
+<listitem>
+<para>X is configured and works with the command
+<command>startx</command> from the commandline.</para>
+</listitem>
+<listitem>
+<para>Each user will generally only use a single window manager or
+desktop environment, and does not change this choice very
+often, or is comfortable editing a single text file in order to change
+their choice.</para>
+</listitem>
+</itemizedlist>
+
+<para>This scenario will be sufficient for many environments where a single
+user or several users normally boot the computer and log into their
+preferred environment.</para>
+
+<procedure>
+<title>Setting up a Default Session</title>
+<step>
+<para>Create or open the file <filename>~/.xinitrc</filename></para>
+<para>If you already have a working <filename>~/.xinitrc</filename>, go to
+the next step</para>
+</step>
+<step>
+<para>If one does not already exist, add a line to the
+<filename>~/.xinitrc</filename> to start your preferred window manager
+or desktop environment.</para>
+<para>For &kde; you should enter:</para>
+<screen><userinput>starttde</userinput></screen>
+<para>For other window managers or desktop environments, you should
+look in their documentation for the correct command.</para>
+</step>
+<step><para>Make a link as follows:</para>
+<screen><userinput><command>ln</command> <option>-s</option> <parameter>~/.xinitrc ~/.xsession</parameter></userinput></screen>
+</step>
+</procedure>
+
+<para>At this point, typing <userinput><command>startx</command></userinput>
+on the commandline should start X, with a &kde; session. The next task is
+to try &tdm;.</para>
+
+<para>As <systemitem class="username">root</systemitem>, type
+<userinput><command>tdm</command></userinput> at the prompt.</para>
+
+<para>You should see a login window, which is described more fully in <xref
+linkend="login" />.</para>
+
+<para>Typing your normal username and password in the fields provided, and
+leaving <option>default</option> selected as the session type should now
+open a &kde; session for your user.</para>
+
+<para>If you have other users to configure, you should repeat the procedure
+above for each of them.</para>
+
+<note>
+<para>This is a quick guide to getting up and running only. You probably
+will want to customize &tdm; further, for example, to hide the names of the
+system accounts, to allow further sessions, and much more. Please read
+through the rest of this manual to find out how to do these things.</para>
+</note>
+
+</chapter>
+
+<chapter id="login">
+<title>The Login Window</title>
+
+<para> The user interface to &tdm; consists of two dialog boxes. The main
+dialog box has these controls:</para>
+
+<itemizedlist>
+<listitem>
+<para>A <guilabel>Username:</guilabel> field for you to enter your
+username.</para>
+</listitem>
+
+<listitem>
+<para>A <guilabel>Password:</guilabel> field for you to enter your
+password.</para>
+</listitem>
+
+<listitem>
+<para>(Optionally) a graphical image of each user (for example, a digitized
+photograph). Clicking on an image is equivalent to typing the associated
+username into the <guilabel>Username:</guilabel> field. (This feature is an
+imitation of the login box on &IRIX;).</para>
+</listitem>
+
+<listitem>
+<para>A <guilabel>Menu</guilabel> drop down box that allows &tdm; to be used
+to start sessions with various different window managers or desktop
+environments installed on the system.</para>
+</listitem>
+
+<listitem>
+<para>(Optionally) a region to the right of the
+<guilabel>Username:</guilabel>, <guilabel>Password:</guilabel> and
+<guilabel>Session Type:</guilabel> fields which can be used to display
+either a static image or an analog clock.</para>
+</listitem>
+
+<listitem>
+<para>A <guibutton>Login</guibutton> button that validates the
+username/password combination and attempts to start a session of the
+selected type.</para>
+</listitem>
+
+<listitem>
+<para>A <guibutton>Clear</guibutton> button that clears the text from
+the <guilabel>Login</guilabel> and <guilabel>Pass</guilabel>
+fields.</para>
+</listitem>
+
+<listitem>
+<para>A <guibutton>Menu</guibutton> button that opens an action menu
+with the following items:</para>
+
+<itemizedlist>
+<listitem>
+<para>(On local displays) A <guimenuitem>Restart X Server</guimenuitem> item
+that terminates the currently running &X-Server;, starts a new one and
+displays the login dialog again. You can use this if the display content
+seems to be broken somehow.</para>
+</listitem>
+
+<listitem>
+<para>(On remote displays) A <guimenuitem>Close Connection</guimenuitem>
+item that closes the connection to the &XDMCP; server you are currently
+connected to. If you got to this server through a host chooser, this will
+bring you back to the chooser, otherwise it will only reset the &X-Server;
+and bring up the login dialog again.</para>
+</listitem>
+
+<listitem>
+<para>(Optionally on local displays) A <guimenuitem>Console
+Mode</guimenuitem> item that terminates the currently running &X-Server; and
+leaves you alone with a console login. &tdm; will resume the graphical login
+if nobody is logged in at the console for some time.</para>
+</listitem>
+</itemizedlist>
+</listitem>
+
+<listitem>
+<para>(Optionally) A <guibutton>Shutdown</guibutton> button that displays
+the <guilabel>Shutdown</guilabel> dialog box.</para>
+</listitem>
+</itemizedlist>
+
+<para>The <guilabel>Shutdown</guilabel> dialog box presents a set of
+radio buttons that allow one of these options to be selected:</para>
+
+<variablelist>
+<varlistentry>
+<term>Shutdown</term>
+<listitem>
+<para>Shut the system down in a controlled manner, ready for
+power-down.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>Restart</term>
+<listitem>
+<para>Shut the system down and reboot. For systems that use
+<application>Lilo</application>, an optional drop down box allows you to
+select a particular operating-system kernel to be used for the
+reboot.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>Restart X Server</term>
+<listitem>
+<para>Stop and then restart the X-server. Typically, you might need to use
+this option if you have changed your X11 configuration in some way.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>Console Mode</term>
+<listitem>
+<para>Stop the &X-Server; and return the system to console mode. This is
+achieved by bringing the system down to runlevel 3. Typically, the system
+manager might need to use this option before upgrading or re-configuring X11
+software.</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+<para>Pressing the <guibutton>OK</guibutton> button initiates the selected
+action; pressing the <guibutton>Cancel</guibutton> button returns to the
+main &tdm; dialog box. </para>
+
+</chapter>
+
+<!-- *********************************************************************** -->
+<chapter id="configuring-tdm">
+<title>Configuring &tdm;</title>
+
+<para>This chapter assumes that &tdm; is already up and running on your
+system, and that you simply want to change its behavior in some way.</para>
+
+<para>When &tdm; starts up, it reads its configuration from the folder
+<filename class="directory">$TDEDIR/share/config/tdm/</filename> (this may
+be <filename class="directory">/etc/trinity/tdm/</filename> or something else
+on your system).</para>
+
+<para>The main configuration file is &tdmrc;; all other files are
+referenced from there and could be stored under any name anywhere on
+the system - but usually that would not make much sense for obvious
+reasons (one particular exception is referencing configuration files
+of an already installed &xdm; - however when a new &tdm; is installed,
+it will import settings from those files if it finds an already installed
+&xdm;).</para>
+
+<para>Since &tdm; must run before any user is logged in, it is not
+associated with any particular user. Therefore, it is not possible to have
+user-specific configuration files; all users share the common &tdmrc;. It
+follows from this that the configuration of &tdm; can only be altered by
+those users that have write access to
+<filename>$<envar>TDEDIR</envar>/share/config/tdm/tdmrc</filename> (normally
+restricted to system administrators logged in as <systemitem
+class="username">root</systemitem>).</para>
+
+<para>You can view the &tdmrc; file currently in use on your system, and you
+can configure &tdm; by editing this file. Alternatively, you can use the
+graphical configuration tool provided by the &kcontrolcenter; (under
+<menuchoice><guisubmenu>System Administration</guisubmenu><guimenuitem>Login
+Manager</guimenuitem></menuchoice>), which is described in <ulink
+url="help:/kcontrol/login-manager.html">the &kcontrolcenter; help files</ulink>.
+</para>
+
+<para>The remainder of this chapter describes configuration of &tdm;
+via the &kcontrolcenter; module, and the <link linkend="tdm-files">next
+chapter</link> describes the options available in &tdmrc; itself. If
+you only need to configure for local users, the &kcontrolcenter; module
+should be sufficient for your needs. If you need to configure remote
+logins, or have multiple &tdm; sessions running, you will need to read
+on.</para>
+
+<sect1 id="tdm-kcontrol-module">
+<sect1info>
+<authorgroup>
+<author>&Thomas.Tanghus; &Thomas.Tanghus.mail;</author>
+<author>&Steffen.Hansen; &Steffen.Hansen.mail;</author>
+<author>&Mike.McBride; &Mike.McBride.mail;</author>
+</authorgroup>
+</sect1info>
+
+<title>The Login Manager &kcontrolcenter; Module</title>
+
+<para>Using this module, you can configure the &kde; graphical login
+manager, &tdm;. You can change how the login screen looks, who has
+access using the login manager and who can shutdown the
+computer.</para>
+
+<note><para>All settings will be written to the configuration file
+&tdmrc;, which in its original state has many comments to help you
+configure &tdm;. Using this &kcontrolcenter; module will strip these
+comments from the file. All available options in &tdmrc; are covered
+in <xref linkend="tdm-files"/>.</para>
+
+<para>The options listed in this chapter are cross referenced with
+their equivalents in &tdmrc;. All options available in the &kcontrol;
+module are also available directly in &tdmrc; but the reverse is not
+true.</para></note>
+
+<para>In order to organize all of these options, this module is
+divided into several sections: <link
+linkend="tdmconfig-appearance"><guilabel>Appearance</guilabel></link>,
+<link linkend="tdmconfig-font"><guilabel>Font</guilabel></link>, <link
+linkend="tdmconfig-background"><guilabel>Background</guilabel></link>,
+<link
+linkend="tdmconfig-shutdown"><guilabel>Shutdown</guilabel></link>,
+<link linkend="tdmconfig-users"><guilabel>Users</guilabel></link> and
+<link
+linkend="tdmconfig-convenience"><guilabel>Convenience</guilabel></link>.</para>
+
+<para>You can switch between the sections using the tabs at the top of
+the window.</para>
+
+<note><para>If you are not currently logged in as a superuser, you
+will need to click the <guibutton>Administrator Mode...</guibutton>
+Button. You will then be asked for a superuser password. Entering a
+correct password will allow you to modify the settings of this
+module.</para></note>
+
+<sect2 id="tdmconfig-appearance">
+<title>Appearance</title>
+
+<para>From this page you can change the visual appearance of &tdm;,
+&kde;'s graphical login manager.</para>
+
+<para>The <guilabel>Greeting:</guilabel> is the title of the login
+ screen. Setting this is especially useful if you have many servers users
+ may log in to. You may use various placeholders, which are described
+ along with the corresponding key
+ <link linkend="option-greetstring"><option>GreetString</option></link>
+ in &tdmrc;.
+</para>
+
+<para>You can then choose to show either the current system time, a logo or
+nothing special in the login box. Make your choice in the radio buttons
+labeled <guilabel>Logo area:</guilabel>. This corresponds to <link
+linkend="option-logoarea"><option>LogoArea</option></link> in &tdmrc;</para>
+
+<para>If you chose <guilabel>Show logo</guilabel> you can now choose a
+logo:</para>
+
+<itemizedlist>
+<listitem>
+<para>Drop an image file on the image button.</para>
+</listitem>
+<listitem>
+<para>Click on the image button and select a new image from the image chooser
+dialog.</para>
+</listitem>
+</itemizedlist>
+
+<para>If you do not specify a logo the default
+<filename>$<envar>TDEDIR</envar>/share/apps/tdm/pics/kdelogo.xpm</filename>
+will be displayed.</para>
+
+<para>Normally the login box is centered on the screen. Use the
+<guilabel>Position:</guilabel> options if you want it to appear
+elsewhere on the screen. You can specify the relative position
+(percentage of the screen size) for the center of the login window,
+relative to the top left of the display, in the fields labeled
+<guilabel>X:</guilabel> and <guilabel>Y:</guilabel> respectively.
+These correspond to the key
+<link linkend="option-greeterpos"><option>GreeterPos</option></link>
+in &tdmrc;.</para>
+
+<para>While &kde;'s style depends on the settings of the user logged
+in, the style used by &tdm; can be configured using the <guilabel>GUI
+Style:</guilabel> and <guilabel>Color Scheme:</guilabel> options.
