From b81e43465b14836b17e4fe2dea91c78a2bdd29b3 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 22 Jan 2012 01:02:36 -0600 Subject: Part 2 of prior commit --- doc/kdm/kdmrc-ref.docbook | 2316 --------------------------------------------- 1 file changed, 2316 deletions(-) delete mode 100644 doc/kdm/kdmrc-ref.docbook (limited to 'doc/kdm/kdmrc-ref.docbook') diff --git a/doc/kdm/kdmrc-ref.docbook b/doc/kdm/kdmrc-ref.docbook deleted file mode 100644 index f2cfd2f0e..000000000 --- a/doc/kdm/kdmrc-ref.docbook +++ /dev/null @@ -1,2316 +0,0 @@ - - - -The Files &tdm; Uses for Configuration - -This chapter documents the files that control &tdm;'s behavior. -Some of this can be also controlled from the &kcontrol; module, but -not all. - - -&tdmrc; - The &tdm; master configuration file - -The basic format of the file is INI-like. -Options are key/value pairs, placed in sections. -Everything in the file is case sensitive. -Syntactic errors and unrecognized key/section identifiers cause &tdm; to -issue non-fatal error messages. - -Lines beginning with # are comments; empty lines -are ignored as well. - -Sections are denoted by -[Name of Section]. - - -You can configure every X-display individually. -Every display has a display name, which consists of a host name -(which is empty for local displays specified in -or ), a colon, and a display number. -Additionally, a display belongs to a -display class (which can be ignored in most cases). - -Sections with display-specific settings have the formal syntax -[X- host [ : number [ _ class ] ] - sub-section ] - -All sections with the same sub-section -make up a section class. - -You can use the wildcard * (match any) for -host, number, -and class. You may omit trailing components; -they are assumed to be * then. The host part may be a -domain specification like .inf.tu-dresden.de -or the wildcard + (match non-empty). - -From which section a setting is actually taken is determined by -these rules: - - - -An exact match takes precedence over a partial match (for the -host part), which in turn takes precedence over a wildcard -(+ taking precendence over *). - - - -Precedence decreases from left to right for equally exact matches. - - - - - -Example: display name myhost.foo:0, class dpy - - - -[X-myhost.foo:0_dpy] precedes - - -[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes - - -[X-myhost.foo:*_dpy] precedes - - -[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes - - -[X-.foo:*_*] (same as [X-.foo]) precedes - - -[X-+:0_dpy] precedes - - -[X-*:0_dpy] precedes - - -[X-*:0_*] (same as [X-*:0]) precedes - - -[X-*:*_*] (same as [X-*]). - - -These sections do not match this display: -[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*] - - - - - - - -Common sections are [X-*] (all displays), [X-:*] (all local displays) -and [X-:0] (the first local display). - -The format for all keys is - = value. -Keys are only valid in the section class they are defined for. -Some keys do not apply to particular displays, in which case they are ignored. - - -If a setting is not found in any matching section, the default -is used. - -Special characters need to be backslash-escaped (leading and trailing -spaces (\s), tab (\t), linefeed -(\n), carriage return (\r) and the -backslash itself (\\)). -In lists, fields are separated with commas without whitespace in between. - -Some command strings are subject to simplified sh-style word splitting: -single quotes (') and double quotes (") -have the usual meaning; the backslash quotes everything (not only special -characters). Note that the backslashes need to be doubled because of the -two levels of quoting. - -A pristine &tdmrc; is very thoroughly commented. -All comments will be lost if you change this file with the -kcontrol frontend. - - - -The [General] section of &tdmrc; - - -This section contains global options that do not fit into any specific section. - - - - - - - - -This option exists solely for the purpose of clean automatic upgrades. -Do not change it, you may interfere with future -upgrades and this could result in &tdm; failing to run. - - - - - - - - -List of displays (&X-Server;s) permanently managed by &tdm;. Displays with a -hostname are foreign displays which are expected to be already running, -the others are local displays for which &tdm; starts an own &X-Server;; -see . Each display may belong to a display class; -append it to the display name separated by an underscore. -See for the details. - -The default is :0. - - - - - - - -List of on-demand displays. See for syntax. - -Empty by default. - - - - - - - -List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the -absolute value is used, and the VT will be allocated only -if the kernel says it is free. If &tdm; exhausts this list, it will allocate -free VTs greater than the absolute value of the last entry -in this list. -Currently Linux only. - -Empty by default. - - - - - - - -This option is for operating systems (OSs) with support -for virtual terminals (VTs), by both &tdm; and the -OSs itself. -Currently this applies only to Linux. - -When &tdm; switches to console mode, it starts monitoring all -TTY lines listed here (without the leading -/dev/). -If none of them is active for some time, &tdm; switches back to the X login. - -Empty by default. - - - - - - - -The