to provide a solution for the X-Terminal and to provide a platform of efficient Remote X Apps environment. This document will takes the focus on how to setup
XDMCP stands for "X Display Manager Control Protocol" and is a network protocol. It provides a way of running the X-Terminal to run on your PC (or MAC) and
it uses the X Server to provide a client/server interface between display hardware (the mouse, keyboard, and video displays)
and the desktop environment while also providing both the windowing infrastructure and a standardized application interface (quoted from XFree86 Project home page).
The X-Terminal can be displayed with an
individual window or multiple windows, based on your X window system's software capabilities and setup.
I am always looking for the best way to use Linux, both at home and in work. One of the biggest advantages among all is the ability to re-use the old systems
(like 486 and Pentium, Pentium II CPUs) as a Xterminal (by using the Win32 apps; like Hummingbird's Exceed, Reflection X, X-Win32 or X-ThinPro. For MAC, try eXodus) to run
from any of your PC remotely.
I found out, somehow very surprising, that there are many documents on the INTERNET that can help you to set it up, but not with a step by step HOW-TO format!
This is how I came up with this document as a way to share my experiences with all users. By using X and XDMCP,
you can build a good, reliable and not expansive X- environment for your home or work IT solution.
This section details the procedure for setting up Xterminal using XDMCP. The pre-requisite is to have a (any) Linux distribution installed and running X.
<PARA>When xdm runs, it offers display management in two different ways. It can manage X Server running on the local machine and specified in "Xservers",
and/or it can manage remote X Servers (typically Xterminals) using XDMCP as specified in the "Xaccess" file. (refer to the xdm man page).</PARA>
<LISTITEM><PARA>The <ULINK URL="http://ibiblio.org/pub/Linux/docs/HOWTO/mini/other-formats/html_single/XDM-Xterm.html">XDM and Xterminal mini-HOWTO</ULINK>, by Kevin Taylor</PARA>
</LISTITEM>
<LISTITEM>
<PARA>Linux <ULINK URL="http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/other-formats/html_single/Remote-X-Apps.html">Remote X Apps mini HOWTO</ULINK>
A very good reference for Remote X in both theoretical and practical view. By Vincent Zweije</PARA></LISTITEM>
<LISTITEM>
<PARA>The <ULINK URL="http://www.ibiblio.org/pub/Linux/docs/HOWTO/unmaintained/mini/Xterminal">Xterminal mini-HOWTO</ULINK>, by Scot W. Stevenson
<PARA>The PC hardware I use is an IBM PC clone running an AMD Athelon XP 1800+ with 384 MB memory and a 60 GB ATA-100 Hard Drive. This machine has been
since upgraded from Intel Pentium II 500 MHz PC.
(I found out that my old Pentium 100 MHz PC runs this just fine). I use a built-in Fast Ethernet NIC in my new AMD type M/B.
In my old machine, I use the 3Com 10/100 (3C509B) NIC with an ATAPI 48X CD-ROM and an IOMEGA ZIP drive.
I have also test it on my Toshiba Tecra 8100 laptop connecting using my Agere Wireless LAN card.</PARA>
In RH 7.x, you need to setup DNS lookup, in order for some networking function to work properly (such as <COMMAND>telnet</COMMAND> that we will
use to test the setup). You can use "<COMMAND>netstat -r</COMMAND>" and/or "<COMMAND>arp -a</COMMAND>" command to verify your DNS setup or response time.
If you are in a small
environment (like home or small office, etc.) that do not have your own DNS and is relying on your ISP's DNS Server, then add the entry of your DNS Server name(s)
in the "<FILENAME>resolv.conf</FILENAME>" file. If you are only use it in the lab or at home, then, you can add the host name of all workstations in your local "<FILENAME>host</FILENAME>" table.
<PARA>One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. For using the
command <COMMAND>iptables</COMMAND>, please feel free to experiment it. Again, I will not cover it here. I am the lucky one, because I use my company's
works. RH 7.x and up do not have <COMMAND>telnet</COMMAND> daemon turn on by default (for security reason). Remember to enable it, if you prefer to use it
for your test. You can always turn it off when you are done (Using <COMMAND>ntsysv</COMMAND> with root privilege).
One other thing is to remember firewall rules are there. Add your own rules or temporary disable it (as mentioned
In Linux X environment, you need to provide font using either X font server (xfs) or hard coded font path in XF86Config and XF86Config-4 configuration
files. If you plan to use xfs font server (check here to see the <ULINK URL="http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-x-fonts.html">
xfs advantages</ULINK>), do this in RH 6.2 and Mandrake 8.x and 9.0, modify <FILENAME>/etc/rc.d/init.d/xfs</FILENAME> and make the
<PARA>Then, in <FILENAME>/etc/X11/fs/config</FILENAME>, comment out this line:</PARA>
<SCREEN># don't listen to TCP ports by default for security reasons
#no-listen = tcp</SCREEN>
<PARA>If you change or add the port, use this command to restart your X font server (requires root):
<SCREEN>service xfs restart</SCREEN>
</PARA>
<PARA>You do not have to use port 7100. You can set a different port, as long as you carefully plan it first to make sure no conflicts in
using the port number and change it accordingly. It is better to consult your Linux admin before doing so, so that he/she knows the port has been taken!