+These correspond to the keys <link
+linkend="option-guistyle"><option>GUIStyle</option></link> and <link
+linkend="option-colorscheme"><option>ColorScheme</option></link> in
+&tdmrc; respectively.</para>
+
+<para>Below that, you have a drop down box to choose the language for
+your login box, corresponding to setting <option>Language</option> in
+&tdmrc;.</para>
+
+</sect2>
+
+<sect2 id="tdmconfig-font">
+<title>Font</title>
+
+<para>From this section of the module you can change the fonts used in the
+login window. Only fonts available to all users are available here, not
+fonts you have installed on a per user basis.</para>
+
+<para>You can select three different font styles from the drop down box
+(<guilabel>General:</guilabel>, <guilabel>Failures:</guilabel>,
+<guilabel>Greeting:</guilabel>). When you click on the
+<guibutton>Choose...</guibutton> button a dialog appears from which you can
+select the new characteristics for the font style.</para>
+
+<itemizedlist>
+<listitem>
+<para>The <guilabel>General:</guilabel> font is used in all other places in the
+login window.</para>
+</listitem>
+<listitem>
+<para>The <guilabel>Failures:</guilabel> font is used when a login
+fails.</para>
+</listitem>
+<listitem>
+<para>The <guilabel>Greeting:</guilabel> font is the font used for the title
+(Greeting String).</para>
+</listitem>
+</itemizedlist>
+
+<para>You can also check the box labeled <guilabel>Use anti-aliasing for
+fonts</guilabel> if you want smoothed fonts in the login dialog.</para>
+
+</sect2>
+
+<sect2 id="tdmconfig-background">
+<title>Background</title>
+
+<para>Here you can change the desktop background which will be displayed
+before a user logs in. You can have a single color or an image as a
+background. If you have an image as the background and select center, the
+selected background color will be used around the image if it is not
+large enough to cover the entire desktop.</para>
+
+<para>The background colors and effects are controlled by the options on
+the tab labeled <guilabel>Background</guilabel> and you select a
+background image and its placement from the options on the tab labeled
+<guilabel>Wallpaper</guilabel>.</para>
+
+<para>To change the default background color(s) simply click either of
+the color buttons and select a new color.</para>
+
+<para>The drop down box above the color buttons provides you with several
+different blend effects. Choose one from the list, and it will be
+previewed on the small monitor at the top of the window. Your choices
+are:</para>
+
+<variablelist>
+<varlistentry>
+<term>Flat</term>
+<listitem><para>By choosing this mode, you select one color (using the color
+button labeled <guibutton>Color 1</guibutton>), and the entire background is
+covered with this one color.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Pattern</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). </para> <para>You then select a pattern by clicking
+<guilabel>Setup</guilabel>. This opens a new dialog window, which gives you
+the opportunity to select a pattern. Simply click once on the pattern of your
+choice, then click on <guilabel>OK</guilabel>, and &kde; will render the pattern
+you selected using the two colors you selected. For more on patterns, see the
+section <ulink url="help:/kcontrol/background/index.html#bkgnd-patterns">Background: Adding, Removing and Modifying
+Patterns</ulink>.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Background Program</term>
+<listitem><para>By selecting this option, you can have &kde; use an external
+program to determine the background. This can be any program of your choosing.
+For more information on this option, see the section entitled <ulink
+url="help:/kcontrol/background/index.html#bkgnd-programs">Background: Using an external program</ulink>.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Horizontal Gradient</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). &kde; will then start with the color selected by <guilabel>Color
+1</guilabel> on the left edge of the screen, and slowly transform into the
+color selected by <guilabel>Color 2</guilabel> by the time it gets to the
+right edge of the screen.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Vertical Gradient</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). &kde; will then start with the color selected by <guilabel>Color
+1</guilabel> on the top edge of the screen, and slowly transform into the color
+selected by <guilabel>Color 2</guilabel> as it moves to the bottom of the
+screen.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Pyramid Gradient</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). &kde; will then start with the color selected by <guilabel>Color
+1</guilabel> in each corner of the screen, and slowly transform into the color
+selected by <guilabel>Color 2</guilabel> as it moves to the center of the
+screen.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Pipecross Gradient</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). &kde; will then start with the color selected by <guilabel>Color
+1</guilabel> in each corner of the screen, and slowly transform into the color
+selected by <guilabel>Color 2</guilabel> as it moves to the center of the
+screen. The <quote>shape</quote> of this gradient is different then the pyramid
+gradient.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>Elliptic Gradient</term>
+<listitem><para>By choosing this mode, you select two colors (using both color
+buttons). &kde; will then start with the color selected by <guilabel>Color
+2</guilabel> in the center of the screen, and slowly transform into the color
+selected by <guilabel>Color 1</guilabel> as it moves to the edges, in an
+elliptical pattern.</para></listitem>
+</varlistentry>
+</variablelist>
+
+<para>The setup button is only needed for if you select <guilabel>Background
+program</guilabel> or <guilabel>Patterns</guilabel>. In these instances,
+another window will appear to configure the specifics.</para>
+<para><emphasis>Wallpaper</emphasis></para>
+<para>To select a new background image first, click on the
+<guilabel>Wallpapers</guilabel> tab, then you can either select an image from the drop down list labeled <guilabel>Wallpaper</guilabel> or select
+<guibutton>Browse...</guibutton> and select an image file from a file
+selector.</para>
+
+<para>The image can be displayed in six different ways:</para>
+<variablelist>
+<varlistentry>
+<term>No wallpaper</term>
+<listitem><para>No image is displayed. Just the background colors.</para>
+</listitem></varlistentry>
+<varlistentry>
+<term>Centered</term>
+<listitem><para>The image will be centered on the screen. The background colors
+will be present anywhere the image does not cover.</para> </listitem>
+</varlistentry>
+<varlistentry>
+<term>Tiled</term>
+<listitem><para>The image will be duplicated until it fills the entire
+desktop. The first image will be placed in the upper left corner of the screen,
+and duplicated downward and to the right.</para> </listitem>
+</varlistentry>
+<varlistentry>
+<term>Center Tiled</term>
+<listitem><para>The image will be duplicated until it fills the entire
+desktop. The first image will be placed in the center of the screen, and
+duplicated upward, downward to the right, and to the left.</para> </listitem>
+</varlistentry>
+<varlistentry>
+<term>Centered Maxpect</term>
+<listitem><para>The image will be placed in the center of the screen. It will
+be scaled to fit the desktop, but it will not change the aspect ratio of the
+original image. This will provide you with an image that is not distorted.
+</para> </listitem>
+</varlistentry>
+<varlistentry>
+<term>Scaled</term>
+<listitem><para>The image will be scaled to fit the desktop. It will be
+stretched to fit all four corners.</para> </listitem>
+</varlistentry>
+</variablelist>
+
+</sect2>
+
+<sect2 id="tdmconfig-shutdown">
+<title><guilabel>Shutdown</guilabel></title>
+
+<para><guilabel>Allow Shutdown</guilabel></para>
+<para>Use this drop down box to choose who is allowed to shut down:</para>
+<itemizedlist>
+<listitem>
+<para><guilabel>Nobody</guilabel>: No one can shutdown the computer using
+&tdm;. You must be logged in, and execute a command.</para>
+</listitem>
+<listitem>
+<para><guilabel>Everybody</guilabel>: Everyone can shutdown the computer using
+&tdm;.</para>
+</listitem>
+<listitem><para><guilabel>Only Root</guilabel>: &tdm; requires that the
+<systemitem>root</systemitem> password be entered before shutting down the
+computer.</para></listitem>
+</itemizedlist>
+
+<para>You can independently configure who is allowed to issue a
+shutdown command for the <guilabel>Local:</guilabel> and
+<guilabel>Remote:</guilabel> users.</para>
+
+<para><emphasis>Commands</emphasis></para> <para>Use these text fields to
+define the exact shutdown command.</para> <para>The
+<guilabel>Halt:</guilabel> command defaults to <!-- Are these defaults still
+correct? they disagree with what's in --> <!-- tdmrc -->
+<command>/sbin/halt</command>. The <guilabel>Restart:</guilabel> command
+defaults to
+<command>/sbin/reboot</command>.</para>
+
+<para>When <guilabel>Show boot options</guilabel> is enabled, &tdm;
+will on reboot offer you options for the lilo boot manager. For this
+feature to work, you will need to supply the correct paths to your
+<command>lilo</command> command and to lilo's map file. Note that this
+option is not available on all operating systems.</para>
+
+</sect2>
+
+<sect2 id="tdmconfig-users">
+<title>Users</title>
+
+<para>From here you can change the way users are represented in the
+login window.</para>
+
+<para>You may disable the user list in &tdm; entirely in the
+<guilabel>Show Users</guilabel> section. You can choose from:</para>
+
+<variablelist>
+<varlistentry>
+<term><guilabel>Show List</guilabel></term>
+<listitem>
+<para>Only show users you have specifically enabled in the list
+alongside</para>
+<para>If you do not check this box, no list will be shown. This is the most secure setting, since an
+attacker would then have to guess a valid login name as well as a
+password. It's also the preferred option if you have more than a
+handful of users to list, or the list itself would become
+unwieldy.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><guilabel>Inverse selection</guilabel></term>
+<listitem>
+<para>Allows you to intead select a list of users that should
+<emphasis>not</emphasis> be shown, and all other users will be
+listed.</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+<para>Independently of the users you specify by name, you can use the
+<guilabel>System UIDs</guilabel> to specify a range of valid
+<acronym>UID</acronym>s that are shown in the list. By default user
+id's under 1000, which are often system or daemon users, and user id's
+over 65000, are not shown.</para>
+
+<para>You can also enable the <guilabel>Sort users</guilabel>
+checkbox, to have the user list sorted alphabetically. If this is
+disabled, users will appear in the order they are listed in the
+password file. &tdm; will also autocomplete user names if you enable the
+<guilabel>Autocompletion</guilabel> option.</para>
+
+<para>If you choose to show users, then the login window will show
+images (which you select), of a list of users. When someone is ready
+to login, they may select their user name/image, enter their password,
+and they are granted access.</para>
+
+<para>If you permit a user image, then you can configure the source
+for those images.</para>
+
+<para>You can configure the admin picture here, for each user on the
+system. Depending on the order selected above, users may be able to
+override your selection.</para>
+
+<para>If you choose not to show users, then the login window will be
+more traditional. Users will need to type their username and password
+to gain entrance. This is the preferred way if you have many users on
+this terminal.</para>
+
+</sect2>
+
+<sect2 id="tdmconfig-convenience">
+<title>Convenience</title>
+
+<para>In the <guilabel>convenience</guilabel> tab you can configure
+some options that make life easier for lazy people, like automatic
+login or disabling passwords.</para>
+
+<important><para>Please think more than twice before using these
+options. Every option in the <guilabel>Convenience</guilabel> tab is
+well-suited to seriously compromise your system security. Practically,
+these options are only to be used in a completely non-critical
+environment, &eg; a private computer at home. </para></important>
+
+<sect3 id="loginmanager-convenience-autologin">
+<title>Automatic Login</title>
+
+<para>Automatic login will give anyone access to a certain account on
+your system without doing any authentication. You can enable it using
+the option <guilabel>Enable Auto-login</guilabel>.</para>
+
+<para>You can choose the account to be used for automatic login from
+the list labeled <guilabel>User:</guilabel>.</para>
+
+</sect3>
+
+<sect3 id="loginmanager-convenience-nopasswd">
+<title><guilabel>Password-Less Login</guilabel></title>
+
+<para>Using this feature, you can allow certain users to login without
+having to provide their password. Enable this feature using the
+<guilabel>Enable Password-less logins</guilabel> option.</para>
+
+<para>Below this option you'll see a list of users on the system.
+Enable password-less login for specific users by checking the checkbox
+next to the login names. By default, this feature is disabled for
+all users.</para>
+
+<important><para>Again, this option should only be used in a safe
+environment. If you enable it on a rather public system you should
+take care that only users with heavy access restrictions are granted
+password-less login, &eg;
+<systemitem>guest</systemitem>.</para></important>
+
+<para>You can also choose which user is <quote>preselected</quote>
+when &tdm; starts. The default is <guilabel>None</guilabel>, but you
+can choose <guilabel>Previous</guilabel> to have &tdm; default to the
+last successfully logged in user, or you can
+<guilabel>Specify</guilabel> a particular user to always be selected
+from the list. You can also have &tdm; set the focus to the password
+field, so that when you reach the &tdm; login screen, you can type the
+password immediately.</para>
+
+<para>The <guilabel>Automatically login after X server crash</guilabel>
+option allows you to skip the authentication procedure when your X
+server accidentally crashed.</para>
+
+</sect3>
+
+</sect2>
+
+</sect1>
+
+</chapter>
+
+&tdmrc-ref;
+
+<!-- ************************************************************ -->
+<chapter id="configuring-your-system-for-tdm">
+<title>Configuring your system to use &tdm;</title>
+
+<para>This chapter assumes that your system is already configured to
+run the &X-Window;, and that you only need to reconfigure it to
+allow graphical login.</para>
+
+<sect1 id="setting-up-tdm">
+<title>Setting up &tdm;</title>
+
+<para>The fundamental thing that controls whether your computer boots to a
+terminal prompt (console mode) or a graphical login prompt is the default
+runlevel. The runlevel is set by the program <application> <ulink
+url="man:init">/sbin/init</ulink></application> under the control of the
+configuration file <filename>/etc/inittab</filename>. The default runlevels
+used by different &UNIX; systems (and different &Linux; distributions) vary,
+but if you look at <filename>/etc/inittab</filename> the start of it should
+be something like this:</para>
+
+<screen># Default runlevel. The runlevels used by RHS are:
+# 0 - halt (Do NOT set initdefault to this)
+# 1 - Single user mode
+# 2 - Multiuser, without NFS
+# 3 - Full multiuser mode
+# 4 - unused
+# 5 - X11
+# 6 - reboot (Do NOT set initdefault to this)
+
+id:3:initdefault:
+</screen>
+
+<para>All but the last line of this extract are comments. The comments
+show that runlevel 5 is used for X11 and that runlevel 3 is used for
+multi-user mode without X11 (console mode). The final line specifies
+that the default runlevel of the system is 3 (console mode). If your
+system currently uses graphical login (for example, using &xdm;) its
+default runlevel will match the runlevel specified for X11.</para>
+
+<para>The runlevel with graphical login (&xdm;) for some common &Linux;
+distributions is:</para>
+
+<itemizedlist>
+<listitem><para>5 for &RedHat; 3.x and later, and for &Mandrake;</para></listitem>
+<listitem><para>4 for Slackware</para></listitem>
+<listitem><para>3 for &SuSE;. 4.x and 5.x</para></listitem>
+</itemizedlist>
+
+<para>The first step in configuring your system is to ensure that you
+can start &tdm; from the command line. Once this is working, you can
+change your system configuration so that &tdm; starts automatically
+each time you reboot your system.</para>
+
+<para>To test &tdm;, you must first bring your system to a runlevel
+that does not run &xdm;. To do so, issue a command like this:</para>
+
+<screen><command>/sbin/init <option>3</option></command></screen>
+
+<para>Instead of the number <option>3</option> you should specify the
+appropriate runlevel for console mode on your system.</para>
+
+<para>If your system uses Pluggable Authentication Modules
+(<abbrev>PAM</abbrev>), which is normal with recent &Linux; and &Solaris;
+systems, you should check that your <abbrev>PAM</abbrev> configuration permits
+login through the service named <literal>kde</literal>. If you previously used
+&xdm; successfully, you should not need to make any
+changes to your <abbrev>PAM</abbrev> configuration in order to use
+&tdm;. <filename>/etc/pam.conf</filename> or
+<filename>/etc/pam.d/kde</filename>. Information on configuring
+<abbrev>PAM</abbrev> is beyond the scope of this handbook, but
+<abbrev>PAM</abbrev> comes with comprehensive documentation (try looking in
+<filename>/usr/share/doc/*pam*/html/</filename>).</para>
+
+<para>Now it's time for you to test &tdm; by issuing the following
+command:</para>
+
+<screen><command>tdm <option>-nodaemon</option></command>
+</screen>
+
+<para>If you get a &tdm; login dialog and you are able to log in,
+things are going well. The main thing that can go wrong here is that
+the run-time linker might not find the shared &Qt; or &kde; libraries.
