Geek Gadgets 1

home *** CD-ROM | disk | FTP | other *** search

/ Geek Gadgets 1 / ADE-1.bin / ade-bin / x11r6.1 / man / cat1 / xdm.0 < prev next >

Wrap

Text File | 1996-10-17 | 62.9 KB | 1,519 lines

XDM(1) XDM(1) NNAAMMEE xdm - X Display Manager with support for XDMCP, host chooser SSYYNNOOPPSSIISS xxddmm [ --ccoonnffiigg _c_o_n_f_i_g_u_r_a_t_i_o_n___f_i_l_e ] [ --nnooddaaeemmoonn ] [ --ddeebbuugg _d_e_b_u_g___l_e_v_e_l ] [ --eerrrroorr _e_r_r_o_r___l_o_g___f_i_l_e ] [ --rreessoouurrcceess _r_e_s_o_u_r_c_e___f_i_l_e ] [ --sseerrvveerr _s_e_r_v_e_r___e_n_t_r_y ] [ --sseessssiioonn _s_e_s_- _s_i_o_n___p_r_o_g_r_a_m ] DDEESSCCRRIIPPTTIIOONN _X_d_m manages a collection of X displays, which may be on the local host or remote servers. The design of _x_d_m was guided by the needs of X terminals as well as the X Con- sortium standard XDMCP, the _X _D_i_s_p_l_a_y _M_a_n_a_g_e_r _C_o_n_t_r_o_l _P_r_o_- _t_o_c_o_l. _X_d_m provides services similar to those provided by _i_n_i_t, _g_e_t_t_y and _l_o_g_i_n on character terminals: prompting for login name and password, authenticating the user, and running a ``session.'' A ``session'' is defined by the lifetime of a particular process; in the traditional character-based terminal world, it is the user's login shell. In the _x_d_m context, it is an arbitrary session manager. This is because in a windowing environment, a user's login shell process does not necessarily have any terminal-like interface with which to connect. When a real session manager is not available, a window manager or terminal emulator is typi- cally used as the ``session manager,'' meaning that termi- nation of this process terminates the user's session. When the session is terminated, _x_d_m resets the X server and (optionally) restarts the whole process. When _x_d_m receives an Indirect query via XDMCP, it can run a _c_h_o_o_s_e_r process to perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) on behalf of the dis- play and offer a menu of possible hosts that offer XDMCP display management. This feature is useful with X termi- nals that do not offer a host menu themselves. Because _x_d_m provides the first interface that users will see, it is designed to be simple to use and easy to cus- tomize to the needs of a particular site. _X_d_m has many options, most of which have reasonable defaults. Browse through the various sections of this manual, picking and choosing the things you want to change. Pay particular attention to the SSeessssiioonn PPrrooggrraamm section, which will describe how to set up the style of session desired. OOVVEERRVVIIEEWW _x_d_m is highly configurable, and most of its behavior can be controlled by resource files and shell scripts. The names of these files themselves are resources read from X Version 11 Release 6.1 1 XDM(1) XDM(1) the file _x_d_m_-_c_o_n_f_i_g or the file named by the --ccoonnffiigg option. _x_d_m offers display management two different ways. It can manage X servers running on the local machine and speci- fied in _X_s_e_r_v_e_r_s, and it can manage remote X servers (typ- ically X terminals) using XDMCP (the XDM Control Protocol) as specified in the _X_a_c_c_e_s_s file. The resources of the X clients run by _x_d_m outside the user's session, including _x_d_m's own login window, can be affected by setting resources in the _X_r_e_s_o_u_r_c_e_s file. For X terminals that do not offer a menu of hosts to get display management from, _x_d_m can collect willing hosts and run the _c_h_o_o_s_e_r program to offer the user a menu. For X displays attached to a host, this step is typically not used, as the local host does the display management. After resetting the X server, _x_d_m runs the _X_s_e_t_u_p script to assist in setting up the screen the user sees along with the _x_l_o_g_i_n widget. The _x_l_o_g_i_n widget, which _x_d_m presents, offers the familiar login and password prompts. After the user logs in, _x_d_m runs the _X_s_t_a_r_t_u_p script as root. Then _x_d_m runs the _X_s_e_s_s_i_o_n script as the user. This sys- tem session file may do some additional startup and typi- cally runs the _._x_s_e_s_s_i_o_n script in the user's home direc- tory. When the _X_s_e_s_s_i_o_n script exits, the session is over. At the end of the session, the _X_r_e_s_e_t script is run to clean up, the X server is reset, and the cycle starts over. The file _/_u_s_r_/_X_1_1_R_6_/_l_i_b_/_X_1_1_/_x_d_m_/_x_d_m_-_e_r_r_o_r_s will contain error messages from _x_d_m and anything output to stderr by _X_s_e_t_u_p_, _X_s_t_a_r_t_u_p_, _X_s_e_s_s_i_o_n or _X_r_e_s_e_t. When you have trou- ble getting _x_d_m working, check this file to see if _x_d_m has any clues to the trouble. OOPPTTIIOONNSS All of these options, except --ccoonnffiigg itself, specify val- ues that can also be specified in the configuration file as resources. --ccoonnffiigg _c_o_n_f_i_g_u_r_a_t_i_o_n___f_i_l_e Names the configuration file, which specifies resources to control the behavior of _x_d_m_. _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_x_d_m_-_c_o_n_f_i_g is the default. See X Version 11 Release 6.1 2 XDM(1) XDM(1) the section CCoonnffiigguurraattiioonn FFiillee. --nnooddaaeemmoonn Specifies ``false'' as the value for the DDiissppllaayy-- MMaannaaggeerr..ddaaeemmoonnMMooddee resource. This suppresses the normal daemon behavior, which is for _x_d_m to close all file descriptors, disassociate itself from the controlling terminal, and put itself in the back- ground when it first starts up. --ddeebbuugg _d_e_b_u_g___l_e_v_e_l Specifies the numeric value for the DDiissppllaayyMMaann-- aaggeerr..ddeebbuuggLLeevveell resource. A non-zero value causes _x_d_m to print lots of debugging statements to the terminal; it also disables the DDiissppllaayyMMaann-- aaggeerr..ddaaeemmoonnMMooddee resource, forcing _x_d_m to run syn- chronously. To interpret these debugging messages, a copy of the source code for _x_d_m is almost a necessity. No attempt has been made to rationalize or standardize the output. --eerrrroorr _e_r_r_o_r___l_o_g___f_i_l_e Specifies the value for the DDiissppllaayyMMaann-- aaggeerr..eerrrroorrLLooggFFiillee resource. This file contains errors from _x_d_m as well as anything written