filename specified will be created to contain an ASCII representation -of the process ID of the main &tdm; process; the PID will not be stored -if the filename is empty. - -Empty by default. - - - - - - - -This option controls whether &tdm; uses file locking to keep multiple -display managers from running onto each other. - -The default is true. - - - - - - - -This names a directory under which &tdm; stores &X-Server; authorization -files while initializing the session. &tdm; expects the system to clean up -this directory from stale files on reboot. - -The authorization file to be used for a particular display can be -specified with the option in [X-*-Core]. - -The default is /var/run/xauth. - - - - - - - -This boolean controls whether &tdm; automatically re-reads its -configuration files if it finds them to have changed. - -The default is true. - - - - - - - -Additional environment variables &tdm; should pass on to all programs it runs. -LD_LIBRARY_PATH and XCURSOR_THEME are good candidates; -otherwise, it should not be necessary very often. - -Empty by default. - - - - - - - -If the system has no native entropy source like /dev/urandom (see -) and no entropy daemon like EGD (see - and ) is running, -&tdm; will fall back to its own pseudo-random number generator -that will, among other things, successively checksum parts of this file -(which, obviously, should change frequently). - -This option does not exist on Linux and various BSDs. - -The default is /dev/mem. - - - - - - - -If the system has no native entropy source like /dev/urandom (see -), read random data from a Pseudo-Random -Number Generator Daemon, -like EGD (http://egd.sourceforge.net) via this UNIX domain socket. - -This option does not exist on Linux and various BSDs. - -Empty by default. - - - - - - - -Same as , only use a TCP socket on localhost. - - - - - - - - -The path to a character device which &tdm; should read random data from. -Empty means to use the system's preferred entropy device if there is one. - -This option does not exist on OpenBSD, as it uses the arc4_random -function instead. - -Empty by default. - - - - - - - -The directory in which the command FiFos should -be created; make it empty to disable them. - -The default is /var/run/xdmctl. - - - - - - - -The group to which the global command FiFo should belong; -can be either a name or a numerical ID. - - - - - - - - -The directory in which &tdm; should store persistent working data; such data -is, for example, the previous user that logged in on a particular display. - -The default is /var/lib/tdm. - - - - - - - -The directory in which &tdm; should store users' .dmrc files. This is only -needed if the home directories are not readable before actually logging in -(like with AFS). - -Empty by default. - - - - - - - - -The [Xdmcp] section of &tdmrc; - - -This section contains options that control &tdm;'s handling of -&XDMCP; requests. - - - - - - - - -Whether &tdm; should listen to incoming &XDMCP; requests. - -The default is true. - - - - - - - -This indicates the UDP port number which &tdm; uses to listen for incoming -&XDMCP; requests. Unless you need to debug the system, leave this with its -default value. - -The default is 177. - - - - - - - -XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private -key to be shared between &tdm; and the terminal. This option specifies -the file containing those values. Each entry in the file consists of a -display name and the shared key. - -Empty by default. - - - - - - - -To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP; -IndirectQuery requests, this file contains a database of hostnames which -are either allowed direct access to this machine, or have a list of hosts -to which queries should be forwarded to. The format of this file is -described in . - -The default is ${kde_confdir}/tdm/Xaccess. - - - - - - - -Number of seconds to wait for the display to respond after the user has -selected a host from the chooser. If the display sends an &XDMCP; -IndirectQuery within this time, the request is forwarded to the chosen -host; otherwise, it is assumed to be from a new session and the chooser -is offered again. - -The default is 15. - - - - - - - -When computing the display name for &XDMCP; clients, the name resolver will -typically create a fully qualified host name for the terminal. As this is -sometimes confusing, &tdm; will remove the domain name portion of the host -name if it is the same as the domain name of the local host when this option -is enabled. - -The default is true. - - - - - - - -Use the numeric IP address of the incoming connection on multihomed hosts -instead of the host name. This is to avoid trying to connect on the wrong -interface which might be down at this time. - -The default is false. - - - - - - - -This specifies a program which is run (as -root) when an &XDMCP; -DirectQuery or BroadcastQuery is received and this host is configured -to offer &XDMCP; display management. The output of this program may be -displayed in a chooser window. If no program is specified, the string -Willing to manage is sent. - -Empty by default. - - - - - - - - -The [Shutdown] section of &tdmrc; - - -This section contains global options concerning system shutdown. - - - - - - - - -The command (subject to word