+If you have a binary distribution of the &kde; libraries, make sure
+&tdm; is installed where the libraries believe &kde; is installed and
+try setting some environment variables to point to your &kde; and &Qt;
+libraries.</para>
+
+<para>For example:</para>
+
+<screen><command>export
+<option>TDEDIR=<replaceable>/opt/kde</replaceable></option></command>
+<command>export
+<option>QTDIR=<replaceable>/usr/lib/qt2</replaceable></option></command>
+<command>export
+<option>PATH=<replaceable>$TDEDIR/bin:$QTDIR/bin:$PATH</replaceable></option></command>
+<command>export
+<option>LD_LIBRARY_PATH=<replaceable>$TDEDIR/lib:$QTDIR/lib</replaceable></option></command>
+</screen>
+
+<para>If you are still unsuccessful, try starting &xdm; instead, to
+make sure that you are not suffering from a more serious X
+configuration problem.</para>
+
+<para>When you are able to start &tdm; successfully, you can start to
+replace &xdm; by &tdm;. Again, this is distribution-dependent.</para>
+
+<itemizedlist>
+<listitem>
+<para>For &RedHat;, edit <filename>/etc/inittab</filename>, look for this
+ line:</para>
+<screen>x:5:respawn:/usr/X11/bin/xdm -nodaemon</screen>
+<para>and replace with:</para>
+<screen>x:5:respawn:/opt/kde/bin/tdm</screen>
+<para>This tells <command>init</command>(8) to respawn &tdm; when the
+system is in run level 5. Note that &tdm; does not need the
+ <option>-nodaemon</option> option.</para>
+</listitem>
+<listitem>
+<para>For &Mandrake;, the X11 runlevel in
+<filename>/etc/inittab</filename> invokes the shell script
+<filename>/etc/X11/prefdm</filename>, which is set up to select from
+amongst several display managers, including &tdm;. Make sure that all
+the paths are correct for your installation.</para>
+</listitem>
+<listitem>
+<para>For &SuSE;, edit <filename>/sbin/init.d/xdm</filename> to add a
+first line:</para>
+
+<screen>. /etc/rc.config
+DISPLAYMANAGER=tdm
+export DISPLAYMANAGER</screen>
+</listitem>
+<listitem><para>For FreeBSD, edit <filename>/etc/ttys</filename> and find
+the line like this:</para>
+<screen>ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</screen>
+<para>and edit it to this:</para>
+<screen>ttyv8 "/usr/local/bin/tdm" xterm on secure</screen>
+</listitem>
+
+<listitem><para>Most other distributions are a variation of one of
+these.</para></listitem>
+</itemizedlist>
+
+<para>At this stage, you can test &tdm; again by bringing your system
+to the runlevel that should now run &tdm;. To do so, issue a command
+like this:</para>
+
+<screen><command>/sbin/init <option>5</option></command>
+</screen>
+
+<para>Instead of the number <option>5</option> you should specify the
+appropriate runlevel for running X11 on your system.</para>
+
+<para>The final step is to edit the <parameter>initdefault</parameter>
+entry in <filename>/etc/inittab</filename> to specify the appropriate
+runlevel for X11.</para>
+
+<warning><para>Before you make this change, ensure that you have a way
+to reboot your system if a problem occurs. This might be a
+<quote>rescue</quote> floppy-disk provided by your operating system
+distribution or a specially-designed <quote>rescue</quote>
+floppy-disk, such as <literal>tomsrtbt</literal>. Ignore this advice
+at your peril.</para></warning>
+
+<para>This usually involves changing the line:</para>
+<screen>id:3:initdefault:</screen>
+<para>to</para>
+<screen>id:5:initdefault:</screen>
+
+<para>When you reboot your system, you should end up with the
+graphical &tdm; login dialog.</para>
+
+<para>If this step is unsuccessful the most likely problem is that the
+environment used at boot time differs from the environment that you used for
+testing at the command line. If you are trying to get two versions of &kde;
+to co-exist, be particularly careful that the settings you use for your
+<envar>PATH</envar> and <envar>LD_LIBRARY_PATH</envar> environment variables
+are consistent, and that the startup scripts are not over-riding them in
+some way.</para>
+
+</sect1>
+
+</chapter>
+
+<chapter id="different-window-managers-with-tdm">
+<title>Supporting multiple window managers</title>
+
+<para>&tdm; detects most available window manager and desktop environments when
+it is run. Installing a new one should make it automatically available in
+the &tdm; main dialog <guilabel>Session Type:</guilabel>.</para>
+
+<para>If you have a very new window manager, or something that &tdm; does
+not support, the first thing you should check is that the application to be
+run is in the <envar>PATH</envar> and has not been renamed during the
+install into something unexpected.</para>
+
+<para>If the case is that the application is too new and not yet supported
+by &tdm;, you can quite simply add a new session.</para>
+
+<para>The sessions are defined in <firstterm>.desktop</firstterm> files in
+<filename
+class="directory">$<envar>TDEDIR</envar>/share/apps/tdm/sessions</filename>.
+You can simply add an appropriately named <literal
+role="extension">.desktop</literal> file in this directory. The fields
+are:</para>
+
+<programlisting>[Desktop Entry]
+Encoding=UTF-8 <lineannotation>This is fixed to <option>UTF-8</option> and
+may be omitted</lineannotation>
+Type=XSession <lineannotation>This is fixed to <option>XSession</option> and
+may be omitted</lineannotation>
+Exec=<replaceable>executable name</replaceable> <lineannotation>Passed to
+<command>eval exec</command> in a Bourne shell</lineannotation>
+TryExec=<replaceable>executable name</replaceable> <lineannotation>Supported
+but not required</lineannotation>
+Name=<replaceable>name to show in the &tdm; session list</replaceable></programlisting>
+
+<para>There are also three <quote>magic</quote>:</para>
+
+<variablelist>
+<varlistentry>
+<term>default</term>
+<listitem>
+<para>
+The default session for &tdm; is normally &kde; but can be configured by the
+system administrator.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>custom</term>
+<listitem>
+<para>
+The Custom session will run the users ~/.xsession if it exists.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>failsafe</term>
+<listitem>
+<para>
+Failsafe will run a very plain session, and is useful only for debugging
+purposes.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+<para>To override a session type, copy the .desktop file from the data dir
+to the config dir and edit it at will. Removing the shipped session types
+can be accomplished by <quote>shadowing</quote> them with .desktop files
+containing Hidden=true. For the magic session types no .desktop files exist
+by default, but &tdm; pretends they would, so you can override them like any
+other type. I guess you already know how to add a new session type by
+now. ;-)</para>
+
+</chapter>
+
+<chapter id="xdmcp-with-tdm">
+<title>Using &tdm; for Remote Logins (&XDMCP;)</title>
+
+<para>&XDMCP; is the Open Group standard, the <quote>X Display Manager
+Control Protocol</quote>. This is used to set up connections between
+remote systems over the network.</para>
+
+<para>&XDMCP; is useful in multiuser situations where there are users
+with workstations and a more powerful server that can provide the
+resources to run multiple X sessions. For example, &XDMCP; is a good
+way to reuse old computers - a Pentium or even 486 computer with 16 Mb
+RAM is sufficient to run X itself, and using &XDMCP; such a computer can
+run a full modern &kde; session from a server. For the server part,
+once a single &kde; (or other environment) session is running, running
+another one requires very few extra resources.</para>
+
+<para>However, allowing another method of login to your machine
+obviously has security implications. You should run this service only
+if you need to allow remote X Servers to start login sessions on your
+system. Users with a single &UNIX; computer should not need to run
+this.</para>
+
+</chapter>
+
+<chapter id="advanced-topics">
+<title>Advanced Topics</title>
+
+<sect1 id="command-sockets">
+<title>Command Sockets</title>
+
+<para>This is a feature you can use to remote-control &tdm;. It's mostly
+intended for use by &ksmserver; and &kdesktop; from a running session, but
+other applications are possible as well.</para>
+
+<para>The sockets are &UNIX; domain sockets which live in subdirectories of the
+directory specified by <option>FifoDir</option>=. The subdir is the key to
+addressing and security; the sockets all have the file name
+<filename>socket</filename> and file permissions
+<literal>rw-rw-rw-</literal> (0666). This is because some systems don't care
+for the file permission of the socket files.</para>
+
+<para>There are two types of sockets: the global one (dmctl) and the
+per-display ones (dmctl-&lt;display&gt;).</para>
+
+<para>The global one's subdir is owned by root, the subdirs of the per-display
+ones' are owned by the user currently owning the session (root or the
+logged in user). Group ownership of the subdirs can be set via FifoGroup=,
+otherwise it is root. The file permissions of the subdirs are rwxr-x---
+(0750).</para>
+
+<para>The fields of a command are separated by tabs (<token>\t</token>), the
+fields of a list are separated by spaces, literal spaces in list fields are
+denoted by <token>\s</token>.</para>
+
+<para>The command is terminated by a newline (<token>\n</token>).</para>
+
+<para>The same applies to replies. The reply on success is
+<returnvalue>ok</returnvalue>, possibly followed by the requested
+information. The reply on error is an errno-style word (&eg;
+<returnvalue>perm</returnvalue>, <returnvalue>noent</returnvalue>, &etc;)
+followed by a longer explanation.</para>
+
+<variablelist>
+<title>Global commands:</title>
+<varlistentry>
+<term><command>login</command> <option>display</option>
+(<parameter>now</parameter> | <parameter>schedule</parameter>) <parameter>user</parameter> <parameter>password</parameter>
+[session_arguments]</term>
+<listitem>
+<para>login user at specified display. if <parameter>now</parameter> is
+specified, a possibly running session is killed, otherwise the login is done
+after the session exits. session_arguments are printf-like escaped contents
+for .dmrc. Unlisted keys will default to previously saved values.</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist>
+<title>Per-display commands:</title>
+<varlistentry>
+<term><command>lock</command></term>
+<listitem>
+<para>The display is marked as locked. If the &X-Server; crashes in this
+state, no auto-relogin will be performed even if the option is on.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><command>unlock</command></term>
+<listitem>
+<para>Reverse the effect of <command>lock</command>, and re-enable
+auto-relogin.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><command>suicide</command></term>
+<listitem>
+<para>The currently running session is forcibly terminated. No auto-relogin
+is attempted, but a scheduled "login" command will be executed.</para>
+</listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist>
+<title>Commands for all sockets</title>
+<varlistentry>
+<term><command>caps</command></term>
+<listitem>
+<para>Returns a list of this socket's capabilities:</para>
+
+<variablelist>
+<varlistentry>
+<term><returnvalue>&tdm;</returnvalue></term>
+<listitem>
+<para>identifies &tdm;, in case some other DM implements this protocol,
+too</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>list</returnvalue>, <returnvalue>lock</returnvalue>,
+<returnvalue>suicide</returnvalue>, <returnvalue>login</returnvalue></term>
+<listitem>
+<para>The respective command is supported</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>bootoptions</returnvalue></term>
+<listitem>
+<para>The <command>listbootoptions</command> command and the
+<option>=</option> to <command>shutdown</command> are supported</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>shutdown &lt;list&gt;</returnvalue></term>
+<listitem>
+<para><command>shutdown</command> is supported and allowed for the listed
+users (a comma separated list.) <returnvalue>*</returnvalue> means all
+authenticated users.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>nuke &lt;list&gt;</returnvalue></term>
+<listitem>
+<para>Forced shutdown may be performed by the listed users.</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>nuke</returnvalue></term>
+<listitem>
+<para>Forced shutdown may be performed by everybody</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term><returnvalue>reserve &lt;number&gt;</returnvalue></term>
+<listitem>
+<para>Reserve displays are configured, and <returnvalue>number</returnvalue>
+are available at this time</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>list</command> [<parameter>all</parameter> |
+<parameter>alllocal</parameter>]</term>
+<listitem>
+<para>Return a list of running sessions. By default all active sessions are
+listed. if <parameter>all</parameter> is specified, passive sessions are
+listed as well. If <parameter>alllocal</parameter> is specified, passive
+sessions are listed as well, but all incoming remote sessions are
+skipped.</para>
+<para>Each session entry is a comma separated tuple of:</para>
+<itemizedlist>
+<listitem><para>Display or TTY name</para></listitem>
+<listitem><para>VT name for local sessions</para></listitem>
+<listitem><para>Logged in user's name, empty for passive sessions and
+outgoing remote sessions (local chooser mode)</para></listitem>
+<listitem><para>Session type or <quote>&lt;remote&gt;</quote> for outgoing