to stderr by the various scripts and programs run dur- ing the progress of the session. --rreessoouurrcceess _r_e_s_o_u_r_c_e___f_i_l_e Specifies the value for the DDiissppllaayyMMaann-- aaggeerr**rreessoouurrcceess resource. This file is loaded using _x_r_d_b to specify configuration parameters for the authentication widget. --sseerrvveerr _s_e_r_v_e_r___e_n_t_r_y Specifies the value for the DDiissppllaayyMMaannaaggeerr..sseerrvveerrss resource. See the section LLooccaall SSeerrvveerr SSppeecciiffiiccaa-- ttiioonn for a description of this resource. --uuddppPPoorrtt _p_o_r_t___n_u_m_b_e_r Specifies the value for the DDiissppllaayyMMaann-- aaggeerr..rreeqquueessttPPoorrtt resource. This sets the port- number which _x_d_m will monitor for XDMCP requests. As XDMCP uses the registered well-known UDP port 177, this resource should not be changed except for debugging. --sseessssiioonn _s_e_s_s_i_o_n___p_r_o_g_r_a_m Specifies the value for the DDiissppllaayyMMaannaaggeerr**sseessssiioonn resource. This indicates the program to run as the session after the user has logged in. --xxrrmm _r_e_s_o_u_r_c_e___s_p_e_c_i_f_i_c_a_t_i_o_n Allows an arbitrary resource to be specified, as in X Version 11 Release 6.1 3 XDM(1) XDM(1) most X Toolkit applications. RREESSOOUURRCCEESS At many stages the actions of _x_d_m can be controlled through the use of its configuration file, which is in the X resource format. Some resources modify the behavior of _x_d_m on all displays, while others modify its behavior on a single display. Where actions relate to a specific dis- play, the display name is inserted into the resource name between ``DisplayManager'' and the final resource name segment. For local displays, the resource name and class are as read from the _X_s_e_r_v_e_r_s file. For remote displays, the resource name is what the network address of the display resolves to. See the rreemmoovveeDDoommaaiinn resource. The name must match exactly; _x_d_m is not aware of all the network aliases that might reach a given dis- play. If the name resolve fails, the address is used. The resource class is as sent by the display in the XDMCP Manage request. Because the resource manager uses colons to separate the name of the resource from its value and dots to separate resource name parts, _x_d_m substitutes underscores for both dots and colons when generating the resource name. For example, DDiissppllaayyMMaannaaggeerr..eexxppoo__xx__oorrgg__00..ssttaarrttuupp is the name of the resource which defines the startup shell file for the ``expo.x.org:0'' display. DDiissppllaayyMMaannaaggeerr..sseerrvveerrss This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. See the section LLooccaall SSeerrvveerr SSppeecciiffiiccaattiioonn for the details. DDiissppllaayyMMaannaaggeerr..rreeqquueessttPPoorrtt This indicates the UDP port number which _x_d_m uses to listen for incoming XDMCP requests. Unless you need to debug the system, leave this with its default value of 177. DDiissppllaayyMMaannaaggeerr..eerrrroorrLLooggFFiillee Error output is normally directed at the system console. To redirect it, set this resource to a file name. A method to send these messages to _s_y_s_- _l_o_g should be developed for systems which support it; however, the wide variety of interfaces pre- cludes any system-independent implementation. This file also contains any output directed to stderr by the _X_s_e_t_u_p_, _X_s_t_a_r_t_u_p_, _X_s_e_s_s_i_o_n and _X_r_e_s_e_t files, so it will contain descriptions of problems in those scripts as well. X Version 11 Release 6.1 4 XDM(1) XDM(1) DDiissppllaayyMMaannaaggeerr..ddeebbuuggLLeevveell If the integer value of this resource is greater than zero, reams of debugging information will be printed. It also disables daemon mode, which would redirect the information into the bit-bucket, and allows non-root users to run _x_d_m_, which would nor- mally not be useful. DDiissppllaayyMMaannaaggeerr..ddaaeemmoonnMMooddee Normally, _x_d_m attempts to make itself into a daemon process unassociated with any terminal. This is accomplished by forking and leaving the parent pro- cess to exit, then closing file descriptors and releasing the controlling terminal. In some envi- ronments this is not desired (in particular, when debugging). Setting this resource to ``false'' will disable this feature. DDiissppllaayyMMaannaaggeerr..ppiiddFFiillee The filename specified will be created to contain an ASCII representation of the process-id of the main _x_d_m process. _X_d_m also uses file locking on this file to attempt to eliminate multiple daemons running on the same machine, which would cause quite a bit of havoc. DDiissppllaayyMMaannaaggeerr..lloocckkPPiiddFFiillee This is the resource which controls whether _x_d_m uses file locking to keep multiple display managers from running amok. On System V, this uses the _l_o_c_k_f library call, while on BSD it uses _f_l_o_c_k_. DDiissppllaayyMMaannaaggeerr..aauutthhDDiirr This names a directory under which _x_d_m stores authorization files while initializing the session. The default value is _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_. Can be overridden for specific displays by DisplayMan- ager._D_I_S_P_L_A_Y.authFile. DDiissppllaayyMMaannaaggeerr..aauuttooRReessccaann This boolean controls whether _x_d_m rescans the con- figuration, servers, access control and authentica- tion keys files after a session terminates and the files have changed. By default it is ``true.'' You can force _x_d_m to reread these files by sending a SIGHUP to the main process. DDiissppllaayyMMaannaaggeerr..rreemmoovveeDDoommaaiinnnnaammee When computing the display name for XDMCP clients, the name resolver will typically create a fully qualified host name for the terminal. As this is sometimes confusing, _x_d_m will remove the domain name portion of the host name if it is the same as the domain name of the local host when this X Version 11 Release 6.1 5 XDM(1) XDM(1) variable is set. By default the value is ``true.'' DDiissppllaayyMMaannaaggeerr..kkeeyyFFiillee XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between _x_d_m and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, _x_d_m does not include