splitting) to run to halt/poweroff the system. - -The default is something reasonable for the system on which &tdm; was built, like -/sbin/shutdown  now. - - - - - - - - -The command (subject to word splitting) to run to reboot the system. - -The default is something reasonable for the system &tdm; on which was built, like -/sbin/shutdown  now. - - - - - - - - -Whether it is allowed to shut down the system via the global command FiFo. - -The default is false. - - - - - - - -Whether it is allowed to abort active sessions when shutting down the -system via the global command FiFo. - -This will have no effect unless is enabled. - -The default is true. - - - - - - - -The boot manager &tdm; should use for offering boot options in the -shutdown dialog. - - - -None -no boot manager - - -Grub -Grub boot manager - - -Lilo -Lilo boot manager (Linux on i386 & x86-64 only) - - -The default is None. - - - - - - - - -The [X-*-Core] section class of &tdmrc; - - -This section class contains options concerning the configuration -of the &tdm; backend (core). - - - - - - - - -See . - -The default is 15. - - - - - - - -See . - -The default is 120. - - - - - - - -These options control the behavior of &tdm; when attempting to open a -connection to an &X-Server;. is the length -of the pause (in seconds) between successive attempts, - is the number of attempts to make and - is the amount of time to spend on a -connection attempt. After attempts have been -made, or if seconds elapse in any particular -connection attempt, the start attempt is considered failed. - -The default is 5. - - - - - - - -How many times &tdm; should attempt to start a foreign -display listed in before giving up -and disabling it. -Local displays are attempted only once, and &XDMCP; displays are retried -indefinitely by the client (unless the option -was given to the &X-Server;). - -The default is 4. - - - - - - - -How many times &tdm; should attempt to start up a local &X-Server;. -Starting up includes executing it and waiting for it to come up. - -The default is 1. - - - - - - - -How many seconds &tdm; should wait for a local &X-Server; to come up. - -The default is 15. - - - - - - - -The command line to start the &X-Server;, without display number and VT spec. -This string is subject to word splitting. - -The default is something reasonable for the system on which &tdm; was built, -like /usr/X11R6/bin/X. - - - - - - - - -Additional arguments for the &X-Server;s for local sessions. -This string is subject to word splitting. - -Empty by default. - - - - - - - -Additional arguments for the &X-Server;s for remote sessions. -This string is subject to word splitting. - -Empty by default. - - - - - - - -The VT the &X-Server; should run on. - should be used instead of this option. -Leave it zero to let &tdm; assign a VT automatically. -Set it to -1 to avoid assigning a VT -alltogether - this is required for setups with multiple physical consoles. -Currently Linux only. - - - - - - - - -This option is for OSs without support for -VTs, either by &tdm; or the OS itself. -Currently this applies to all OSs but Linux. - -When &tdm; switches to console mode, it starts monitoring this -TTY line (specified without the leading -/dev/) for activity. If the line is not used for some time, -&tdm; switches back to the X login. - -Empty by default. - - - - - - - -See . - -The default is 5. - - - - - - - -To discover when remote displays disappear, &tdm; -regularly pings them. - specifies the time (in minutes) between the -pings and specifies the maximum amount of -time (in minutes) to wait for the terminal to respond to the request. If -the terminal does not respond, the session is declared dead and terminated. - -If you frequently use X terminals which can become isolated from -the managing host, you may wish to increase the timeout. The only worry -is that sessions will continue to exist after the terminal has been -accidentally disabled. - -The default is 5. - - - - - - - -Whether &tdm; should restart the local &X-Server; after session exit instead -of resetting it. Use this if the &X-Server; leaks memory or crashes the system -on reset attempts. - -The default is false. - - - - - - - -The signal number to use to reset the local &X-Server;. - -The default is 1 (SIGHUP). - - - - - - - -The signal number to use to terminate the local &X-Server;. - -The default is 15 (SIGTERM). - - - - - - - -Controls whether &tdm; generates and uses authorization for -local &X-Server; connections. -For &XDMCP; displays the authorization requested by the display is used; -foreign non-&XDMCP; displays do not support authorization at all. - -The default is true. - - - - - - - -If is true, use the authorization mechanisms -listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available; -XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well, -depending on the build configuration. - -The default is DEF_AUTH_NAME. - - - - - - - -Some old &X-Server;s re-read the authorization file -at &X-Server; reset time, instead of when checking the initial connection. -As &tdm; generates the authorization information just before connecting to -the display, an old &X-Server; would not get up-to-date authorization -information. This option causes &tdm; to send SIGHUP to the &X-Server; -after setting up the