+remote sessions, empty for passive sessions.</para></listitem>
+<listitem><para>A Flag field:</para>
+<itemizedlist><listitem><para><literal>*</literal> for the display belonging
+to the requesting socket.</para></listitem>
+<listitem><para><literal>!</literal> for sessions that cannot be killed by the
+reqeusting socket.</para></listitem>
+</itemizedlist>
+</listitem>
+</itemizedlist>
+<para>New fields may be added in the future.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>reserve</command> [<parameter>timeout in
+seconds</parameter>]</term>
+<listitem>
+<para>Start a reserve login screen. If nobody logs in within the specified
+amount of time (one minute by default), the display is removed again. When
+the session on the display exits, the display is removed, too.</para>
+<para>Permitted only on sockets of local displays and the global
+socket.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>activate</command>
+(<parameter>vt</parameter>|<parameter>display</parameter>)</term>
+<listitem>
+<para>Switch to a particular VT (virtual terminal). The VT may be specified
+either directly (&eg; <parameter>vt3</parameter>) or by a display using it
+(eg; <parameter>:2</parameter>).</para>
+<para>Permitted only on sockets of local displays and the global
+socket.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>listbootoptions</command></term>
+<listitem>
+<para>List available boot options.</para>
+<!--FIXME: "ok" list default current
+ default and current are indices into the list and are -1 if unset or
+ undeterminable. -->
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>shutdown</command> (<parameter>reboot</parameter> |
+<parameter>halt</parameter>)
+[<parameter>=<replaceable>bootchoice</replaceable></parameter>]
+(<parameter>ask</parameter>|<parameter>trynow</parameter>|<parameter>forcenow</parameter>|<parameter>schedule</parameter>|<parameter>start
+(<parameter>-1</parameter>|<parameter>end
+(<parameter>force</parameter>|<parameter>forcemy</parameter>|<parameter>cancel)</parameter>)</parameter>)</parameter>)</term>
+<listitem>
+<para>Request a system shutdown, either a reboot or a halt/poweroff.</para>
+<para>An OS choice for the next boot may be specified from the list returned
+by <command>listbootoptions</command></para>
+<para>Shutdowns requested from per-display sockets are executed when the
+current sessino on that display exits. Such a request may pop up a dialog
+asking for confirmation and/or authentication</para>
+<para><parameter>start</parameter> is the time for which the shutdown is
+scheduled. If it starts with a plus-sign, the current time is added. Zero
+means immediately.</para>
+<para><parameter>end</parameter> is the latest time at which the shutdown
+should be performed if active sessions are still running. If it starts with
+a plus-sign, the start time is added. -1 means wait infinitely. If end is
+through and active sessions are still running, &tdm; can do one of the
+following:</para>
+<itemizedlist>
+<listitem><para><parameter>cancel</parameter> - give up the
+shutdown</para></listitem>
+<listitem><para><parameter>force</parameter> - shut down
+nonetheless</para></listitem>
+<listitem><para><parameter>forcemy</parameter> - shut down nonetheless if
+all active sessions belong to the requesting user. Only for per-display sockets.</para></listitem>
+</itemizedlist>
+<para><parameter>start</parameter> and <parameter>end</parameter> are
+specified in seconds since the &UNIX; epoch.</para>
+<para><parameter>trynow</parameter> is a synonym for <parameter>0 0
+cancel</parameter>, <parameter>forcenow</parameter> for <parameter>0 0
+force</parameter> and <parameter>schedule</parameter> for <parameter>0
+-1</parameter>.</para>
+<para><parameter>ask</parameter> attempts an immediate shutdown and
+interacts with the user if active sessions are still running. Only for
+per-display sockets.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>shutdown cancel</command>
+[<parameter>local</parameter>|<parameter>global</parameter>}</term>
+<listitem>
+<para>Cancel a scheduled shutdown. The global socket always cancels the
+currently pending shutdown, while per-display sockets default to cancelling
+their queued request.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term><command>shutdown status</command></term>
+<listitem>
+<para>Return a list with information about shutdowns.</para>
+<para>The entries are a comma-separated tuples of:</para>
+<itemizedlist>
+<listitem>
+<para>(<returnvalue>global</returnvalue>|<returnvalue>local</returnvalue>) -
+pending vs. queued shutdown. A local entry can be returned only by a
+per-display socket.</para>
+</listitem>
+<listitem><para>(<returnvalue>halt</returnvalue>|<returnvalue>reboot</returnvalue>)</para></listitem>
+<listitem><para>start</para></listitem>
+<listitem><para>end</para></listitem>
+<listitem><para>("ask"|"force"|"forcemy"|"cancel")</para></listitem>
+<listitem><para>Numeric user ID of the requesting user, -1 for the global
+socket.</para></listitem>
+<listitem><para>The next boot OS choice or "-" for none.</para></listitem>
+</itemizedlist>
+<para>New fields might be added later</para>
+</listitem>
+</varlistentry>
+</variablelist>
+</listitem>
+</varlistentry>
+</variablelist>
+<para>There are two ways of using the sockets:</para>
+<itemizedlist>
+<listitem>
+<para>Connecting them directly. FifoDir is exported as
+$<envar>DM_CONTROL</envar>; the name of per-display sockets can be derived
+from $<envar>DISPLAY</envar>.</para>
+</listitem>
+<listitem>
+<para>By using the <command>tdmctl</command> command (&eg; from within a
+shell script). Try <command>tdmctl</command> <option>-h</option> to find out
+more.</para>
+</listitem>
+</itemizedlist>
+
+<para>Here is an example bash script <quote>reboot into FreeBSD</quote>:</para>
+
+<programlisting>if tdmctl | grep -q shutdown; then
+ IFS=$'\t'
+ set -- `tdmctl listbootoptions`
+ if [ "$1" = ok ]; then
+ fbsd=$(echo "$2" | tr ' ' '\n' | sed -ne 's,\\s, ,g;/freebsd/I{p;q}')
+ if [ -n "$fbsd" ]; then
+ tdmctl shutdown reboot "=$fbsd" ask &gt; /dev/null
+ else
+ echo "FreeBSD boot unavailable."
+ fi
+ else
+ echo "Boot options unavailable."
+ fi
+else
+ echo "Cannot reboot system."
+fi</programlisting>
+
+</sect1>
+<!-- Riddell: so there's no GUI you need to edit tdmrc to say UseTheme=true and Theme=/path/to/theme.xml
+[13:31] <Riddell> jriddell.org/programs has an example theme
+
+<sect1 id="dm-themes">
+<title>Themes</title>
+
+&tdm; has limited support for desktop manager themes. You may enable them
+by adding <userinput>UseTheme=true</userinput> to <filename>tdmrc</filename>
+and <userinput>Theme=/path/to/theme.xml</userinput>.
+</sect1>
+-->
+</chapter>
+
+<chapter id="Other-Information">
+<title>Other sources of information</title>
+
+<para>Since &tdm; is descended from &xdm;, the <ulink
+url="man:xdm">&xdm; man page</ulink> may provide useful background
+information. For X-related problems try the man pages <ulink
+url="man:X">X</ulink> and <ulink url="man:startx">startx</ulink>. If you have
+questions about &tdm; that are not answered by this handbook, take advantage of
+the fact the &tdm; is provided under the terms of the <abbrev>&GNU;</abbrev>
+General Public License: look at the source code.
+</para>
+
+</chapter>
+
+
+<chapter id="credits"><title>Credits and License</title>
+
+<para>&tdm; is derived from, and includes code from,
+&xdm; (C) Keith Packard, MIT X Consortium.</para>
+
+<para>&tdm; 0.1 was written by &Matthias.Ettrich;. Later versions till &kde;
+2.0.x were written by &Steffen.Hansen;. Some new features for &kde; 2.1.x and
+a major rewrite for &kde; 2.2.x made by &Oswald.Buddenhagen;.</para>
+
+<para>Other parts of the &tdm; code are copyright by the authors, and
+licensed under the terms of the <ulink url="common/gpl-license.html">&GNU;
+GPL</ulink>. Anyone is allowed to change &tdm; and redistribute the result
+as long as the names of the authors are mentioned.</para>
+
+<para>&tdm; requires the &Qt; library, which is copyright Troll Tech AS.</para>
+
+<para>Documentation contributors:
+<itemizedlist>
+
+<listitem><para>Documentation written by &Steffen.Hansen;
+<email>stefh@dit.ou.dk</email></para></listitem>
+
+<listitem><para>Documentation extended by Gregor
+Zumstein<email>zumstein@ssd.ethz.ch</email>. Last update August 9,
+1998</para></listitem>
+
+<listitem><para>Documentation revised for &kde; 2 by &Neal.Crook; &Neal.Crook.mail;. Last update August 6, 2000</para></listitem>
+
+<listitem><para>Documentation extended and revised for &kde; 2.2 by &Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;. Last update August,
+2001</para></listitem>
+
+</itemizedlist></para>
+
+<para>Documentation copyright &Steffen.Hansen;, Gregor Zumstein, &Neal.Crook;
+and &Oswald.Buddenhagen;. This document also includes large parts of the &xdm;
+man page, which is &copy; Keith Packard.</para>
+
+<!--TRANS:CREDIT_FOR_TRANSLATORS -->
+
+&underFDL;
+&underGPL;
+
+</chapter>
+
+<glossary id="glossary">
+<title>Glossary</title>
+
+<glossentry id="gloss-greeter">
+<glossterm>greeter</glossterm>
+<glossdef><para>The greeter is the login dialog, &ie; the part of &tdm;
+which the user sees.</para>
+</glossdef>
+</glossentry>
+
+<glossentry>
+<glossterm id="gloss-entropy">entropy</glossterm>
+<glossdef><para>The entropy of a system is the measure of its
+unpredictability. This is used during the generation of random numbers.</para></glossdef>
+</glossentry>
+
+</glossary>
+</book>
+<!--
+Local Variables:
+mode: xml
+sgml-omittag: nil
+sgml-shorttag: t
+End:
+-->
+
diff --git a/doc/tdm/tdmrc-ref.docbook b/doc/tdm/tdmrc-ref.docbook
new file mode 100644
index 000000000..f2cfd2f0e
--- /dev/null
+++ b/doc/tdm/tdmrc-ref.docbook
@@ -0,0 +1,2316 @@
+<!-- generated from ../../tdm/config.def - DO NOT EDIT! -->
+
+<chapter id="tdm-files">
+<title>The Files &tdm; Uses for Configuration</title>
+
+<para>This chapter documents the files that control &tdm;'s behavior.
+Some of this can be also controlled from the &kcontrol; module, but
+not all.</para>
+
+<sect1 id="tdmrc">
+<title>&tdmrc; - The &tdm; master configuration file</title>
+
+<para>The basic format of the file is <quote>INI-like</quote>.
+Options are key/value pairs, placed in sections.
+Everything in the file is case sensitive.
+Syntactic errors and unrecognized key/section identifiers cause &tdm; to
+issue non-fatal error messages.</para>
+
+<para>Lines beginning with <literal>#</literal> are comments; empty lines
+are ignored as well.</para>
+
+<para>Sections are denoted by
+<literal>[</literal><replaceable>Name of Section</replaceable><literal>]</literal>.
+</para>
+
+<para>You can configure every X-display individually.</para>
+<para>Every display has a display name, which consists of a host name
+(which is empty for local displays specified in <option>StaticServers</option>
+or <option>ReserveServers</option>), a colon, and a display number.
+Additionally, a display belongs to a
+display class (which can be ignored in most cases).</para>
+
+<para>Sections with display-specific settings have the formal syntax
+<literal>[X-</literal>&nbsp;<replaceable>host</replaceable>&nbsp;[&nbsp;<literal>:</literal>&nbsp;<replaceable>number</replaceable>&nbsp;[&nbsp;<literal>_</literal>&nbsp;<replaceable>class</replaceable>&nbsp;]&nbsp;]&nbsp;<literal>-</literal>&nbsp;<replaceable>sub-section</replaceable>&nbsp;<literal>]</literal>
+</para>
+<para>All sections with the same <replaceable>sub-section</replaceable>
+make up a section class.</para>
+
+<para>You can use the wildcard <literal>*</literal> (match any) for
+<replaceable>host</replaceable>, <replaceable>number</replaceable>,
+and <replaceable>class</replaceable>. You may omit trailing components;
+they are assumed to be <literal>*</literal> then. The host part may be a
+domain specification like <replaceable>.inf.tu-dresden.de</replaceable>
+or the wildcard <literal>+</literal> (match non-empty).</para>
+
+<para>From which section a setting is actually taken is determined by
+these rules:</para>
+
+<itemizedlist>
+<listitem>
+<para>An exact match takes precedence over a partial match (for the
+host part), which in turn takes precedence over a wildcard
+(<literal>+</literal> taking precendence over <literal>*</literal>).</para>
+</listitem>
+
+<listitem>
+<para>Precedence decreases from left to right for equally exact matches.</para>
+</listitem>
+
+<listitem>
+
+<para>
+Example: display name <quote>myhost.foo:0</quote>, class <quote>dpy</quote>
+</para>
+<itemizedlist>
+<listitem>
+<para>[X-myhost.foo:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:*_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-.foo:*_*] (same as [X-.foo]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-+:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:0_*] (same as [X-*:0]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:*_*] (same as [X-*]).</para>
+</listitem>
+<listitem>
+<para>These sections do <emphasis>not</emphasis> match this display:</para>
+<para>[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*]</para>
+</listitem>
+</itemizedlist>
+
+</listitem>
+
+</itemizedlist>
+
+<para>Common sections are [X-*] (all displays), [X-:*] (all local displays)
+and [X-:0] (the first local display).</para>
+
+<para>The format for all keys is
+<userinput><option><replaceable>key</replaceable></option>&nbsp;<literal>=</literal>&nbsp;<parameter>value</parameter></userinput>.