support for XDM- AUTHENTICATION-1, as it requires DES which is not generally distributable because of United States export restrictions. DDiissppllaayyMMaannaaggeerr..aacccceessssFFiillee To prevent unauthorized XDMCP service and to allow forwarding of XDMCP IndirectQuery requests, this file contains a database of hostnames which are either allowed direct access to this machine, or have a list of hosts to which queries should be forwarded to. The format of this file is described in the section XXDDMMCCPP AAcccceessss CCoonnttrrooll.. DDiissppllaayyMMaannaaggeerr..eexxppoorrttLLiisstt A list of additional environment variables, sepa- rated by white space, to pass on to the _X_s_e_t_u_p, _X_s_t_a_r_t_u_p, _X_s_e_s_s_i_o_n, and _X_r_e_s_e_t programs. DDiissppllaayyMMaannaaggeerr..rraannddoommFFiillee A file to checksum to generate the seed of autho- rization keys. This should be a file that changes frequently. The default is _/_d_e_v_/_m_e_m. DDiissppllaayyMMaannaaggeerr..ggrreeeetteerrLLiibb On systems that support a dynamically-loadable greeter library, the name of the library. Default is _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_l_i_b_X_d_m_G_r_e_e_t_._s_o. DDiissppllaayyMMaannaaggeerr..cchhooiicceeTTiimmeeoouutt Number of seconds to wait for display to respond after user has selected a host from the chooser. If the display sends an XDMCP IndirectQuery within this time, the request is forwarded to the chosen host. Otherwise, it is assumed to be from a new session and the chooser is offered again. Default is 15. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..rreessoouurrcceess This resource specifies the name of the file to be loaded by _x_r_d_b as the resource database onto the root window of screen 0 of the display. The _X_s_e_t_u_p program, the Login widget, and _c_h_o_o_s_e_r will use the resources set in this file. This resource data base is loaded just before the authentication pro- cedure is started, so it can control the appearance X Version 11 Release 6.1 6 XDM(1) XDM(1) of the login window. See the section AAuutthheennttiiccaa-- ttiioonn WWiiddggeett,, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_X_r_e_s_o_u_r_c_e_s is the conventional name. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..cchhoooosseerr Specifies the program run to offer a host menu for Indirect queries redirected to the special host name CHOOSER. _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_c_h_o_o_s_e_r is the default. See the sections XXDDMMCCPP AAcccceessss CCoonnttrrooll and CChhoooosseerr. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..xxrrddbb Specifies the program used to load the resources. By default, _x_d_m uses _<_X_R_o_o_t_>_/_b_i_n_/_x_r_d_b. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ccpppp This specifies the name of the C preprocessor which is used by _x_r_d_b. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..sseettuupp This specifies a program which is run (as root) before offering the Login window. This may be used to change the appearance of the screen around the Login window or to put up other windows (e.g., you may want to run _x_c_o_n_s_o_l_e here). By default, no program is run. The conventional name for a file used here is _X_s_e_t_u_p. See the section SSeettuupp PPrroo-- ggrraamm.. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssttaarrttuupp This specifies a program which is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is _X_s_t_a_r_t_u_p. See the section SSttaarrttuupp PPrrooggrraamm.. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..sseessssiioonn This specifies the session to be executed (not run- ning as root). By default, _<_X_R_o_o_t_>_/_b_i_n_/_x_t_e_r_m is run. The conventional name is _X_s_e_s_s_i_o_n. See the section SSeessssiioonn PPrrooggrraamm.. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..rreesseett This specifies a program which is run (as root) after the session terminates. By default, no pro- gram is run. The conventional name is _X_r_e_s_e_t. See the section RReesseett PPrrooggrraamm.. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ooppeennDDeellaayy X Version 11 Release 6.1 7 XDM(1) XDM(1) DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ooppeennRReeppeeaatt DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ooppeennTTiimmeeoouutt DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssttaarrttAAtttteemmppttss These numeric resources control the behavior of _x_d_m when attempting to open intransigent servers. ooppeennDDeellaayy is the length of the pause (in seconds) between successive attempts, ooppeennRReeppeeaatt is the num- ber of attempts to make, ooppeennTTiimmeeoouutt is the amount of time to wait while actually attempting the open (i.e., the maximum time spent in the _c_o_n_n_e_c_t(2) system call) and ssttaarrttAAtttteemmppttss is the number of times this entire process is done before giving up on the server. After ooppeennRReeppeeaatt attempts have been made, or if ooppeennTTiimmeeoouutt seconds elapse in any par- ticular attempt, _x_d_m terminates and restarts the server, attempting to connect again. This process is repeated ssttaarrttAAtttteemmppttss times, at which point the display is declared dead and disabled. Although this behavior may seem arbitrary, it has been empirically developed and works quite well on most systems. The default values are 5 for ooppeennDDeellaayy, 5 for ooppeennRReeppeeaatt, 30 for ooppeennTTiimmeeoouutt and 4 for ssttaarr-- ttAAtttteemmppttss. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ppiinnggIInntteerrvvaall DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ppiinnggTTiimmeeoouutt To discover when remote displays disappear, _x_d_m occasionally pings them, using an X connection and _X_S_y_n_c calls. ppiinnggIInntteerrvvaall specifies the time (in minutes) between each ping attempt, ppiinnggTTiimmeeoouutt specifies the maximum amount of time (in minutes) to wait for the terminal to respond to the request. If the terminal does not respond, the session is declared dead and terminated. By default, both are set to 5 minutes. If you frequently use X termi- nals which can become isolated from the managing host, you may wish to increase this value. The only worry is that sessions will continue to exist after the terminal has been accidentally disabled. _x_d_m will not ping local displays. Although it would seem harmless, it is unpleasant when the workstation session is terminated as a result of the server hanging for NFS service and not respond- ing to the ping. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..tteerrmmiinnaatteeSSeerrvveerr This boolean resource specifies whether the X server should be terminated when a session termi- nates (instead of resetting it). This option can be used when the server tends to grow without bound over time, in order to limit the amount of time the X Version 11 Release 6.1 8 XDM(1) XDM(1) server is run. The default value is ``false.'' DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..uusseerrPPaatthh _X_d_m sets the PATH environment variable for the ses- sion to this value. It should be a colon separated list of directories; see _s_h(1) for a full descrip- tion. ``:/bin:/usr/bin:/usr/X11R6/bin:/usr/ucb'' is a common setting. The default value can be specified at build time in the X system configura- tion file with DefaultUserPath. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmPPaatthh _X_d_m sets the PATH environment variable for the startup and reset scripts to the value of this resource. The default for this resource is speci- fied at build time by the DefaultSystemPath entry in the system configuration file; ``/etc:/bin:/usr/bin:/usr/X11R6/bin:/usr/ucb'' is a common choice. Note the absence of ``.'' from this entry. This is a good practice to follow for root; it avoids many common Trojan Horse system penetra- tion schemes. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmSShheellll _X_d_m sets the SHELL environment variable for the startup and reset scripts to the value of this resource. It is _/_b_i_n_/_s_h by default. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ffaaiillssaaffeeCClliieenntt If the default session fails to execute, _x_d_m will fall back to this program. This program is exe- cuted with no arguments, but executes using the same environment variables as the session would have had (see the section SSeessssiioonn PPrrooggrraamm). By default, _<_X_R_o_o_t_>_/_b_i_n_/_x_t_e_r_m is used. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ggrraabbSSeerrvveerr DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ggrraabbTTiimmeeoouutt To improve security, _x_d_m grabs the server and key- board while reading the login name and password. The ggrraabbSSeerrvveerr resource specifies if the server should be held for the duration of the name/password reading. When ``false,'' the server is ungrabbed after the keyboard grab succeeds, oth- erwise the server is grabbed until just before the session begins. The default is ``false.'' The ggrraabbTTiimmeeoouutt resource specifies the maximum time _x_d_m will wait for the grab to succeed. The grab may fail if some other client has the server grabbed, or possibly if the network latencies are very high. This resource has a default value of 3 seconds; you should be cautious when raising it, as a user can be spoofed by a look-alike window on the display. X Version 11 Release 6.1 9 XDM(1) XDM(1) If the grab fails, _x_d_m kills and restarts the server (if possible) and the session. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..aauutthhoorriizzee DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..aauutthhNNaammee aauutthhoorriizzee is a boolean resource which controls whether _x_d_m generates and uses authorization for the local server connections. If authorization is used, aauutthhNNaammee is a list of authorization mecha- nisms to use, separated by white space. XDMCP con- nections dynamically specify which authorization mechanisms are supported, so aauutthhNNaammee is ignored in this case. When aauutthhoorriizzee is set for a display and authorization is not available, the user is informed by having a different message displayed in the login widget. By default, aauutthhoorriizzee is ``true.'' aauutthhNNaammee is ``MIT-MAGIC-COOKIE-1,'' or, if XDM-AUTHORIZATION-1 is available, ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.'' DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..aauutthhFFiillee This file is used to communicate the authorization data from _x_d_m to the server, using the --aauutthh server command line option. It should be kept in a direc- tory which is not world-writable as it could easily be removed, disabling the authorization mechanism in the server. If not specified, a name is gener- ated from DisplayManager.authDir and the name of the display. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..aauutthhCCoommppllaaiinn If set to ``false,'' disables the use of the uunnssee-- ccuurreeGGrreeeettiinngg in the login window. See the section AAuutthheennttiiccaattiioonn WWiiddggeett.. The default is ``true.'' DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..rreesseettSSiiggnnaall The number of the signal _x_d_m sends to reset the server. See the section CCoonnttrroolllliinngg tthhee SSeerrvveerr.. The default is 1 (SIGHUP). DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..tteerrmmSSiiggnnaall The number of the signal _x_d_m sends to terminate the server. See the section CCoonnttrroolllliinngg tthhee SSeerrvveerr.. The default is 15 (SIGTERM). DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..rreesseettFFoorrAAuutthh The original implementation of authorization in the sample server reread the authorization file at server reset time, instead of when checking the initial connection. As _x_d_m generates the autho- rization information just before connecting to the display, an old server would not get up-to-date authorization information. This resource causes X Version 11 Release 6.1 10 XDM(1) XDM(1) _x_d_m to send SIGHUP to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information will be read. The default is ``false,'' which will work for all MIT servers. DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..uusseerrAAuutthhDDiirr When _x_d_m is unable to write to the usual user authorization file ($HOME/.Xauthority), it creates a