file, causing an additional &X-Server; reset to occur, -during which time the new authorization information will be read. - -The default is false. - - - - - - - -This file is used to communicate the authorization data from &tdm; to -the &X-Server;, using the &X-Server; command line -option. It should be kept in a directory which is not world-writable -as it could easily be removed, disabling the authorization mechanism in -the &X-Server;. If not specified, a random name is generated from - and the name of the display. - -Empty by default. - - - - - - - -This option specifies the name of the file to be loaded by -xrdb as the resource database onto the root window -of screen 0 of the display. KDE programs generally do not use -X-resources, so this option is only needed if the -program needs some X-resources. - -Empty by default. - - - - - - - -The xrdb program to use to read the X-resources file -specified in . -The command is subject to word splitting. - -The default is ${x_bindir}/xrdb. - - - - - - - -This string is subject to word splitting. -It specifies a program which is run (as -root) before offering the -greeter window. This may be used to change the appearance of the screen -around the greeter window or to put up other windows (e.g., you may want -to run xconsole here). -The conventional name for a program used here is Xsetup. -See . - -Empty by default. - - - - - - - -This string is subject to word splitting. -It specifies a program which is run (as -root) after the user -authentication process succeeds. -The conventional name for a program used here is Xstartup. -See . - -Empty by default. - - - - - - - -This string is subject to word splitting. -It specifies a program which is run (as -root) after the session -terminates. -The conventional name for a program used here is Xreset. -See . - -Empty by default. - - - - - - - -This string is subject to word splitting. -It specifies the session program to be executed (as the user owning -the session). -The conventional name for a program used here is Xsession. -See . - -The default is ${x_bindir}/xterm -ls -T. - - - - - - - -If the program fails to execute, &tdm; will -fall back to this program. This program is executed with no arguments, -but executes using the same environment variables as the session would -have had (see ). - -The default is ${x_bindir}/xterm. - - - - - - - -The PATH environment variable for -non-root s. - -The default depends on the system &tdm; was built on. - - - - - - - - -The PATH environment variable for all programs but -non-root -s. Note that it is good practice not to include -. (the current directory) into this entry. - -The default depends on the system &tdm; was built on. - - - - - - - - -The SHELL environment variable for all programs but the -. - -The default is /bin/sh. - - - - - - - -When &tdm; is unable to write to the usual user authorization file -($HOME/.Xauthority), it creates a unique file name in this -directory and points the environment variable XAUTHORITY -at the created file. - -The default is /tmp. - - - - - - - -If enabled, &tdm; will automatically restart a session after an &X-Server; -crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this -feature opens a security hole: a secured display lock can be circumvented -(unless &kde;'s built-in screen locker is used). - -The default is false. - - - - - - - -If disabled, do not allow root -(and any other user with UID = 0) to log in directly. - -The default is true. - - - - - - - -If disabled, only users that have passwords assigned can log in. - -The default is true. - - - - - - - -Who is allowed to shut down the system. This applies both to the -greeter and to the command FiFo. - - - -None -no Shutdown... menu entry is shown at all - - -Root -the root password must be entered to shut down - - -All -everybody can shut down the machine - - -The default is All. - - - - - - - -Who is allowed to abort active sessions when shutting down. - - - -None -no forced shutdown is allowed at all - - -Root -the root password must be entered to shut down forcibly - - -All -everybody can shut down the machine forcibly - - -The default is All. - - - - - - - -The default choice for the shutdown condition/timing. - - - -Schedule -shut down after all active sessions exit (possibly at once) - - -TryNow -shut down, if no active sessions are open; otherwise, do nothing - - -ForceNow -shut down unconditionally - - -The default is Schedule. - - - - - - - -How to offer shutdown scheduling options: - - - -Never -not at all - - -Optional -as a button in the simple shutdown dialogs - - -Always -instead of the simple shutdown dialogs - - -The default is Never. - - - - - - - -Enable password-less logins on this display. Use with extreme care! - -The default is false. - - - - - - - -The users that do not need to provide a password to log in. -Items which are prefixed with @ represent all users in the -user group named by that item. -* means all users but -root -(and any other user with UID = 0). -Never list root. - -Empty by default. - - - - - - - -Enable automatic login. Use with extreme care! - -The default is false. - - - - - - - -If true, auto-login after logout. If false, auto-login is performed only -when a display session starts up. - -The default is false. - - - - - - - -The delay