This section details the procedures for setting up X-Terminal using XDMCP.
Before you begin, it is better to have a basic understanding of how this works. (More details are at the Resources below and LDP HOWTO page)
The X server is usually started from the X Display Manager program (xdm, kdm and gdm. This document will use gdm as an example). It provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.). X Display Manager manages a collection of X displays, which may be on the local host or remote servers.
When xdm runs, it is usually run as a local copy of X, also xdm can listen for requests from remote hosts over a network. For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in /etc/X11/kdm. The gdm ( Gnome Display Manager) is a re-implementation of the xdm program. gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code.
In the case of xdm, it offers display management in two different ways. It can manage X servers running on the local machine and specified in X-servers, and it can manage remote X-servers (typically X-terminals) using XDMCP (the XDM Control Protocol) as specified in the Xaccess file. (Courtesy of xdm man page).
Other good references for the similar setup can be found in the following documents:
The XDM and Xterminal mini-HOWTO, by Kevin Taylor
Linux Remote X Apps mini HOWTO A very good reference for Remote X in both theoretical and practical view. By Vincent Zweije
The Xterminal mini-HOWTO, by Scot W. Stevenson
Using XDMCP is inherently insecure, therefore, most of the distributions shipped as it's XDMCP default turned off. If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network within a firewall. Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not natively able to use it with SSH. To secure the connection with SSH, the technique is called X11 TCP/IP Port Forwarding. Check this Why Port Forwarding? site and the Resources area for additional HOW-TO information. If you would like to experiment this, I have added a new section below to show you the basic idea of how it works, and I am leaving the more advanced way of running it to other experts and/or HOWTOs.
ipchains -A input -p udp -i $extint --dport 177 -j DENY |
For more firewall details, check the IP Masquerade HOWTO page.
One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. This is how I use it myself.
Linux Kernel 2.4x shipped with new firewall app called iptables. Please feel free to experiment it. Again, I will not cover it here.
Setup your Networking. To test it out, ping, ftp and telnet are good commands to use to determine if your network works. RH 7.2 do not have telnet daemon turn on by default. Remember to enable it, if you prefer to use it for your test. One other thing is to remember firewall rules are there. Add your own rules or temporary disable it (as mentioned above) to make these commands work.
Setup X. Do not setup with a resolution higher than what the remote users are able to use for their display. Test the X-Server by typing either startx or telinit 5. Make sure X is running properly.
Creates the necessary user accounts (and associated groups) for user who will access via the X-Terminal.
These are steps I used to setup the X-server for accepting XDMCP requests:
daemon xfs -droppriv -daemon -port -1 |
daemon xfs -droppriv -daemon -port 7100 |
DisplayManager.requestPort: 0 |
! DisplayManager.requestPort: 0 |
Remember, this does not affects gdm. For gdm setup, it is in the following section.
#* # any host can get a login window |
* # any host can get a login window |
The above setup is in a Broadcast mode, which will list all the X-Server that are listening and willing to manage your X connection. If you only want to allow certain connections, use the CHOOSER section in this same file. An example can be found in the Resources.
I use the gdm as default and use gdm login window to switch between KDE and GNOME. For gdm, edit /etc/X11/gdm/gdm.conf. This activates XDMCP, causing it to listen to the request. (For kdm, if you are using KDE2, edit /usr/share/config/kdm/kdmrc or /opt/kde2/share/config/kdm/kdmrc for Slackware version). Change this:
[xdmcp] Enable=0 |
to:
Enable=1 |
Make sure "Port=177" is at the end of this block. For Caldera using kdm, modify this file /usr/share/config/kdm/kdmrc.
Now edit /etc/inittab and change the following line:
id:3:initdefault: |
to:
id:5:initdefault: |
Before changing this line, you can use the telinit command (or preferably ssh command) to test prior to modifying the line. Use either telinit 3 to set to level 3, or telinit 5 to set to level 5, graphics mode (you can issue this command on the second machine that telnets into this server).
Make sure the proper security of the file /etc/X11/xdm/Xservers is set to 444 (chmod 444).
Locate /etc/X11/xdm/Xsetup_0 and chmod 755 this file.
Edit the XF86Config file (if you are using XFree86 4.x, the file is XF86Config-4) at /etc/X11 and change the line, if you are using RH Linux:
FontPath "unix:-1" |
to:
FontPath "unix:7100" |
(You do not have to make this change. You can keep the default setting, but this is what I use. If you are not sure, leave this alone.) Add this line to the end of /etc/inittab:
x:5:respawn:/usr/bin/gdm |
You are now ready to run a test.
One other thing to know (that some users have asked) is how to display with Willing to manage message with load info As I know this is available in xdm by adding the following to the /etc/X11/xdm/xdm-config.
DisplayManager.willing: su noboby -c /etc/X11/xdm/XWilling |
Willing=/etc/X11/gdm/Xwilling |