unique file name in this directory and points the environment variable XAUTHORITY at the created file. It uses _/_t_m_p by default. CCOONNFFIIGGUURRAATTIIOONN FFIILLEE First, the _x_d_m configuration file should be set up. Make a directory (usually _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m, where <XRoot> refers to the root of the X11 install tree) to contain all of the relevant files. In the examples that follow, we use /usr/X11R6 as the value of <XRoot>. Here is a reasonable configuration file, which could be named _x_d_m_-_c_o_n_f_i_g: DisplayManager.servers: /usr/X11R6/lib/X11/xdm/Xservers DisplayManager.errorLogFile: /usr/X11R6/lib/X11/xdm/xdm-errors DisplayManager*resources: /usr/X11R6/lib/X11/xdm/Xresources DisplayManager*startup: /usr/X11R6/lib/X11/xdm/Xstartup DisplayManager*session: /usr/X11R6/lib/X11/xdm/Xsession DisplayManager.pidFile: /usr/X11R6/lib/X11/xdm/xdm-pid DisplayManager._0.authorize: true DisplayManager*authorize: false Note that this file mostly contains references to other files. Note also that some of the resources are specified with ``*'' separating the components. These resources can be made unique for each different display, by replacing the ``*'' with the display-name, but normally this is not very useful. See the RReessoouurrcceess section for a complete discussion. XXDDMMCCPP AACCCCEESSSS CCOONNTTRROOLL The database file specified by the DDiissppllaayyMMaann-- aaggeerr..aacccceessssFFiillee provides information which _x_d_m uses to control access from displays requesting XDMCP service. This file contains three types of entries: entries which control the response to Direct and Broadcast queries, entries which control the response to Indirect queries, and macro definitions. The format of the Direct entries is simple, either a host name or a pattern, which is distinguished from a host name by the inclusion of one or more meta characters (`*' X Version 11 Release 6.1 11 XDM(1) XDM(1) matches any sequence of 0 or more characters, and `?' matches any single character) which are compared against the host name of the display device. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct net- work address may be used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Preceding either a host name or a pattern with a `!' character causes hosts which match that entry to be excluded. An Indirect entry also contains a host name or pattern, but follows it with a list of host names or macros to which indirect queries should be sent. A macro definition contains a macro name and a list of host names and other macros that the macro expands to. To distinguish macros from hostnames, macro names start with a `%' character. Macros may be nested. Indirect entries may also specify to have _x_d_m run _c_h_o_o_s_e_r to offer a menu of hosts to connect to. See the section CChhoooosseerr. When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response. Direct and Broadcast entries are ignored when scanning for an Indirect entry and vice- versa. Blank lines are ignored, `#' is treated as a comment delimiter causing the rest of that line to be ignored, and `\_n_e_w_l_i_n_e' causes the newline to be ignored, allowing indirect host lists to span multiple lines. Here is an example Xaccess file: # # Xaccess - XDMCP access control file # # # Direct/Broadcast query entries # !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra bambi.ogi.edu # allow access from this particular display *.lcs.mit.edu # allow access from any display in LCS # # Indirect query entries # %HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \ X Version 11 Release 6.1 12 XDM(1) XDM(1) excess.lcs.mit.edu kanga.lcs.mit.edu extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon !xtra.lcs.mit.edu dummy #disallow indirect access *.lcs.mit.edu %HOSTS #all others get to choose CCHHOOOOSSEERR For X terminals that do not offer a host menu for use with Broadcast or Indirect queries, the _c_h_o_o_s_e_r program can do this for them. In the _X_a_c_c_e_s_s file, specify ``CHOOSER'' as the first entry in the Indirect host list. _C_h_o_o_s_e_r will send a Query request to each of the remaining host names in the list and offer a menu of all the hosts that respond. The list may consist of the word ``BROADCAST,'' in which case _c_h_o_o_s_e_r will send a Broadcast instead, again offering a menu of all hosts that respond. Note that on some oper- ating systems, UDP packets cannot be broadcast, so this feature will not work. Example _X_a_c_c_e_s_s file using _c_h_o_o_s_e_r: extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of these hosts xtra.lcs.mit.edu CHOOSER BROADCAST #offer a menu of all hosts The program to use for _c_h_o_o_s_e_r is specified by the DDiiss-- ppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..cchhoooosseerr resource. For more flexibil- ity at this step, the chooser could be a shell script. _C_h_o_o_s_e_r is the session manager here; it is run instead of a child _x_d_m to manage the display. Resources for this program can be put into the file named by DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..rreessoouurrcceess. When the user selects a host, _c_h_o_o_s_e_r prints the host cho- sen, which is read by the parent _x_d_m, and exits. _x_d_m closes its connection to the X server, and the server resets and sends another IInnddiirreecctt XDMCP request. _x_d_m remembers the user's choice (for DDiissppllaayyMMaann-- aaggeerr..cchhooiicceeTTiimmeeoouutt seconds) and forwards the request to the chosen host, which starts a session on that display. LLOOCCAALL SSEERRVVEERR SSPPEECCIIFFIICCAATTIIOONN The resource DDiissppllaayyMMaannaaggeerr..sseerrvveerrss gives a server speci- fication or, if the values starts with a slash (/), the name of a file containing server specifications, one per line. Each specification indicates a display which should con- stantly be managed and which is not using XDMCP. This method is used typically for local servers only. If the resource or the file named by the resource is empty, _x_d_m will offer XDMCP service only. X Version 11 Release 6.1 13 XDM(1) XDM(1) Each specification consists of at least three parts: a display name, a display class, a display