in seconds before automatic login kicks in. This is also known as -Timed Login. - - - - - - - - -The user to log in automatically. Never specify root! - -Empty by default. - - - - - - - -The password for the user to log in automatically. This is not required -unless the user is logged into a NIS or Kerberos domain. If you use this -option, you should chmod  tdmrc for obvious reasons. - -Empty by default. - - - - - - - -Immediately lock the automatically started session. This works only with -KDE sessions. - -The default is false. - - - - - - - -A list of directories containing session type definitions. - -The default is ${kde_datadir}/tdm/sessions. - - - - - - - -The file (relative to the user's home directory) to redirect the session -output to. One occurrence of %s in this string will be -substituted with the display name. Use %% to obtain a -literal %. - -The default is .xsession-errors. - - - - - - - -Specify whether &tdm;'s built-in utmp/wtmp/lastlog registration should -be used. If it is not, the tool sessreg should be used -in the and scripts, or, -alternatively, the pam_lastlog module should be used on -PAM-enabled systems. - -The default is true. - - - - - - - - -The [X-*-Greeter] section class of &tdmrc; - - -This section class contains options concerning the configuration -of the &tdm; frontend (greeter). - - - - - - - - -Specify the widget style for the greeter. Empty means to use the -built-in default which currently is Plastik. - -Empty by default. - - - - - - - -Specify the widget color scheme for the greeter. Empty means to use -the built-in default which currently is yellowish grey with some light -blue and yellow elements. - -Empty by default. - - - - - - - -What should be shown in the greeter righthand of the input lines (if - is disabled) or above them (if - is enabled): - - - -None -nothing - - -Logo -the image specified by - - -Clock -a neat analog clock - - -The default is Clock. - - - - - - - -The image to show in the greeter if is -Logo. - -Empty by default. - - - - - - - -The relative coordinates (percentages of the screen size; X,Y) at which -the center of the greeter is put. &tdm; aligns the greeter to the edges -of the screen it would cross otherwise. - -The default is 50,50. - - - - - - - -The screen the greeter should be displayed on in multi-headed and Xinerama -setups. The numbering starts with 0. For Xinerama, it corresponds to the -listing order in the active ServerLayout section of XF86Config; -1 means -to use the upper-left screen, -2 means to use the upper-right screen. - - - - - - - - -The headline in the greeter. An empty greeting means none at all. - -The following character pairs are replaced by their value: - - -%d -name of the current display - - -%h -local host name, possibly with the - domain name - - -%n -local node name, most probably the host name without the - domain name - - -%s -operating system - - -%r -operating system version - - -%m -machine (hardware) type - - -%% -a single % - - - -The default is Welcome to %s at %n. - - - - - - - -Whether the fonts used in the greeter should be antialiased. - -The default is false. - - - - - - - -The font for the greeter headline. - -The default is Serif,20,bold. - - - - - - - -The normal font used in the greeter. - -The default is Sans Serif,10. - - - - - - - -The font used for the Login Failed message. - -The default is Sans Serif,10,bold. - - - - - - - -What to do with the Num Lock modifier for the time the greeter is running: - - - -Off -turn off - - -On -turn on - - -Keep -do not change the state - - -The default is Keep. - - - - - - - -Language and locale to use in the greeter, encoded like $LC_LANG. - -The default is en_US. - - - - - - - -Enable autocompletion in the username line edit. - -The default is false. - - - - - - - -Show a user list with unix login names, real names, and images in the greeter. - -The default is true. - - - - - - - -This option controls which users will be shown in the user view -() and/or offered for autocompletion -(). -If it is Selected, contains -the final list of users. -If it is NotHidden, the initial user list contains all users -found on the system. Users contained in are -removed from the list, just like all users with a UID greater than specified -in and users with a non-zero UID less than -specified in . -Items in and -which are prefixed with @ represent all users in the -user group named by that item. -Finally, the user list will be sorted alphabetically, if - is enabled. - -The default is NotHidden. - - - - - - - -See . - -Empty by default. - - - - - - - -See . - -Empty by default. - - - - - - - -See . - - - - - - - - -See . - -The default is 65535. - - - - - - - -See . - -The default is true. - - - - - - - -If is enabled, this specifies where &tdm; gets the -images from: - - - -AdminOnly -from <>/$USER.face[.icon] - - -PreferAdmin -prefer <>, fallback on $HOME - - -PreferUser -... and the other way round - - -UserOnly -from the user's $HOME/.face[.icon] - - - - -The images can be in any format Qt recognizes, but the filename -must match &tdm;'s expectations: .face.icon should be a -48x48 icon, while .face should be a 300x300 image. -Currently the big image is used only as a fallback and is scaled down, -but in the future it might be displayed full-size in the logo area