+Keys are only valid in the section class they are defined for.
+Some keys do not apply to particular displays, in which case they are ignored.
+</para>
+
+<para>If a setting is not found in any matching section, the default
+is used.</para>
+
+<para>Special characters need to be backslash-escaped (leading and trailing
+spaces (<literal>\s</literal>), tab (<literal>\t</literal>), linefeed
+(<literal>\n</literal>), carriage return (<literal>\r</literal>) and the
+backslash itself (<literal>\\</literal>)).</para>
+<para>In lists, fields are separated with commas without whitespace in between.
+</para>
+<para>Some command strings are subject to simplified sh-style word splitting:
+single quotes (<literal>'</literal>) and double quotes (<literal>"</literal>)
+have the usual meaning; the backslash quotes everything (not only special
+characters). Note that the backslashes need to be doubled because of the
+two levels of quoting.</para>
+
+<note><para>A pristine &tdmrc; is very thoroughly commented.
+All comments will be lost if you change this file with the
+kcontrol frontend.</para></note>
+
+
+<sect2 id="tdmrc-general">
+<title>The [General] section of &tdmrc;</title>
+
+<para>
+This section contains global options that do not fit into any specific section.
+</para>
+
+<variablelist>
+
+<varlistentry>
+<term id="option-configversion"><option>ConfigVersion</option></term>
+<listitem>
+<para>
+This option exists solely for the purpose of clean automatic upgrades.
+<emphasis>Do not</emphasis> change it, you may interfere with future
+upgrades and this could result in &tdm; failing to run.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-staticservers"><option>StaticServers</option></term>
+<listitem>
+<para>
+List of displays (&X-Server;s) permanently managed by &tdm;. Displays with a
+hostname are foreign displays which are expected to be already running,
+the others are local displays for which &tdm; starts an own &X-Server;;
+see <option>ServerCmd</option>. Each display may belong to a display class;
+append it to the display name separated by an underscore.
+See <xref linkend="tdmrc-xservers"/> for the details.
+</para>
+<para>The default is <quote>:0</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-reserveservers"><option>ReserveServers</option></term>
+<listitem>
+<para>
+List of on-demand displays. See <option>StaticServers</option> for syntax.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-servervts"><option>ServerVTs</option></term>
+<listitem>
+<para>
+List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the
+absolute value is used, and the <acronym>VT</acronym> will be allocated only
+if the kernel says it is free. If &tdm; exhausts this list, it will allocate
+free <acronym>VT</acronym>s greater than the absolute value of the last entry
+in this list.
+Currently Linux only.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-consolettys"><option>ConsoleTTYs</option></term>
+<listitem>
+<para>
+This option is for operating systems (<acronym>OS</acronym>s) with support
+for virtual terminals (<acronym>VT</acronym>s), by both &tdm; and the
+<acronym>OS</acronym>s itself.
+Currently this applies only to Linux.
+</para><para>
+When &tdm; switches to console mode, it starts monitoring all
+<acronym>TTY</acronym> lines listed here (without the leading
+<literal>/dev/</literal>).
+If none of them is active for some time, &tdm; switches back to the X login.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pidfile"><option>PidFile</option></term>
+<listitem>
+<para>
+The filename specified will be created to contain an ASCII representation
+of the process ID of the main &tdm; process; the PID will not be stored
+if the filename is empty.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-lockpidfile"><option>LockPidFile</option></term>
+<listitem>
+<para>
+This option controls whether &tdm; uses file locking to keep multiple
+display managers from running onto each other.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-authdir"><option>AuthDir</option></term>
+<listitem>
+<para>
+This names a directory under which &tdm; stores &X-Server; authorization
+files while initializing the session. &tdm; expects the system to clean up
+this directory from stale files on reboot.
+</para><para>
+The authorization file to be used for a particular display can be
+specified with the <option>AuthFile</option> option in [X-*-Core].
+</para>
+<para>The default is <quote>/var/run/xauth</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autorescan"><option>AutoRescan</option></term>
+<listitem>
+<para>
+This boolean controls whether &tdm; automatically re-reads its
+configuration files if it finds them to have changed.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-exportlist"><option>ExportList</option></term>
+<listitem>
+<para>
+Additional environment variables &tdm; should pass on to all programs it runs.
+<envar>LD_LIBRARY_PATH</envar> and <envar>XCURSOR_THEME</envar> are good candidates;
+otherwise, it should not be necessary very often.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-randomfile"><option>RandomFile</option></term>
+<listitem>
+<para>
+If the system has no native entropy source like /dev/urandom (see
+<option>RandomDevice</option>) and no entropy daemon like EGD (see
+<option>PrngdSocket</option> and <option>PrngdPort</option>) is running,
+&tdm; will fall back to its own pseudo-random number generator
+that will, among other things, successively checksum parts of this file
+(which, obviously, should change frequently).
+</para><para>
+This option does not exist on Linux and various BSDs.
+</para>
+<para>The default is <quote>/dev/mem</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-prngdsocket"><option>PrngdSocket</option></term>
+<listitem>
+<para>
+If the system has no native entropy source like /dev/urandom (see
+<option>RandomDevice</option>), read random data from a Pseudo-Random
+Number Generator Daemon,
+like EGD (http://egd.sourceforge.net) via this UNIX domain socket.
+</para><para>
+This option does not exist on Linux and various BSDs.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-prngdport"><option>PrngdPort</option></term>
+<listitem>
+<para>
+Same as <option>PrngdSocket</option>, only use a TCP socket on localhost.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-randomdevice"><option>RandomDevice</option></term>
+<listitem>
+<para>
+The path to a character device which &tdm; should read random data from.
+Empty means to use the system's preferred entropy device if there is one.
+</para><para>
+This option does not exist on OpenBSD, as it uses the arc4_random
+function instead.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-fifodir"><option>FifoDir</option></term>
+<listitem>
+<para>
+The directory in which the command <acronym>FiFo</acronym>s should
+be created; make it empty to disable them.
+</para>
+<para>The default is <quote>/var/run/xdmctl</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-fifogroup"><option>FifoGroup</option></term>
+<listitem>
+<para>
+The group to which the global command <acronym>FiFo</acronym> should belong;
+can be either a name or a numerical ID.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-datadir"><option>DataDir</option></term>
+<listitem>
+<para>
+The directory in which &tdm; should store persistent working data; such data
+is, for example, the previous user that logged in on a particular display.
+</para>
+<para>The default is <quote>/var/lib/tdm</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-dmrcdir"><option>DmrcDir</option></term>
+<listitem>
+<para>
+The directory in which &tdm; should store users' <filename>.dmrc</filename> files. This is only
+needed if the home directories are not readable before actually logging in
+(like with AFS).
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+</variablelist>
+</sect2>
+
+
+<sect2 id="tdmrc-xdmcp">
+<title>The [Xdmcp] section of &tdmrc;</title>
+
+<para>
+This section contains options that control &tdm;'s handling of
+&XDMCP; requests.
+</para>
+
+<variablelist>
+
+<varlistentry>
+<term id="option-enable"><option>Enable</option></term>
+<listitem>
+<para>
+Whether &tdm; should listen to incoming &XDMCP; requests.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-port"><option>Port</option></term>
+<listitem>
+<para>
+This indicates the UDP port number which &tdm; uses to listen for incoming
+&XDMCP; requests. Unless you need to debug the system, leave this with its
+default value.
+</para>
+<para>The default is <quote>177</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-keyfile"><option>KeyFile</option></term>
+<listitem>
+<para>
+XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private
+key to be shared between &tdm; and the terminal. This option specifies
+the file containing those values. Each entry in the file consists of a
+display name and the shared key.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-xaccess"><option>Xaccess</option></term>
+<listitem>
+<para>
+To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP;
+IndirectQuery requests, this file contains a database of hostnames which
+are either allowed direct access to this machine, or have a list of hosts
+to which queries should be forwarded to. The format of this file is
+described in <xref linkend="tdmrc-xaccess"/>.
+</para>
+<para>The default is <quote>${<envar>kde_confdir</envar>}/tdm/Xaccess</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-choicetimeout"><option>ChoiceTimeout</option></term>
+<listitem>
+<para>
+Number of seconds to wait for the display to respond after the user has
+selected a host from the chooser. If the display sends an &XDMCP;
+IndirectQuery within this time, the request is forwarded to the chosen
+host; otherwise, it is assumed to be from a new session and the chooser
+is offered again.
+</para>
+<para>The default is <quote>15</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-removedomainname"><option>RemoveDomainname</option></term>
+<listitem>
+<para>
+When computing the display name for &XDMCP; clients, the name resolver will
+typically create a fully qualified host name for the terminal. As this is
+sometimes confusing, &tdm; will remove the domain name portion of the host
+name if it is the same as the domain name of the local host when this option
+is enabled.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-sourceaddress"><option>SourceAddress</option></term>
+<listitem>
+<para>
+Use the numeric IP address of the incoming connection on multihomed hosts
+instead of the host name. This is to avoid trying to connect on the wrong
+interface which might be down at this time.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-willing"><option>Willing</option></term>
+<listitem>
+<para>
+This specifies a program which is run (as
+<systemitem class="username">root</systemitem>) when an &XDMCP;
+DirectQuery or BroadcastQuery is received and this host is configured
+to offer &XDMCP; display management. The output of this program may be
+displayed in a chooser window. If no program is specified, the string
+<quote>Willing to manage</quote> is sent.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+</variablelist>
+</sect2>
+
+
+<sect2 id="tdmrc-shutdown">
+<title>The [Shutdown] section of &tdmrc;</title>
+
+<para>
+This section contains global options concerning system shutdown.
+</para>
+
+<variablelist>
+
+<varlistentry>
+<term id="option-haltcmd"><option>HaltCmd</option></term>
+<listitem>
+<para>
+The command (subject to word splitting) to run to halt/poweroff the system.
+</para><para>
+The default is something reasonable for the system on which &tdm; was built, like
+<command>/sbin/shutdown&nbsp;<option>-h</option>&nbsp;<parameter>now</parameter></command>.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-rebootcmd"><option>RebootCmd</option></term>
+<listitem>
+<para>
+The command (subject to word splitting) to run to reboot the system.
+</para><para>
+The default is something reasonable for the system &tdm; on which was built, like
+<command>/sbin/shutdown&nbsp;<option>-r</option>&nbsp;<parameter>now</parameter></command>.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowfifo"><option>AllowFifo</option></term>
+<listitem>
+<para>
+Whether it is allowed to shut down the system via the global command <acronym>FiFo</acronym>.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowfifonow"><option>AllowFifoNow</option></term>
+<listitem>
+<para>
+Whether it is allowed to abort active sessions when shutting down the
+system via the global command <acronym>FiFo</acronym>.
+</para><para>
+This will have no effect unless <option>AllowFifo</option> is enabled.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-bootmanager"><option>BootManager</option></term>
+<listitem>
+<para>
+The boot manager &tdm; should use for offering boot options in the
+shutdown dialog.
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>None</parameter></term>
+<listitem><para>no boot manager</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Grub</parameter></term>
+<listitem><para>Grub boot manager</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Lilo</parameter></term>
+<listitem><para>Lilo boot manager (Linux on i386 &amp; x86-64 only)</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>None</quote>.</para>
+</listitem>
+</varlistentry>
+
+</variablelist>
+</sect2>
+
+
+<sect2 id="tdmrc-core">
+<title>The [X-*-Core] section class of &tdmrc;</title>
+
+<para>
+This section class contains options concerning the configuration
+of the &tdm; backend (core).
+</para>
+
+<variablelist>
+
+<varlistentry>
+<term id="option-opendelay"><option>OpenDelay</option></term>
+<listitem>
+<para>
+See <option>OpenRepeat</option>.
+</para>
+<para>The default is <quote>15</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-opentimeout"><option>OpenTimeout</option></term>
+<listitem>
+<para>
+See <option>OpenRepeat</option>.
+</para>
+<para>The default is <quote>120</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-openrepeat"><option>OpenRepeat</option></term>
+<listitem>
+<para>
+These options control the behavior of &tdm; when attempting to open a
+connection to an &X-Server;. <option>OpenDelay</option> is the length
+of the pause (in seconds) between successive attempts,
+<option>OpenRepeat</option> is the number of attempts to make and
+<option>OpenTimeout</option> is the amount of time to spend on a
+connection attempt. After <option>OpenRepeat</option> attempts have been
+made, or if <option>OpenTimeout</option> seconds elapse in any particular
+connection attempt, the start attempt is considered failed.
+</para>
+<para>The default is <quote>5</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-startattempts"><option>StartAttempts</option></term>
+<listitem>
+<para>
+How many times &tdm; should attempt to start a <literal>foreign</literal>
+display listed in <option>StaticServers</option> before giving up
+and disabling it.
+Local displays are attempted only once, and &XDMCP; displays are retried
+indefinitely by the client (unless the option <option>-once</option>
+was given to the &X-Server;).
+</para>
+<para>The default is <quote>4</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-serverattempts"><option>ServerAttempts</option></term>
+<listitem>
+<para>
+How many times &tdm; should attempt to start up a local &X-Server;.
+Starting up includes executing it and waiting for it to come up.
+</para>
+<para>The default is <quote>1</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-servertimeout"><option>ServerTimeout</option></term>
+<listitem>
+<para>
+How many seconds &tdm; should wait for a local &X-Server; to come up.
+</para>
+<para>The default is <quote>15</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-servercmd"><option>ServerCmd</option></term>
+<listitem>
+<para>
+The command line to start the &X-Server;, without display number and VT spec.
+This string is subject to word splitting.