type, and (for local servers) a command line to start the server. A typ- ical entry for local display number 0 would be: :0 Digital-QV local /usr/X11R6/bin/X :0 The display types are: local local display: _x_d_m must run the server foreign remote display: _x_d_m opens an X connection to a running server The display name must be something that can be passed in the --ddiissppllaayy option to an X program. This string is used to generate the display-specific resource names, so be careful to match the names (e.g., use ``:0 Sun-CG3 local /usr/X11R6/bin/X :0'' instead of ``localhost:0 Sun-CG3 local /usr/X11R6/bin/X :0'' if your other resources are specified as ``DisplayManager._0.session''). The display class portion is also used in the display-specific resources, as the class of the resource. This is useful if you have a large collection of similar displays (such as a corral of X terminals) and would like to set resources for groups of them. When using XDMCP, the dis- play is required to specify the display class, so the man- ual for your particular X terminal should document the display class string for your device. If it doesn't, you can run _x_d_m in debug mode and look at the resource strings which it generates for that device, which will include the class string. When _x_d_m starts a session, it sets up authorization data for the server. For local servers, _x_d_m passes ``--aauutthh _f_i_l_e_n_a_m_e'' on the server's command line to point it at its authorization data. For XDMCP servers, _x_d_m passes the authorization data to the server via the AAcccceepptt XDMCP request. RREESSOOUURRCCEESS FFIILLEE The _X_r_e_s_o_u_r_c_e_s file is loaded onto the display as a resource database using _x_r_d_b_. As the authentication wid- get reads this database before starting up, it usually contains parameters for that widget: xlogin*login.translations: #override\ Ctrl<Key>R: abort-display()\n\ <Key>F1: set-session-argument(failsafe) finish-field()\n\ <Key>Return: set-session-argument() finish-field() xlogin*borderWidth: 3 xlogin*greeting: CLIENTHOST #ifdef COLOR xlogin*greetColor: CadetBlue xlogin*failColor: red X Version 11 Release 6.1 14 XDM(1) XDM(1) #endif Please note the translations entry; it specifies a few new translations for the widget which allow users to escape from the default session (and avoid troubles that may occur in it). Note that if #override is not specified, the default translations are removed and replaced by the new value, not a very useful result as some of the default translations are quite useful (such as ``<Key>: insert- char ()'' which responds to normal typing). This file may also contain resources for the setup program and _c_h_o_o_s_e_r. SSEETTUUPP PPRROOGGRRAAMM The _X_s_e_t_u_p file is run after the server is reset, but before the Login window is offered. The file is typically a shell script. It is run as root, so should be careful about security. This is the place to change the root background or bring up other windows that should appear on the screen along with the Login widget. In addition to any specified by DDiissppllaayyMMaannaaggeerr..eexxppoorrttLLiisstt, the following environment variables are passed: DISPLAY the associated display name PATH the value of DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmPPaatthh SHELL the value of DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmSShheellll XAUTHORITY may be set to an authority file Note that since _x_d_m grabs the keyboard, any other windows will not be able to receive keyboard input. They will be able to interact with the mouse, however; beware of poten- tial security holes here. If DDiissppllaayyMMaann-- aaggeerr.._D_I_S_P_L_A_Y..ggrraabbSSeerrvveerr is set, _X_s_e_t_u_p will not be able to connect to the display at all. Resources for this program can be put into the file named by DDiissppllaayyMMaann-- aaggeerr.._D_I_S_P_L_A_Y..rreessoouurrcceess. Here is a sample _X_s_e_t_u_p script: #!/bin/sh # Xsetup_0 - setup script for one workstation xcmsdb < /usr/X11R6/lib/monitors/alex.0 xconsole -geometry 480x130-0-0 -notify -verbose -exitOnFail & AAUUTTHHEENNTTIICCAATTIIOONN WWIIDDGGEETT The authentication widget reads a name/password pair from the keyboard. Nearly every imaginable parameter can be controlled with a resource. Resources for this widget should be put into the file named by DDiissppllaayyMMaann-- aaggeerr.._D_I_S_P_L_A_Y..rreessoouurrcceess. All of these have reasonable X Version 11 Release 6.1 15 XDM(1) XDM(1) default values, so it is not necessary to specify any of them. xxllooggiinn..LLooggiinn..wwiiddtthh,, xxllooggiinn..LLooggiinn..hheeiigghhtt,, xxllooggiinn..LLooggiinn..xx,, xxlloo-- ggiinn..LLooggiinn..yy The geometry of the Login widget is normally com- puted automatically. If you wish to position it elsewhere, specify each of these resources. xxllooggiinn..LLooggiinn..ffoorreeggrroouunndd The color used to display the typed-in user name. xxllooggiinn..LLooggiinn..ffoonntt The font used to display the typed-in user name. xxllooggiinn..LLooggiinn..ggrreeeettiinngg A string which identifies this window. The default is ``X Window System.'' xxllooggiinn..LLooggiinn..uunnsseeccuurreeGGrreeeettiinngg When X authorization is requested in the configura- tion file for this display and none is in use, this greeting replaces the standard greeting. The default is ``This is an unsecure session'' xxllooggiinn..LLooggiinn..ggrreeeettFFoonntt The font used to display the greeting. xxllooggiinn..LLooggiinn..ggrreeeettCCoolloorr The color used to display the greeting. xxllooggiinn..LLooggiinn..nnaammeePPrroommpptt The string displayed to prompt for a user name. _X_r_d_b strips trailing white space from resource val- ues, so to add spaces at the end of the prompt (usually a nice thing), add spaces escaped with backslashes. The default is ``Login: '' xxllooggiinn..LLooggiinn..ppaasssswwddPPrroommpptt The string displayed to prompt for a password. The default is ``Password: '' xxllooggiinn..LLooggiinn..pprroommppttFFoonntt The font used to display both prompts. xxllooggiinn..LLooggiinn..pprroommppttCCoolloorr The color used to display both prompts. xxllooggiinn..LLooggiinn..ffaaiill A message which is