or a -tooltip. - -The default is AdminOnly. - - - - - - - -See . - -The default is ${kde_datadir}/tdm/faces. - - - - - - - -Specify, if/which user should be preselected for log in: - - - -None -do not preselect any user - - -Previous -the user which successfully logged in last time - - -Default -the user specified in the option - - - - -If is enabled and a user was preselected, -the cursor is placed in the password input field automatically. - -Enabling user preselection can be considered a security hole, -as it presents a valid login name to a potential attacker, so he -only needs to guess the password. On the other hand, -one could set to a fake login name. - - -The default is None. - - - - - - - -See . - -Empty by default. - - - - - - - -See . - -The default is false. - - - - - - - -The password input fields cloak the typed in text. Specify, how to do it: - - - -OneStar -* is shown for every typed -character - - -ThreeStars -*** is shown for every typed -character - - -NoEcho -nothing is shown at all, the cursor does not move - - -The default is OneStar. - - - - - - - -If enabled, &tdm; will automatically start the krootimage -program to set up the background; otherwise, the -program is responsible for the background. - -The default is true. - - - - - - - -The configuration file to be used by krootimage. -It contains a section named [Desktop0] like -kdesktoprc does. Its options are not described -herein; guess their meanings or use the control center. - -The default is ${kde_confdir}/tdm/backgroundrc. - - - - - - - -To improve security, the greeter grabs the &X-Server; and then the keyboard -when it starts up. This option specifies if the &X-Server; grab should be held -for the duration of the name/password reading. When disabled, the &X-Server; -is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is -grabbed until just before the session begins. - -Enabling this option disables and -. - - -The default is false. - - - - - - - -This option specifies the maximum time &tdm; will wait for the grabs to -succeed. A grab may fail if some other X-client has the &X-Server; or the -keyboard grabbed, or possibly if the network latencies are very high. You -should be cautious when raising the timeout, as a user can be spoofed by -a look-alike window on the display. If a grab fails, &tdm; kills and -restarts the &X-Server; (if possible) and the session. - -The default is 3. - - - - - - - -Warn, if a display has no X-authorization. This will be the case if - - - the authorization file for a local &X-Server; could not be created, - - - a remote display from &XDMCP; did not request any authorization or - - - the display is a foreign display specified in - . - - - -The default is true. - - - - - - - -Specify whether the greeter of local displays should start up in host chooser -(remote) or login (local) mode and whether it is allowed to switch to the -other mode. - - - -LocalOnly -only local login possible - - -DefaultLocal -start up in local mode, but allow switching to remote mode - - -DefaultRemote -... and the other way round - - -RemoteOnly -only choice of remote host possible - - -The default is LocalOnly. - - - - - - - -A list of hosts to be automatically added to the remote login menu. -The special name * means broadcast. -Has no effect if is LocalOnly. - -The default is *. - - - - - - - -Use this number as a random seed when forging saved session types, etc. of -unknown users. This is used to avoid telling an attacker about existing users -by reverse conclusion. This value should be random but constant across the -login domain. - - - - - - - - -Enable &tdm;'s built-in xconsole. -Note that this can be enabled for only one display at a time. -This option is available only if &tdm; was configured -with . - -The default is false. - - - - - - - -The data source for &tdm;'s built-in xconsole. -If empty, a console log redirection is requested from -/dev/console. -Has no effect if is disabled. - -Empty by default. - - - - - - - -Specify conversation plugins for the login dialog; the first in the list -is selected initially. -Each plugin can be specified as a base name (which expands to -$kde_modulesdir/kgreet_base) -or as a full pathname. - -Conversation plugins are modules for the greeter which obtain authentication -data from the user. Currently only the classic plugin is -shipped with &kde;; it presents the well-known username and password form. - -The default is classic. - - - - - - - -Same as , but for the shutdown dialog. - -The default is classic. - - - - - - - -A list of options of the form -Key=Value. -The conversation plugins can query these settings; it is up to them what -possible keys are. - -Empty by default. - - - - - - - -Show the Console Login action in the greeter (if / -is configured). - -The default is true. - - - - - - - -Show the Restart X Server/Close Connection action in the greeter. - -The default is true. - - - - - - - -A program to run while the greeter is visible. It is supposed to preload -as much as possible of the session that is going to be started (most -probably). - -Empty by default. - - - - - - - -Whether the greeter should be themed. - -The default is false. - - - - - - - -The theme to use for the greeter. Can point to either a directory or an XML -file. - -Empty by