Different Linux distribution may put the xfs in different folder under /etc/rc.d. You may search for it if that's the case.</PARA>
to allow certain connections, use the <COMMAND>CHOOSER</COMMAND> section in this same file. An example can be found in the <ULINK URL="#REFS">Resources</ULINK>.
</PARA>
</LISTITEM>
<LISTITEM><PARA>
I use the gdm as default and use gdm login window to switch between KDE and GNOME. For gdm, edit <FILENAME>/etc/X11/gdm/gdm.conf</FILENAME>.
Make sure the proper security of the file <FILENAME>/etc/X11/xdm/Xservers</FILENAME> is set to 444 (chmod 444).</PARA>
</LISTITEM>
<LISTITEM><PARA>
Locate <FILENAME>/etc/X11/xdm/Xsetup_0</FILENAME> and <COMMAND>chmod 755</COMMAND>
this file.
</PARA></LISTITEM>
<LISTITEM><PARA>
Edit the <FILENAME>XF86Config</FILENAME> file (if you are using XFree86 4.x, the file is <FILENAME>XF86Config-4</FILENAME>) at <FILENAME>/etc/X11</FILENAME>
(You <COMMAND>do not</COMMAND> have to make this change. You can keep the default setting, but this is what I prefer. If you are not sure, leave this alone.)
Change this line to the end of <FILENAME>/etc/inittab</FILENAME>:
<PARA>One other thing to know (that some users have asked) is how to display with <COMMAND>Willing to manage</COMMAND> message with load info As I know this is available
in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAME>.
<PARA>A sample of <ULINK URL="http://www.penguinlovers.net/linux/Xwilling">Xwilling script</ULINK> is here for your reference. Adding this script or not is your preference. It is not required step here!</PARA>
If you have not modify your firewall rules, you need to temporary disable it by using <COMMAND>iptables -F</COMMAND> (or <COMMAND>ipchains -F</COMMAND>).
X using the command <COMMAND>telinit 5</COMMAND>. If the udp port is not there for XDMCP, do step 2 as above.
</PARA>
<PARA>
Another possibilities are that your DNS setup is incorrect and/or firewall is enabled. An easy way to find out is simply <COMMAND>ping</COMMAND> or
<COMMAND>telnet</COMMAND> your host and if the reply takes a long time, then that's DNS problem. If by using <COMMAND>telnet</COMMAND> and you got a
"<FILENAME>Connection Refused</FILENAME>", then this is a firewall problem (assuming that you have your telnet daemon turned on already)!
Check the section above for details how to resolve this.
</PARA>
</LISTITEM>
<LISTITEM><PARA>
PC Box with PPPoE (PPP over Ethernet):
</PARA>
<PARA>A user using PPPoE told me that if you have PPPoE, you might experience problem using XDMCP. After uninstall it, he then is able to get XDMCP working.
I personally do not have the environment to test this, so you can test it yourself.
<PARA>If you are using another Linux with X, you do not need to use XDMCP to manage your display. You can actually export your display right from your X box.
To do this, you must enable your access control to allow other to make connection to the X Server. The common error you will get without doing so are:</PARA>
<SCREEN>xlib: Connection refused (error 111): unable to connect to X server
xlib: No such process (error 3): Server error</SCREEN>
<PARA>To resolve the problem, use the command below:
<SCREEN>$ xhost +
$ export DISPLAY=(your local host IP):0.0</SCREEN>
</PARA>
<PARA>Always remember to enable access control by using the command "<FILENAME>xhost -</FILENAME>" again. One thing to remind you,
you do not need this, if you are using PC as X-Terminal using XDMCP. This is only required when you have Linux to Linux or
Linux to UNIX connection.</PARA>
<PARA>If you are using many Linux X boxes and you would like to setup the Chooser to pick from which X to login, you need to enable the following in the
<PARA>The "Signal 11" error, also called "Segmentation Fault", can sometimes be a problem of your hardware and/or software. If you have this problem
in bring up the X Server, you need to fix it before configuring XDMCP. Unfortunately, there is no simple way to fix the problem due to many possible causes. For details,
GDM also supports the X Display Manager Protocol (XDMCP) for managing remote displays. GDM listens to UDP port 177 and will respond to QUERY and
BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM can also be configured to honor INDIRECT queries and present a host chooser to the remote display. GDM will remember the user's choice and forward subsequent requests to the chosen manager. GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Little is gained from the other schemes, and no effort has been made to implement them so far. Since it is fairly easy to do denial of service attacks on the XDMCP service, GDM incorporates a few features to guard against attacks. Please read the XDMCP reference section below for more information.
</PARA>
<PARA>
Even though GDM tries to outsmart potential attackers, it is still advised that you block UDP port 177 on your firewall unless you really need it. GDM guards against DoS attacks, but the X protocol is still inherently insecure and should only be used in controlled environments. Even though your display is protected by cookies the XEvents and thus the keystrokes typed when entering passwords will still go over the wire in clear text. It is trivial to capture these. You should also be aware that cookies, if placed on an NFS mounted directory, are prone to eavesdropping too.
<ULINK URL="http://www.macworld.com/1996/05/features/2023.html">Through the X Window (for MAC)</ULINK>
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ch-sec-services.en.html">Securing Services on your system</ULINK> (Debian)