displayed when the authentica- tion fails. The default is ``Login incorrect'' xxllooggiinn..LLooggiinn..ffaaiillFFoonntt The font used to display the failure message. X Version 11 Release 6.1 16 XDM(1) XDM(1) xxllooggiinn..LLooggiinn..ffaaiillCCoolloorr The color used to display the failure message. xxllooggiinn..LLooggiinn..ffaaiillTTiimmeeoouutt The number of seconds that the failure message is displayed. The default is 30. xxllooggiinn..LLooggiinn..ttrraannssllaattiioonnss This specifies the translations used for the login widget. Refer to the X Toolkit documentation for a complete discussion on translations. The default translation table is: Ctrl<Key>H: delete-previous-character() \n\ Ctrl<Key>D: delete-character() \n\ Ctrl<Key>B: move-backward-character() \n\ Ctrl<Key>F: move-forward-character() \n\ Ctrl<Key>A: move-to-begining() \n\ Ctrl<Key>E: move-to-end() \n\ Ctrl<Key>K: erase-to-end-of-line() \n\ Ctrl<Key>U: erase-line() \n\ Ctrl<Key>X: erase-line() \n\ Ctrl<Key>C: restart-session() \n\ Ctrl<Key>\\: abort-session() \n\ <Key>BackSpace:delete-previous-character() \n\ <Key>Delete: delete-previous-character() \n\ <Key>Return: finish-field() \n\ <Key>: insert-char() \ The actions which are supported by the widget are: delete-previous-character Erases the character before the cursor. delete-character Erases the character after the cursor. move-backward-character Moves the cursor backward. move-forward-character Moves the cursor forward. move-to-begining (Apologies about the spelling error.) Moves the cursor to the beginning of the editable text. move-to-end Moves the cursor to the end of the editable text. erase-to-end-of-line Erases all text after the cursor. X Version 11 Release 6.1 17 XDM(1) XDM(1) erase-line Erases the entire text. finish-field If the cursor is in the name field, proceeds to the password field; if the cursor is in the password field, checks the current name/password pair. If the name/password pair is valid, _x_d_m starts the session. Otherwise the failure message is dis- played and the user is prompted again. abort-session Terminates and restarts the server. abort-display Terminates the server, disabling it. This action is not accessible in the default configuration. There are various reasons to stop _x_d_m on a system console, such as when shutting the system down, when using _x_d_m_s_h_e_l_l, to start another type of server, or to generally access the console. Send- ing _x_d_m a SIGHUP will restart the display. See the section CCoonnttrroolllliinngg XXDDMM. restart-session Resets the X server and starts a new session. This can be used when the resources have been changed and you want to test them or when the screen has been overwritten with system messages. insert-char Inserts the character typed. set-session-argument Specifies a single word argument which is passed to the session at startup. See the section SSeessssiioonn PPrrooggrraamm. allow-all-access Disables access control in the server. This can be used when the .Xauthority file cannot be created by _x_d_m_. Be very careful using this; it might be bet- ter to disconnect the machine from the network before doing this. SSTTAARRTTUUPP PPRROOGGRRAAMM The _X_s_t_a_r_t_u_p program is run as root when the user logs in. It is typically a shell script. Since it is run as root, _X_s_t_a_r_t_u_p should be very careful about security. This is the place to put commands which add entries to _/_e_t_c_/_u_t_m_p (the _s_e_s_s_r_e_g program may be useful here), mount users' home directories from file servers, or abort the session if logins are not allowed. X Version 11 Release 6.1 18 XDM(1) XDM(1) In addition to any specified by DDiissppllaayyMMaannaaggeerr..eexxppoorrttLLiisstt, the following environment variables are passed: DISPLAY the associated display name HOME the initial working directory of the user USER the user name PATH the value of DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmPPaatthh SHELL the value of DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..ssyysstteemmSShheellll XAUTHORITY may be set to an authority file No arguments are passed to the script. _X_d_m waits until this script exits before starting the user session. If the exit value of this script is non-zero, _x_d_m discontin- ues the session and starts another authentication cycle. The sample _X_s_t_a_r_t_u_p file shown here prevents login while the file _/_e_t_c_/_n_o_l_o_g_i_n exists. Thus this is not a complete example, but simply a demonstration of the available func- tionality. Here is a sample _X_s_t_a_r_t_u_p script: #!/bin/sh # # Xstartup # # This program is run as root after the user is verified # if [ -f /etc/nologin ]; then xmessage -file /etc/nologin -timeout 30 -center exit 1 fi sessreg -a -l $DISPLAY -x /usr/X11R6/lib/xdm/Xservers $USER /usr/X11R6/lib/xdm/GiveConsole exit 0 SSEESSSSIIOONN PPRROOGGRRAAMM The _X_s_e_s_s_i_o_n program is the command which is run as the user's session. It is run with the permissions of the authorized user. In addition to any specified by DDiissppllaayyMMaannaaggeerr..eexxppoorrttLLiisstt, the following environment variables are passed: DISPLAY the associated display name HOME the initial working directory of the user USER the user name PATH the value of DDiissppllaayyMMaannaaggeerr.._D_I_S_P_L_A_Y..uusseerrPPaatthh SHELL the user's default shell (from _g_e_t_p_w_n_a_m) XAUTHORITY may be set to a non-standard authority file KRB5CCNAME may be set to a Kerberos credentials cache name X Version 11 Release 6.1 19 XDM(1) XDM(1) At most installations, _X_s_e_s_s_i_o_n should look in $HOME for a file _._x_s_e_s_s_i_o_n_, which contains commands that each user would like to use as a session. _X_s_e_s_s_i_o_n should also implement a system default session if no user-specified session exists. See the section TTyyppiiccaall UUssaaggee. An argument may be passed to this program from the authen- tication widget using the `set-session-argument' action. This can be used to select different styles of session. One good use of this feature is to allow the user to escape from the ordinary session when it fails. This allows users to repair their own _._x_s_e_s_s_i_o_n if it fails, without requiring administrative intervention. The exam- ple following demonstrates this feature. This example recognizes the special ``failsafe'' mode, specified in the translations in the _X_r_e_s_o_u_r_c_e_s file, to provide an escape from the ordinary session. It also requires that the .xsession file be executable so we don't have to guess what shell it wants to use. #!