default. - - - - - - - - - - - -Specifying permanent &X-Server;s - -Each entry in the list indicates a -display which should constantly be -managed and which is not using &XDMCP;. This method is typically used only for -local &X-Server;s that are started by &tdm;, but &tdm; can manage externally -started (foreign) &X-Server;s as well, may they run on the -local machine or rather remotely. - -The formal syntax of a specification is - -display name [_display class] - -for all &X-Server;s. Foreign displays differ in having -a host name in the display name, may it be localhost. - -The display name must be something that can -be passed in the option to an X program. This string -is used to generate the display-specific section names, so be careful to match -the names. -The display name of &XDMCP; displays is derived from the display's address by -reverse host name resolution. For configuration purposes, the -localhost prefix from locally running &XDMCP; displays is -not stripped to make them distinguishable from local -&X-Server;s started by &tdm;. - -The display class portion is also used in the -display-specific sections. This is useful if you have a large collection of -similar displays (such as a corral of X terminals) and would like to set -options for groups of them. -When using &XDMCP;, the display is required to specify the display class, -so the manual for your particular X terminal should document the display -class string for your device. If it does not, you can run &tdm; in debug -mode and grep the log for class. - -The displays specified in will not be -started when &tdm; starts up, but when it is explicitly requested via -the command socket (or FiFo). -If reserve displays are specified, the &kde; menu will have a -Start New Session item near the bottom; use that to -activate a reserve display with a new login session. The monitor will switch -to the new display, and you will have a minute to login. If there are no more -reserve displays available, the menu item will be disabled. - -When &tdm; starts a session, it sets up authorization data for the -&X-Server;. For local servers, &tdm; passes - filename -on the &X-Server;'s command line to point it at its authorization data. -For &XDMCP; displays, &tdm; passes the authorization data to the &X-Server; -via the Accept &XDMCP; message. - - - - -&XDMCP; access control - -The file specified by the option provides -information which &tdm; uses to control access from displays requesting service -via &XDMCP;. -The file contains four types of entries: entries which control the response -to Direct and Broadcast queries, entries which -control the response to Indirect queries, macro definitions for -Indirect entries, and entries which control on which network -interfaces &tdm; listens for &XDMCP; queries. -Blank lines are ignored, # is treated as a comment -delimiter causing the rest of that line to be ignored, and \ -causes an immediately following newline to be ignored, allowing indirect host -lists to span multiple lines. - - -The format of the Direct entries is simple, either a -host name or a pattern, which is compared against the host name of the display -device. -Patterns are distinguished from host names by the inclusion of one or more -meta characters; * matches any sequence of 0 or more -characters, and ? matches any single character. -If the entry is a host name, all comparisons are done using network addresses, -so any name which converts to the correct network address may be used. Note -that only the first network address returned for a host name is used. -For patterns, only canonical host names are used in the comparison, so ensure -that you do not attempt to match aliases. -Host names from &XDMCP; queries always contain the local domain name -even if the reverse lookup returns a short name, so you can use -patterns for the local domain. -Preceding the entry with a ! character causes hosts which -match that entry to be excluded. -To only respond to Direct queries for a host or pattern, -it can be followed by the optional NOBROADCAST keyword. -This can be used to prevent a &tdm; server from appearing on menus based on -Broadcast queries. - -An Indirect entry also contains a host name or pattern, -but follows it with a list of host names or macros to which the queries -should be forwarded. Indirect entries can be excluding as well, -in which case a (valid) dummy host name must be supplied to make the entry -distinguishable from a Direct entry. -If compiled with IPv6 support, multicast address groups may also be included -in the list of addresses the queries are forwarded to. - -If the indirect host list contains the keyword CHOOSER, -Indirect queries are not forwarded, but instead a host chooser -dialog is displayed by &tdm;. The chooser will send a Direct -query to each of the remaining host names in the list and offer a menu of -all the hosts that respond. The host list may contain the keyword -BROADCAST, to make the chooser send a -Broadcast query as well; note that on some operating systems, -UDP packets cannot be broadcast, so this feature will not work. - - -When checking access for a particular display host, each entry is scanned -in turn and the first matching entry determines the response. -Direct and Broadcast entries are ignored when -scanning for