+</para><para>
+The default is something reasonable for the system on which &tdm; was built,
+like <command>/usr/X11R6/bin/X</command>.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-serverargslocal"><option>ServerArgsLocal</option></term>
+<listitem>
+<para>
+Additional arguments for the &X-Server;s for local sessions.
+This string is subject to word splitting.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-serverargsremote"><option>ServerArgsRemote</option></term>
+<listitem>
+<para>
+Additional arguments for the &X-Server;s for remote sessions.
+This string is subject to word splitting.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-servervt"><option>ServerVT</option></term>
+<listitem>
+<para>
+The VT the &X-Server; should run on.
+<option>ServerVTs</option> should be used instead of this option.
+Leave it zero to let &tdm; assign a <acronym>VT</acronym> automatically.
+Set it to <literal>-1</literal> to avoid assigning a <acronym>VT</acronym>
+alltogether - this is required for setups with multiple physical consoles.
+Currently Linux only.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-servertty"><option>ServerTTY</option></term>
+<listitem>
+<para>
+This option is for <acronym>OS</acronym>s without support for
+<acronym>VT</acronym>s, either by &tdm; or the <acronym>OS</acronym> itself.
+Currently this applies to all <acronym>OS</acronym>s but Linux.
+</para><para>
+When &tdm; switches to console mode, it starts monitoring this
+<acronym>TTY</acronym> line (specified without the leading
+<literal>/dev/</literal>) for activity. If the line is not used for some time,
+&tdm; switches back to the X login.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pinginterval"><option>PingInterval</option></term>
+<listitem>
+<para>
+See <option>PingTimeout</option>.
+</para>
+<para>The default is <quote>5</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pingtimeout"><option>PingTimeout</option></term>
+<listitem>
+<para>
+To discover when <emphasis>remote</emphasis> displays disappear, &tdm;
+regularly pings them.
+<option>PingInterval</option> specifies the time (in minutes) between the
+pings and <option>PingTimeout</option> specifies the maximum amount of
+time (in minutes) to wait for the terminal to respond to the request. If
+the terminal does not respond, the session is declared dead and terminated.
+</para><para>
+If you frequently use X terminals which can become isolated from
+the managing host, you may wish to increase the timeout. The only worry
+is that sessions will continue to exist after the terminal has been
+accidentally disabled.
+</para>
+<para>The default is <quote>5</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-terminateserver"><option>TerminateServer</option></term>
+<listitem>
+<para>
+Whether &tdm; should restart the local &X-Server; after session exit instead
+of resetting it. Use this if the &X-Server; leaks memory or crashes the system
+on reset attempts.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-resetsignal"><option>ResetSignal</option></term>
+<listitem>
+<para>
+The signal number to use to reset the local &X-Server;.
+</para>
+<para>The default is <quote>1 (SIGHUP)</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-termsignal"><option>TermSignal</option></term>
+<listitem>
+<para>
+The signal number to use to terminate the local &X-Server;.
+</para>
+<para>The default is <quote>15 (SIGTERM)</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-authorize"><option>Authorize</option></term>
+<listitem>
+<para>
+Controls whether &tdm; generates and uses authorization for
+<emphasis>local</emphasis> &X-Server; connections.
+For &XDMCP; displays the authorization requested by the display is used;
+foreign non-&XDMCP; displays do not support authorization at all.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-authnames"><option>AuthNames</option></term>
+<listitem>
+<para>
+If <option>Authorize</option> is true, use the authorization mechanisms
+listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available;
+XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well,
+depending on the build configuration.
+</para>
+<para>The default is <quote>DEF_AUTH_NAME</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-resetforauth"><option>ResetForAuth</option></term>
+<listitem>
+<para>
+Some <emphasis>old</emphasis> &X-Server;s re-read the authorization file
+at &X-Server; reset time, instead of when checking the initial connection.
+As &tdm; generates the authorization information just before connecting to
+the display, an old &X-Server; would not get up-to-date authorization
+information. This option causes &tdm; to send SIGHUP to the &X-Server;
+after setting up the file, causing an additional &X-Server; reset to occur,
+during which time the new authorization information will be read.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-authfile"><option>AuthFile</option></term>
+<listitem>
+<para>
+This file is used to communicate the authorization data from &tdm; to
+the &X-Server;, using the <option>-auth</option> &X-Server; command line
+option. It should be kept in a directory which is not world-writable
+as it could easily be removed, disabling the authorization mechanism in
+the &X-Server;. If not specified, a random name is generated from
+<option>AuthDir</option> and the name of the display.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-resources"><option>Resources</option></term>
+<listitem>
+<para>
+This option specifies the name of the file to be loaded by
+<command>xrdb</command> as the resource database onto the root window
+of screen 0 of the display. KDE programs generally do not use
+X-resources, so this option is only needed if the <option>Setup</option>
+program needs some X-resources.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-xrdb"><option>Xrdb</option></term>
+<listitem>
+<para>
+The <command>xrdb</command> program to use to read the X-resources file
+specified in <option>Recources</option>.
+The command is subject to word splitting.
+</para>
+<para>The default is <quote>${<envar>x_bindir</envar>}/xrdb</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-setup"><option>Setup</option></term>
+<listitem>
+<para>
+This string is subject to word splitting.
+It specifies a program which is run (as
+<systemitem class="username">root</systemitem>) before offering the
+greeter window. This may be used to change the appearance of the screen
+around the greeter window or to put up other windows (e.g., you may want
+to run <command>xconsole</command> here).
+The conventional name for a program used here is <command>Xsetup</command>.
+See <xref linkend="tdmrc-xsetup"/>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-startup"><option>Startup</option></term>
+<listitem>
+<para>
+This string is subject to word splitting.
+It specifies a program which is run (as
+<systemitem class="username">root</systemitem>) after the user
+authentication process succeeds.
+The conventional name for a program used here is <command>Xstartup</command>.
+See <xref linkend="tdmrc-xstartup"/>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-reset"><option>Reset</option></term>
+<listitem>
+<para>
+This string is subject to word splitting.
+It specifies a program which is run (as
+<systemitem class="username">root</systemitem>) after the session
+terminates.
+The conventional name for a program used here is <command>Xreset</command>.
+See <xref linkend="tdmrc-xreset"/>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-session"><option>Session</option></term>
+<listitem>
+<para>
+This string is subject to word splitting.
+It specifies the session program to be executed (as the user owning
+the session).
+The conventional name for a program used here is <command>Xsession</command>.
+See <xref linkend="tdmrc-xsession"/>.
+</para>
+<para>The default is <quote>${<envar>x_bindir</envar>}/xterm -ls -T</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-failsafeclient"><option>FailsafeClient</option></term>
+<listitem>
+<para>
+If the <option>Session</option> program fails to execute, &tdm; will
+fall back to this program. This program is executed with no arguments,
+but executes using the same environment variables as the session would
+have had (see <xref linkend="tdmrc-xsession"/>).
+</para>
+<para>The default is <quote>${<envar>x_bindir</envar>}/xterm</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-userpath"><option>UserPath</option></term>
+<listitem>
+<para>
+The <envar>PATH</envar> environment variable for
+non-<systemitem class="username">root</systemitem> <option>Session</option>s.
+</para><para>
+The default depends on the system &tdm; was built on.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-systempath"><option>SystemPath</option></term>
+<listitem>
+<para>
+The <envar>PATH</envar> environment variable for all programs but
+non-<systemitem class="username">root</systemitem>
+<option>Session</option>s. Note that it is good practice not to include
+<literal>.</literal> (the current directory) into this entry.
+</para><para>
+The default depends on the system &tdm; was built on.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-systemshell"><option>SystemShell</option></term>
+<listitem>
+<para>
+The <envar>SHELL</envar> environment variable for all programs but the
+<option>Session</option>.
+</para>
+<para>The default is <quote>/bin/sh</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-userauthdir"><option>UserAuthDir</option></term>
+<listitem>
+<para>
+When &tdm; is unable to write to the usual user authorization file
+($<envar>HOME</envar>/.Xauthority), it creates a unique file name in this
+directory and points the environment variable <envar>XAUTHORITY</envar>
+at the created file.
+</para>
+<para>The default is <quote>/tmp</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autorelogin"><option>AutoReLogin</option></term>
+<listitem>
+<para>
+If enabled, &tdm; will automatically restart a session after an &X-Server;
+crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this
+feature opens a security hole: a secured display lock can be circumvented
+(unless &kde;'s built-in screen locker is used).
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowrootlogin"><option>AllowRootLogin</option></term>
+<listitem>
+<para>
+If disabled, do not allow <systemitem class="username">root</systemitem>
+(and any other user with UID = 0) to log in directly.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allownullpasswd"><option>AllowNullPasswd</option></term>
+<listitem>
+<para>
+If disabled, only users that have passwords assigned can log in.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowshutdown"><option>AllowShutdown</option></term>
+<listitem>
+<para>
+Who is allowed to shut down the system. This applies both to the
+greeter and to the command <acronym>FiFo</acronym>.
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>None</parameter></term>
+<listitem><para>no <guilabel>Shutdown...</guilabel> menu entry is shown at all</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Root</parameter></term>
+<listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>All</parameter></term>
+<listitem><para>everybody can shut down the machine</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>All</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowsdforcenow"><option>AllowSdForceNow</option></term>
+<listitem>
+<para>
+Who is allowed to abort active sessions when shutting down.
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>None</parameter></term>
+<listitem><para>no forced shutdown is allowed at all</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Root</parameter></term>
+<listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down forcibly</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>All</parameter></term>
+<listitem><para>everybody can shut down the machine forcibly</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>All</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-defaultsdmode"><option>DefaultSdMode</option></term>
+<listitem>
+<para>
+The default choice for the shutdown condition/timing.
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>Schedule</parameter></term>
+<listitem><para>shut down after all active sessions exit (possibly at once)</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>TryNow</parameter></term>
+<listitem><para>shut down, if no active sessions are open; otherwise, do nothing</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>ForceNow</parameter></term>
+<listitem><para>shut down unconditionally</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>Schedule</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-scheduledsd"><option>ScheduledSd</option></term>
+<listitem>
+<para>
+How to offer shutdown scheduling options:
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>Never</parameter></term>
+<listitem><para>not at all</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Optional</parameter></term>
+<listitem><para>as a button in the simple shutdown dialogs</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Always</parameter></term>
+<listitem><para>instead of the simple shutdown dialogs</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>Never</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-nopassenable"><option>NoPassEnable</option></term>
+<listitem>
+<para>
+Enable password-less logins on this display. <emphasis>Use with extreme care!</emphasis>
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-nopassusers"><option>NoPassUsers</option></term>
+<listitem>
+<para>
+The users that do not need to provide a password to log in.
+Items which are prefixed with <literal>@</literal> represent all users in the
+user group named by that item.
+<literal>*</literal> means all users but
+<systemitem class="username">root</systemitem>
+(and any other user with UID = 0).
+<emphasis>Never</emphasis> list <systemitem class="username">root</systemitem>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologinenable"><option>AutoLoginEnable</option></term>
+<listitem>
+<para>
+Enable automatic login. <emphasis>Use with extreme care!</emphasis>
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologinagain"><option>AutoLoginAgain</option></term>
+<listitem>
+<para>
+If true, auto-login after logout. If false, auto-login is performed only
+when a display session starts up.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologindelay"><option>AutoLoginDelay</option></term>
+<listitem>
+<para>
+The delay in seconds before automatic login kicks in. This is also known as
+<quote>Timed Login</quote>.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologinuser"><option>AutoLoginUser</option></term>
+<listitem>
+<para>
+The user to log in automatically. <emphasis>Never</emphasis> specify <systemitem class="username">root</systemitem>!
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologinpass"><option>AutoLoginPass</option></term>
+<listitem>
+<para>
+The password for the user to log in automatically. This is <emphasis>not</emphasis> required
+unless the user is logged into a <acronym>NIS</acronym> or Kerberos domain. If you use this
+option, you should <command>chmod&nbsp;<option>600</option>&nbsp;<filename>tdmrc</filename></command> for obvious reasons.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-autologinlocked"><option>AutoLoginLocked</option></term>
+<listitem>
+<para>
+Immediately lock the automatically started session. This works only with
+KDE sessions.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-sessionsdirs"><option>SessionsDirs</option></term>
+<listitem>
+<para>
+A list of directories containing session type definitions.
+</para>
+<para>The default is <quote>${<envar>kde_datadir</envar>}/tdm/sessions</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-clientlogfile"><option>ClientLogFile</option></term>
+<listitem>
+<para>
+The file (relative to the user's home directory) to redirect the session
+output to. One occurrence of <parameter>%s</parameter> in this string will be
+substituted with the display name. Use <parameter>%%</parameter> to obtain a
+literal <literal>%</literal>.
+</para>
+<para>The default is <quote>.xsession-errors</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-usesessreg"><option>UseSessReg</option></term>
+<listitem>
+<para>
+Specify whether &tdm;'s built-in utmp/wtmp/lastlog registration should
+be used. If it is not, the tool <command>sessreg</command> should be used
+in the <option>Startup</option> and <option>Reset</option> scripts, or,
+alternatively, the pam_lastlog module should be used on
+<acronym>PAM</acronym>-enabled systems.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+</variablelist>
+</sect2>
+
+
+<sect2 id="tdmrc-greeter">
+<title>The [X-*-Greeter] section class of &tdmrc;</title>
+
+<para>
+This section class contains options concerning the configuration
+of the &tdm; frontend (greeter).