/bin/sh # # Xsession # # This is the program that is run as the client # for the display manager. case $# in 1) case $1 in failsafe) exec xterm -geometry 80x24-0-0 ;; esac esac startup=$HOME/.xsession resources=$HOME/.Xresources if [ -f "$startup" ]; then exec "$startup" else if [ -f "$resources" ]; then xrdb -load "$resources" fi twm & xman -geometry +10-10 & exec xterm -geometry 80x24+10+10 -ls fi The user's _._x_s_e_s_s_i_o_n file might look something like this example. Don't forget that the file must have execute X Version 11 Release 6.1 20 XDM(1) XDM(1) permission. #! /bin/csh # no -f in the previous line so .cshrc gets run to set $PATH twm & xrdb -merge "$HOME/.Xresources" emacs -geometry +0+50 & xbiff -geometry -430+5 & xterm -geometry -0+50 -ls RREESSEETT PPRROOGGRRAAMM Symmetrical with _X_s_t_a_r_t_u_p, the _X_r_e_s_e_t script is run after the user session has terminated. Run as root, it should contain commands that undo the effects of commands in _X_s_t_a_r_t_u_p_, removing entries from _/_e_t_c_/_u_t_m_p or unmounting directories from file servers. The environment variables that were passed to _X_s_t_a_r_t_u_p are also passed to _X_r_e_s_e_t. A sample _X_r_e_s_e_t script: #!/bin/sh # # Xreset # # This program is run as root after the session ends # sessreg -d -l $DISPLAY -x /usr/X11R6/lib/xdm/Xservers $USER /usr/X11R6/lib/xdm/TakeConsole exit 0 CCOONNTTRROOLLLLIINNGG TTHHEE SSEERRVVEERR _X_d_m controls local servers using POSIX signals. SIGHUP is expected to reset the server, closing all client connec- tions and performing other cleanup duties. SIGTERM is expected to terminate the server. If these signals do not perform the expected actions, the resources DDiissppllaayyMMaann-- aaggeerr.._D_I_S_P_L_A_Y..rreesseettSSiiggnnaall and DDiissppllaayyMMaann-- aaggeerr.._D_I_S_P_L_A_Y..tteerrmmSSiiggnnaall can specify alternate signals. To control remote terminals not using XDMCP, _x_d_m searches the window hierarchy on the display and uses the protocol request KillClient in an attempt to clean up the terminal for the next session. This may not actually kill all of the clients, as only those which have created windows will be noticed. XDMCP provides a more sure mechanism; when _x_d_m closes its initial connection, the session is over and the terminal is required to close all other connections. CCOONNTTRROOLLLLIINNGG XXDDMM _X_d_m responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP, _x_d_m rereads the configuration file, the access control file, and the servers file. For the servers file, it notices if entries have been added or removed. If a new entry has been added, _x_d_m starts a ses- sion on the associated display. Entries which have been removed are disabled immediately, meaning that any session X Version 11 Release 6.1 21 XDM(1) XDM(1) in progress will be terminated without notice and no new session will be started. When sent a SIGTERM, _x_d_m terminates all sessions in progress and exits. This can be used when shutting down the system. _X_d_m attempts to mark its various sub-processes for _p_s(1) by editing the command line argument list in place. Because _x_d_m can't allocate additional space for this task, it is useful to start _x_d_m with a reasonably long command line (using the full path name should be enough). Each process which is servicing a display is marked --_d_i_s_p_l_a_y_. AADDDDIITTIIOONNAALL LLOOCCAALL DDIISSPPLLAAYYSS To add an additional local display, add a line for it to the _X_s_e_r_v_e_r_s file. (See the section LLooccaall SSeerrvveerr SSppeecciiffii-- ccaattiioonn.) Examine the display-specific resources in _x_d_m_-_c_o_n_f_i_g (e.g., DDiissppllaayyMMaannaaggeerr..__00..aauutthhoorriizzee) and consider which of them should be copied for the new display. The default _x_d_m_-_c_o_n_f_i_g has all the appropriate lines for displays ::00 and ::11. OOTTHHEERR PPOOSSSSIIBBIILLIITTIIEESS You can use _x_d_m to run a single session at a time, using the 4.3 _i_n_i_t options or other suitable daemon by specify- ing the server on the command line: xdm -server ":0 SUN-3/60CG4 local /usr/X11R6/bin/X :0" Or, you might have a file server and a collection of X terminals. The configuration for this is identical to the sample above, except the _X_s_e_r_v_e_r_s file would look like extol:0 VISUAL-19 foreign exalt:0 NCD-19 foreign explode:0 NCR-TOWERVIEW3000 foreign This directs _x_d_m to manage sessions on all three of these terminals. See the section CCoonnttrroolllliinngg XXddmm for a descrip- tion of using signals to enable and disable these termi- nals in a manner reminiscent of _i_n_i_t(8). LLIIMMIITTAATTIIOONNSS One thing that _x_d_m isn't very good at doing is coexisting with other window systems. To use multiple window systems on the same hardware, you'll probably be more interested in _x_i_n_i_t_. X Version 11 Release 6.1 22 XDM(1) XDM(1) FFIILLEESS _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_x_d_m_-_c_o_n_f_i_g the default configuration file _$_H_O_M_E_/_._X_a_u_t_h_o_r_i_t_y user authorization file where _x_d_m stores keys for clients to read _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_c_h_o_o_s_e_r the default chooser _<_X_R_o_o_t_>_/_b_i_n_/_x_r_d_b the default resource database loader _<_X_R_o_o_t_>_/_b_i_n_/_X the default server _<_X_R_o_o_t_>_/_b_i_n_/_x_t_e_r_m the default session program and fail- safe client _<_X_R_o_o_t_>_/_l_i_b_/_X_1_1_/_x_d_m_/_A_<_d_i_s_p_l_a_y_>_-_<_s_u_f_f_i_x_> the default place for authorization files _/_t_m_p_/_K_5_C_<_d_i_s_p_l_a_y_> Kerberos credentials cache Note: <XRoot> refers to the root of the X11 install tree. SSEEEE AALLSSOO _X(1), _x_i_n_i_t(1), _x_a_u_t_h(1), _X_s_e_c_u_r_i_t_y(1), _s_e_s_s_r_e_g(1), _X_s_e_r_v_e_r(1), _X _D_i_s_p_l_a_y _M_a_n_a_g_e_r _C_o_n_t_r_o_l _P_r_o_t_o_c_o_l AAUUTTHHOORR Keith Packard, MIT X Consortium X Version 11 Release 6.1 23