an Indirect entry and vice-versa. - -A macro definition contains a macro name and a list of host names and -other macros that the macro expands to. To distinguish macros from hostnames, -macro names start with a % character. - -The last entry type is the LISTEN directive. -The formal syntax is - - LISTEN [interface [multicast list]] - -If one or more LISTEN lines are specified, &tdm; listens -for &XDMCP; requests only on the specified interfaces. -interface may be a hostname or IP address -representing a network interface on this machine, or the wildcard -* to represent all available network interfaces. -If multicast group addresses are listed on a LISTEN line, -&tdm; joins the multicast groups on the given interface. For IPv6 multicasts, -the IANA has assigned ff0X:0:0:0:0:0:0:12b as the -permanently assigned range of multicast addresses for &XDMCP;. The -X in the prefix may be replaced by any valid scope -identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and -so on (see IETF RFC 2373 or its replacement for further details and scope -definitions). &tdm; defaults to listening on the Link-Local scope address -ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior. -If no LISTEN lines are given, &tdm; listens on all -interfaces and joins the default &XDMCP; IPv6 multicast group (when -compiled with IPv6 support). -To disable listening for &XDMCP; requests altogether, a -LISTEN line with no addresses may be specified, but using -the [Xdmcp] option is preferred. - - - - - -Supplementary programs - - -The following programs are run by &tdm; at various stages of a session. -They typically are shell scripts. - - - -The Setup, Startup and Reset programs are run as -root, so they should be careful -about security. -Their first argument is auto if the session results -from an automatic login; otherwise, no arguments are passed to them. - - - -Setup program - - -The Xsetup program is run after the &X-Server; is -started or reset, but before the greeter is offered. -This is the place to change the root background (if - is disabled) or bring up other windows that -should appear on the screen along with the greeter. - - - -In addition to any specified by , -the following environment variables are passed: - - - DISPLAY - the associated display name - - - PATH - the value of - - - SHELL - the value of - - - XAUTHORITY - may be set to an authority file - - - DM_CONTROL - the value of - - - - Note that since &tdm; grabs the keyboard, any other windows will not be -able to receive keyboard input. They will be able to interact with the mouse, -however; beware of potential security holes here. If -is set, Xsetup will not be able to connect to the display -at all. Resources for this program can be put into the file named by -. - - - - - -Startup program - -The Xstartup program is run as -root when the user logs in. -This is the place to put commands which add entries to -utmp (the sessreg program -may be useful here), mount users' home directories from file servers, -or abort the session if some requirements are not met (but note that on -modern systems, many of these tasks are already taken care of by -PAM modules). - -In addition to any specified by , -the following environment variables are passed: - - - DISPLAY - the associated display name - - - HOME - the initial working directory of the user - - - LOGNAME - the username - - - USER - the username - - - PATH - the value of - - - SHELL - the value of - - - XAUTHORITY - may be set to an authority file - - - DM_CONTROL - the value of - - - -&tdm; waits until this program exits before starting the user session. -If the exit value of this program is non-zero, &tdm; discontinues the session -and starts another authentication cycle. - - - - -Session program - -The Xsession program is the command which is run -as the user's session. It is run with the permissions of the authorized user. -One of the keywords failsafe, default -or custom, or a string to eval by a -Bourne-compatible shell is passed as the first argument. - -In addition to any specified by , -the following environment variables are passed: - - - DISPLAY - the associated display name - - - HOME - the initial working directory of the user - - - LOGNAME - the username - - - USER - the username - - - PATH - the value of - (or for - root user sessions) - - - - SHELL - the user's default shell - - - XAUTHORITY - may be set to a non-standard authority file - - - KRBTKFILE - may be set to a Kerberos4 credentials cache name - - - - KRB5CCNAME - may be set to a Kerberos5 credentials cache name - - - - DM_CONTROL - the value of - - - XDM_MANAGED - will contain a comma-separated list of parameters the - session might find interesting, like the location of the command - FiFo and its capabilities, and which conversation - plugin was used for the login - - - - DESKTOP_SESSION - the name of the session the user has chosen to run - - - - - - - -Reset program - -Symmetrical with Xstartup, the -Xreset program is run after the user session has -terminated. Run as root, it should -contain commands that undo the effects of commands in -Xstartup, removing entries from utmp -or unmounting directories from file servers. - -The environment variables that were passed to -Xstartup are also passed to Xreset. - - - - - - - -- cgit v1.2.1