+</para>
+
+<variablelist>
+
+<varlistentry>
+<term id="option-guistyle"><option>GUIStyle</option></term>
+<listitem>
+<para>
+Specify the widget style for the greeter. Empty means to use the
+built-in default which currently is <literal>Plastik</literal>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-colorscheme"><option>ColorScheme</option></term>
+<listitem>
+<para>
+Specify the widget color scheme for the greeter. Empty means to use
+the built-in default which currently is yellowish grey with some light
+blue and yellow elements.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-logoarea"><option>LogoArea</option></term>
+<listitem>
+<para>
+What should be shown in the greeter righthand of the input lines (if
+<option>UserList</option> is disabled) or above them (if
+<option>UserList</option> is enabled):
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>None</parameter></term>
+<listitem><para>nothing</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Logo</parameter></term>
+<listitem><para>the image specified by <option>LogoPixmap</option></para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Clock</parameter></term>
+<listitem><para>a neat analog clock</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>Clock</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-logopixmap"><option>LogoPixmap</option></term>
+<listitem>
+<para>
+The image to show in the greeter if <option>LogoArea</option> is
+<literal>Logo</literal>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-greeterpos"><option>GreeterPos</option></term>
+<listitem>
+<para>
+The relative coordinates (percentages of the screen size; X,Y) at which
+the center of the greeter is put. &tdm; aligns the greeter to the edges
+of the screen it would cross otherwise.
+</para>
+<para>The default is <quote>50,50</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-greeterscreen"><option>GreeterScreen</option></term>
+<listitem>
+<para>
+The screen the greeter should be displayed on in multi-headed and Xinerama
+setups. The numbering starts with 0. For Xinerama, it corresponds to the
+listing order in the active ServerLayout section of XF86Config; -1 means
+to use the upper-left screen, -2 means to use the upper-right screen.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-greetstring"><option>GreetString</option></term>
+<listitem>
+<para>
+The headline in the greeter. An empty greeting means none at all.
+</para><para>
+The following character pairs are replaced by their value:
+<variablelist>
+<varlistentry>
+<term><parameter>%d</parameter></term>
+<listitem><para>name of the current display</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%h</parameter></term>
+<listitem><para>local host name, possibly with the
+ domain name</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%n</parameter></term>
+<listitem><para>local node name, most probably the host name without the
+ domain name</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%s</parameter></term>
+<listitem><para>operating system</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%r</parameter></term>
+<listitem><para>operating system version</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%m</parameter></term>
+<listitem><para>machine (hardware) type</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>%%</parameter></term>
+<listitem><para>a single <literal>%</literal></para></listitem>
+</varlistentry>
+</variablelist>
+</para>
+<para>The default is <quote>Welcome to %s at %n</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-antialiasing"><option>AntiAliasing</option></term>
+<listitem>
+<para>
+Whether the fonts used in the greeter should be antialiased.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-greetfont"><option>GreetFont</option></term>
+<listitem>
+<para>
+The font for the greeter headline.
+</para>
+<para>The default is <quote>Serif,20,bold</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-stdfont"><option>StdFont</option></term>
+<listitem>
+<para>
+The normal font used in the greeter.
+</para>
+<para>The default is <quote>Sans Serif,10</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-failfont"><option>FailFont</option></term>
+<listitem>
+<para>
+The font used for the <quote>Login Failed</quote> message.
+</para>
+<para>The default is <quote>Sans Serif,10,bold</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-numlock"><option>NumLock</option></term>
+<listitem>
+<para>
+What to do with the Num Lock modifier for the time the greeter is running:
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>Off</parameter></term>
+<listitem><para>turn off</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>On</parameter></term>
+<listitem><para>turn on</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Keep</parameter></term>
+<listitem><para>do not change the state</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>Keep</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-language"><option>Language</option></term>
+<listitem>
+<para>
+Language and locale to use in the greeter, encoded like $<envar>LC_LANG</envar>.
+</para>
+<para>The default is <quote>en_US</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-usercompletion"><option>UserCompletion</option></term>
+<listitem>
+<para>
+Enable autocompletion in the username line edit.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-userlist"><option>UserList</option></term>
+<listitem>
+<para>
+Show a user list with unix login names, real names, and images in the greeter.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-showusers"><option>ShowUsers</option></term>
+<listitem>
+<para>
+This option controls which users will be shown in the user view
+(<option>UserList</option>) and/or offered for autocompletion
+(<option>UserCompletion</option>).
+If it is <literal>Selected</literal>, <option>SelectedUsers</option> contains
+the final list of users.
+If it is <literal>NotHidden</literal>, the initial user list contains all users
+found on the system. Users contained in <option>HiddenUsers</option> are
+removed from the list, just like all users with a UID greater than specified
+in <option>MaxShowUID</option> and users with a non-zero UID less than
+specified in <option>MinShowUID</option>.
+Items in <option>SelectedUsers</option> and <option>HiddenUsers</option>
+which are prefixed with <literal>@</literal> represent all users in the
+user group named by that item.
+Finally, the user list will be sorted alphabetically, if
+<option>SortUsers</option> is enabled.
+</para>
+<para>The default is <quote>NotHidden</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-selectedusers"><option>SelectedUsers</option></term>
+<listitem>
+<para>
+See <option>ShowUsers</option>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-hiddenusers"><option>HiddenUsers</option></term>
+<listitem>
+<para>
+See <option>ShowUsers</option>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-minshowuid"><option>MinShowUID</option></term>
+<listitem>
+<para>
+See <option>ShowUsers</option>.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-maxshowuid"><option>MaxShowUID</option></term>
+<listitem>
+<para>
+See <option>ShowUsers</option>.
+</para>
+<para>The default is <quote>65535</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-sortusers"><option>SortUsers</option></term>
+<listitem>
+<para>
+See <option>ShowUsers</option>.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-facesource"><option>FaceSource</option></term>
+<listitem>
+<para>
+If <option>UserList</option> is enabled, this specifies where &tdm; gets the
+images from:
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>AdminOnly</parameter></term>
+<listitem><para>from <filename>&lt;<option>FaceDir</option>&gt;/$<envar>USER</envar>.face[.icon]</filename></para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>PreferAdmin</parameter></term>
+<listitem><para>prefer &lt;<option>FaceDir</option>&gt;, fallback on $<envar>HOME</envar></para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>PreferUser</parameter></term>
+<listitem><para>... and the other way round</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>UserOnly</parameter></term>
+<listitem><para>from the user's <filename>$<envar>HOME</envar>/.face[.icon]</filename></para></listitem>
+</varlistentry>
+</variablelist>
+
+<para>
+The images can be in any format Qt recognizes, but the filename
+must match &tdm;'s expectations: <literal>.face.icon</literal> should be a
+48x48 icon, while <literal>.face</literal> should be a 300x300 image.
+Currently the big image is used only as a fallback and is scaled down,
+but in the future it might be displayed full-size in the logo area or a
+tooltip.
+</para>
+<para>The default is <quote>AdminOnly</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-facedir"><option>FaceDir</option></term>
+<listitem>
+<para>
+See <option>FaceSource</option>.
+</para>
+<para>The default is <quote>${<envar>kde_datadir</envar>}/tdm/faces</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-preselectuser"><option>PreselectUser</option></term>
+<listitem>
+<para>
+Specify, if/which user should be preselected for log in:
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>None</parameter></term>
+<listitem><para>do not preselect any user</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Previous</parameter></term>
+<listitem><para>the user which successfully logged in last time</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>Default</parameter></term>
+<listitem><para>the user specified in the <option>DefaultUser</option> option</para></listitem>
+</varlistentry>
+</variablelist>
+
+<para>
+If <option>FocusPasswd</option> is enabled and a user was preselected,
+the cursor is placed in the password input field automatically.
+</para>
+<note><para>Enabling user preselection can be considered a security hole,
+as it presents a valid login name to a potential attacker, so he
+<quote>only</quote> needs to guess the password. On the other hand,
+one could set <option>DefaultUser</option> to a fake login name.</para></note>
+<para>
+</para>
+<para>The default is <quote>None</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-defaultuser"><option>DefaultUser</option></term>
+<listitem>
+<para>
+See <option>PreselectUser</option>.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-focuspasswd"><option>FocusPasswd</option></term>
+<listitem>
+<para>
+See <option>PreselectUser</option>.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-echomode"><option>EchoMode</option></term>
+<listitem>
+<para>
+The password input fields cloak the typed in text. Specify, how to do it:
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>OneStar</parameter></term>
+<listitem><para><literal>*</literal> is shown for every typed
+character</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>ThreeStars</parameter></term>
+<listitem><para><literal>***</literal> is shown for every typed
+character</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>NoEcho</parameter></term>
+<listitem><para>nothing is shown at all, the cursor does not move</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>OneStar</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-usebackground"><option>UseBackground</option></term>
+<listitem>
+<para>
+If enabled, &tdm; will automatically start the <command>krootimage</command>
+program to set up the background; otherwise, the <option>Setup</option>
+program is responsible for the background.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-backgroundcfg"><option>BackgroundCfg</option></term>
+<listitem>
+<para>
+The configuration file to be used by <command>krootimage</command>.
+It contains a section named <literal>[Desktop0]</literal> like
+<filename>kdesktoprc</filename> does. Its options are not described
+herein; guess their meanings or use the control center.
+</para>
+<para>The default is <quote>${<envar>kde_confdir</envar>}/tdm/backgroundrc</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-grabserver"><option>GrabServer</option></term>
+<listitem>
+<para>
+To improve security, the greeter grabs the &X-Server; and then the keyboard
+when it starts up. This option specifies if the &X-Server; grab should be held
+for the duration of the name/password reading. When disabled, the &X-Server;
+is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is
+grabbed until just before the session begins.
+</para>
+<note><para>Enabling this option disables <option>UseBackground</option> and
+<option>Setup</option>.</para></note>
+<para>
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-grabtimeout"><option>GrabTimeout</option></term>
+<listitem>
+<para>
+This option specifies the maximum time &tdm; will wait for the grabs to
+succeed. A grab may fail if some other X-client has the &X-Server; or the
+keyboard grabbed, or possibly if the network latencies are very high. You
+should be cautious when raising the timeout, as a user can be spoofed by
+a look-alike window on the display. If a grab fails, &tdm; kills and
+restarts the &X-Server; (if possible) and the session.
+</para>
+<para>The default is <quote>3</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-authcomplain"><option>AuthComplain</option></term>
+<listitem>
+<para>
+Warn, if a display has no X-authorization. This will be the case if
+<itemizedlist>
+ <listitem><para>
+ the authorization file for a local &X-Server; could not be created,
+ </para></listitem>
+ <listitem><para>
+ a remote display from &XDMCP; did not request any authorization or
+ </para></listitem>
+ <listitem><para>
+ the display is a <quote>foreign</quote> display specified in
+ <option>StaticServers</option>.
+ </para></listitem>
+</itemizedlist>
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-loginmode"><option>LoginMode</option></term>
+<listitem>
+<para>
+Specify whether the greeter of local displays should start up in host chooser
+(remote) or login (local) mode and whether it is allowed to switch to the
+other mode.
+</para>
+<variablelist>
+<varlistentry>
+<term><parameter>LocalOnly</parameter></term>
+<listitem><para>only local login possible</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>DefaultLocal</parameter></term>
+<listitem><para>start up in local mode, but allow switching to remote mode</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>DefaultRemote</parameter></term>
+<listitem><para>... and the other way round</para></listitem>
+</varlistentry>
+<varlistentry>
+<term><parameter>RemoteOnly</parameter></term>
+<listitem><para>only choice of remote host possible</para></listitem>
+</varlistentry>
+</variablelist>
+<para>The default is <quote>LocalOnly</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-chooserhosts"><option>ChooserHosts</option></term>
+<listitem>
+<para>
+A list of hosts to be automatically added to the remote login menu.
+The special name <literal>*</literal> means broadcast.
+Has no effect if <option>LoginMode</option> is <literal>LocalOnly</literal>.
+</para>
+<para>The default is <quote>*</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-forgingseed"><option>ForgingSeed</option></term>
+<listitem>
+<para>
+Use this number as a random seed when forging saved session types, etc. of
+unknown users. This is used to avoid telling an attacker about existing users
+by reverse conclusion. This value should be random but constant across the
+login domain.
+</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-showlog"><option>ShowLog</option></term>
+<listitem>
+<para>
+Enable &tdm;'s built-in <command>xconsole</command>.
+Note that this can be enabled for only one display at a time.
+This option is available only if &tdm; was <command>configure</command>d
+with <option>--enable-tdm-xconsole</option>.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-logsource"><option>LogSource</option></term>
+<listitem>
+<para>
+The data source for &tdm;'s built-in <command>xconsole</command>.
+If empty, a console log redirection is requested from
+<filename>/dev/console</filename>.
+Has no effect if <option>ShowLog</option> is disabled.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pluginslogin"><option>PluginsLogin</option></term>
+<listitem>
+<para>
+Specify conversation plugins for the login dialog; the first in the list
+is selected initially.
+Each plugin can be specified as a base name (which expands to
+<filename>$<envar>kde_modulesdir</envar>/kgreet_<replaceable>base</replaceable></filename>)
+or as a full pathname.
+</para><para>
+Conversation plugins are modules for the greeter which obtain authentication
+data from the user. Currently only the <literal>classic</literal> plugin is
+shipped with &kde;; it presents the well-known username and password form.
+</para>
+<para>The default is <quote>classic</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pluginsshutdown"><option>PluginsShutdown</option></term>
+<listitem>
+<para>
+Same as <option>PluginsLogin</option>, but for the shutdown dialog.
+</para>
+<para>The default is <quote>classic</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-pluginoptions"><option>PluginOptions</option></term>
+<listitem>
+<para>
+A list of options of the form
+<replaceable>Key</replaceable><literal>=</literal><replaceable>Value</replaceable>.
+The conversation plugins can query these settings; it is up to them what
+possible keys are.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowconsole"><option>AllowConsole</option></term>
+<listitem>
+<para>
+Show the <guilabel>Console Login</guilabel> action in the greeter (if <option>ServerTTY</option>/<option>ConsoleTTYs</option>
+is configured).
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-allowclose"><option>AllowClose</option></term>
+<listitem>
+<para>
+Show the <guilabel>Restart X Server</guilabel>/<guilabel>Close Connection</guilabel> action in the greeter.
+</para>
+<para>The default is <quote>true</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-preloader"><option>Preloader</option></term>
+<listitem>
+<para>
+A program to run while the greeter is visible. It is supposed to preload
+as much as possible of the session that is going to be started (most
+probably).
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-usetheme"><option>UseTheme</option></term>
+<listitem>
+<para>
+Whether the greeter should be themed.
+</para>
+<para>The default is <quote>false</quote>.</para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
+<term id="option-theme"><option>Theme</option></term>
+<listitem>
+<para>
+The theme to use for the greeter. Can point to either a directory or an XML
+file.
+</para>
+<para>Empty by default.</para>
+</listitem>
+</varlistentry>
+
+</variablelist>
+</sect2>
+
+
+
+</sect1>
+
+<sect1 id="tdmrc-xservers">
+<title>Specifying permanent &X-Server;s</title>
+
+<para>Each entry in the <option>StaticServers</option> list indicates a
+display which should constantly be
+managed and which is not using &XDMCP;. This method is typically used only for
+local &X-Server;s that are started by &tdm;, but &tdm; can manage externally
+started (<quote>foreign</quote>) &X-Server;s as well, may they run on the
+local machine or rather remotely.</para>
+
+<para>The formal syntax of a specification is
+<screen>
+<userinput><replaceable>display&nbsp;name</replaceable>&nbsp;[<literal>_</literal><replaceable>display&nbsp;class</replaceable>]</userinput>
+</screen>
+for all &X-Server;s. <quote>Foreign</quote> displays differ in having
+a host name in the display name, may it be <literal>localhost</literal>.</para>
+
+<para>The <replaceable>display name</replaceable> must be something that can
+be passed in the <option>-display</option> option to an X program. This string
+is used to generate the display-specific section names, so be careful to match
+the names.
+The display name of &XDMCP; displays is derived from the display's address by
+reverse host name resolution. For configuration purposes, the
+<literal>localhost</literal> prefix from locally running &XDMCP; displays is
+<emphasis>not</emphasis> stripped to make them distinguishable from local
+&X-Server;s started by &tdm;.</para>
+
+<para>The <replaceable>display class</replaceable> portion is also used in the
+display-specific sections. This is useful if you have a large collection of
+similar displays (such as a corral of X terminals) and would like to set
+options for groups of them.
+When using &XDMCP;, the display is required to specify the display class,
+so the manual for your particular X terminal should document the display
+class string for your device. If it does not, you can run &tdm; in debug
+mode and <command>grep</command> the log for <quote>class</quote>.</para>
+
+<para>The displays specified in <option>ReserveServers</option> will not be
+started when &tdm; starts up, but when it is explicitly requested via
+the command socket (or <acronym>FiFo</acronym>).
+If reserve displays are specified, the &kde; menu will have a
+<guilabel>Start New Session</guilabel> item near the bottom; use that to
+activate a reserve display with a new login session. The monitor will switch
+to the new display, and you will have a minute to login. If there are no more
+reserve displays available, the menu item will be disabled.</para>
+
+<para>When &tdm; starts a session, it sets up authorization data for the
+&X-Server;. For local servers, &tdm; passes
+<command><option>-auth</option>&nbsp;<filename><replaceable>filename</replaceable></filename></command>
+on the &X-Server;'s command line to point it at its authorization data.
+For &XDMCP; displays, &tdm; passes the authorization data to the &X-Server;
+via the <quote>Accept</quote> &XDMCP; message.</para>
+
+</sect1>
+
+<sect1 id="tdmrc-xaccess">
+<title>&XDMCP; access control</title>
+
+<para>The file specified by the <option>AccessFile</option> option provides
+information which &tdm; uses to control access from displays requesting service
+via &XDMCP;.
+The file contains four types of entries: entries which control the response
+to <quote>Direct</quote> and <quote>Broadcast</quote> queries, entries which
+control the response to <quote>Indirect</quote> queries, macro definitions for
+<quote>Indirect</quote> entries, and entries which control on which network
+interfaces &tdm; listens for &XDMCP; queries.
+Blank lines are ignored, <literal>#</literal> is treated as a comment
+delimiter causing the rest of that line to be ignored, and <literal>\</literal>
+causes an immediately following newline to be ignored, allowing indirect host
+lists to span multiple lines.
+</para>
+
+<para>The format of the <quote>Direct</quote> entries is simple, either a
+host name or a pattern, which is compared against the host name of the display
+device.
+Patterns are distinguished from host names by the inclusion of one or more
+meta characters; <literal>*</literal> matches any sequence of 0 or more
+characters, and <literal>?</literal> matches any single character.
+If the entry is a host name, all comparisons are done using network addresses,
+so any name which converts to the correct network address may be used. Note
+that only the first network address returned for a host name is used.
+For patterns, only canonical host names are used in the comparison, so ensure
+that you do not attempt to match aliases.
+Host names from &XDMCP; queries always contain the local domain name
+even if the reverse lookup returns a short name, so you can use
+patterns for the local domain.
+Preceding the entry with a <literal>!</literal> character causes hosts which
+match that entry to be excluded.
+To only respond to <quote>Direct</quote> queries for a host or pattern,
+it can be followed by the optional <literal>NOBROADCAST</literal> keyword.
+This can be used to prevent a &tdm; server from appearing on menus based on
+<quote>Broadcast</quote> queries.</para>
+
+<para>An <quote>Indirect</quote> entry also contains a host name or pattern,
+but follows it with a list of host names or macros to which the queries
+should be forwarded. <quote>Indirect</quote> entries can be excluding as well,
+in which case a (valid) dummy host name must be supplied to make the entry
+distinguishable from a <quote>Direct</quote> entry.
+If compiled with IPv6 support, multicast address groups may also be included
+in the list of addresses the queries are forwarded to.
+<!-- Not actually implemented!
+Multicast addresses may be followed by an optional <literal>/</literal>
+character and hop count. If no hop count is specified, the multicast hop count
+defaults to 1, keeping the packet on the local network. For IPv4 multicasting,
+the hop count is used as the TTL.
+-->
+If the indirect host list contains the keyword <literal>CHOOSER</literal>,
+<quote>Indirect</quote> queries are not forwarded, but instead a host chooser
+dialog is displayed by &tdm;. The chooser will send a <quote>Direct</quote>
+query to each of the remaining host names in the list and offer a menu of
+all the hosts that respond. The host list may contain the keyword
+<literal>BROADCAST</literal>, to make the chooser send a
+<quote>Broadcast</quote> query as well; note that on some operating systems,
+UDP packets cannot be broadcast, so this feature will not work.
+</para>
+
+<para>When checking access for a particular display host, each entry is scanned
+in turn and the first matching entry determines the response.
+<quote>Direct</quote> and <quote>Broadcast</quote> entries are ignored when
+scanning for an <quote>Indirect</quote> entry and vice-versa.</para>
+
+<para>A macro definition contains a macro name and a list of host names and
+other macros that the macro expands to. To distinguish macros from hostnames,
+macro names start with a <literal>%</literal> character.</para>
+
+<para>The last entry type is the <literal>LISTEN</literal> directive.
+The formal syntax is
+<screen>
+<userinput>&nbsp;<literal>LISTEN</literal>&nbsp;[<replaceable>interface</replaceable>&nbsp;[<replaceable>multicast&nbsp;list</replaceable>]]</userinput>
+</screen>
+If one or more <literal>LISTEN</literal> lines are specified, &tdm; listens
+for &XDMCP; requests only on the specified interfaces.
+<replaceable>interface</replaceable> may be a hostname or IP address
+representing a network interface on this machine, or the wildcard
+<literal>*</literal> to represent all available network interfaces.
+If multicast group addresses are listed on a <literal>LISTEN</literal> line,
+&tdm; joins the multicast groups on the given interface. For IPv6 multicasts,
+the IANA has assigned ff0<replaceable>X</replaceable>:0:0:0:0:0:0:12b as the
+permanently assigned range of multicast addresses for &XDMCP;. The
+<replaceable>X</replaceable> in the prefix may be replaced by any valid scope
+identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and
+so on (see IETF RFC 2373 or its replacement for further details and scope
+definitions). &tdm; defaults to listening on the Link-Local scope address
+ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior.
+If no <literal>LISTEN</literal> lines are given, &tdm; listens on all
+interfaces and joins the default &XDMCP; IPv6 multicast group (when
+compiled with IPv6 support).
+To disable listening for &XDMCP; requests altogether, a
+<literal>LISTEN</literal> line with no addresses may be specified, but using
+the <literal>[Xdmcp]</literal> <option>Enable</option> option is preferred.
+</para>
+
+</sect1>
+
+<sect1 id="tdm-scripts">
+<title>Supplementary programs</title>
+
+<para>
+The following programs are run by &tdm; at various stages of a session.
+They typically are shell scripts.
+</para>
+
+<para>
+The Setup, Startup and Reset programs are run as
+<systemitem class="username">root</systemitem>, so they should be careful
+about security.
+Their first argument is <literal>auto</literal> if the session results
+from an automatic login; otherwise, no arguments are passed to them.
+</para>
+
+<sect2 id="tdmrc-xsetup">
+<title>Setup program</title>
+
+<para>
+The <filename>Xsetup</filename> program is run after the &X-Server; is
+started or reset, but before the greeter is offered.
+This is the place to change the root background (if
+<option>UseBackground</option> is disabled) or bring up other windows that
+should appear on the screen along with the greeter.
+</para>
+
+<para>
+In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+ <term>DISPLAY</term>
+ <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PATH</term>
+ <listitem><para>the value of <option>SystemPath</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SHELL</term>
+ <listitem><para>the value of <option>SystemShell</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>XAUTHORITY</term>
+ <listitem><para>may be set to an authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DM_CONTROL</term>
+ <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+</variablelist>
+
+<para> Note that since &tdm; grabs the keyboard, any other windows will not be
+able to receive keyboard input. They will be able to interact with the mouse,
+however; beware of potential security holes here. If <option>GrabServer</option>
+is set, <filename>Xsetup</filename> will not be able to connect to the display
+at all. Resources for this program can be put into the file named by
+<option>Resources</option>.
+</para>
+
+</sect2>
+
+<sect2 id="tdmrc-xstartup">
+<title>Startup program</title>
+
+<para>The <filename>Xstartup</filename> program is run as
+<systemitem class="username">root</systemitem> when the user logs in.
+This is the place to put commands which add entries to
+<filename>utmp</filename> (the <command>sessreg</command> program
+may be useful here), mount users' home directories from file servers,
+or abort the session if some requirements are not met (but note that on
+modern systems, many of these tasks are already taken care of by
+<acronym>PAM</acronym> modules).</para>
+
+<para>In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+ <term>DISPLAY</term>
+ <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>HOME</term>
+ <listitem><para>the initial working directory of the user</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LOGNAME</term>
+ <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>USER</term>
+ <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PATH</term>
+ <listitem><para>the value of <option>SystemPath</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SHELL</term>
+ <listitem><para>the value of <option>SystemShell</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>XAUTHORITY</term>
+ <listitem><para>may be set to an authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DM_CONTROL</term>
+ <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+</variablelist>
+
+<para>&tdm; waits until this program exits before starting the user session.
+If the exit value of this program is non-zero, &tdm; discontinues the session
+and starts another authentication cycle.</para>
+
+</sect2>
+
+<sect2 id="tdmrc-xsession">
+<title>Session program</title>
+
+<para>The <filename>Xsession</filename> program is the command which is run
+as the user's session. It is run with the permissions of the authorized user.
+One of the keywords <literal>failsafe</literal>, <literal>default</literal>
+or <literal>custom</literal>, or a string to <command>eval</command> by a
+Bourne-compatible shell is passed as the first argument.</para>
+
+<para>In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+ <term>DISPLAY</term>
+ <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>HOME</term>
+ <listitem><para>the initial working directory of the user</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LOGNAME</term>
+ <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>USER</term>
+ <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PATH</term>
+ <listitem><para>the value of <option>UserPath</option>
+ (or <option>SystemPath</option> for
+ <systemitem class="username">root</systemitem> user sessions)</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SHELL</term>
+ <listitem><para>the user's default shell</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>XAUTHORITY</term>
+ <listitem><para>may be set to a non-standard authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>KRBTKFILE</term>
+ <listitem><para>may be set to a Kerberos4 credentials cache name</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>KRB5CCNAME</term>
+ <listitem><para>may be set to a Kerberos5 credentials cache name</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DM_CONTROL</term>
+ <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>XDM_MANAGED</term>
+ <listitem><para>will contain a comma-separated list of parameters the
+ session might find interesting, like the location of the command
+ <acronym>FiFo</acronym> and its capabilities, and which conversation
+ plugin was used for the login</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DESKTOP_SESSION</term>
+ <listitem><para>the name of the session the user has chosen to run</para>
+ </listitem>
+ </varlistentry>
+</variablelist>
+
+</sect2>
+
+<sect2 id="tdmrc-xreset">
+<title>Reset program</title>
+
+<para>Symmetrical with <filename>Xstartup</filename>, the
+<filename>Xreset</filename> program is run after the user session has
+terminated. Run as <systemitem class="username">root</systemitem>, it should
+contain commands that undo the effects of commands in
+<filename>Xstartup</filename>, removing entries from <filename>utmp</filename>
+or unmounting directories from file servers.</para>
+
+<para>The environment variables that were passed to
+<filename>Xstartup</filename> are also passed to <filename>Xreset</filename>.
+</para>
+
+</sect2>
+
+</sect1>
+
+</chapter>