This commit is contained in:
gferg 2003-01-02 20:48:21 +00:00
parent 7f4827c450
commit 2f0d523f31
3 changed files with 214 additions and 142 deletions

View File

@ -1256,7 +1256,7 @@ but a gentle introduction to what XDM can to for X terminals. </Para>
XDMCP-HOWTO</ULink>,
<CiteTitle>Linux XDMCP HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: March 2002</CiteTitle>.
<CiteTitle>Updated: January 2003</CiteTitle>.
How to setup XDMCP (&quot;X Display Manager Control Protocol&quot;). </Para>
</ListItem>

View File

@ -3312,7 +3312,7 @@ user interface. </Para>
XDMCP-HOWTO</ULink>,
<CiteTitle>Linux XDMCP HOWTO</CiteTitle>
</Para><Para>
<CiteTitle>Updated: March 2002</CiteTitle>.
<CiteTitle>Updated: January 2003</CiteTitle>.
How to setup XDMCP (&quot;X Display Manager Control Protocol&quot;). </Para>
</ListItem>

View File

@ -1,15 +1,25 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN"[]>
<ARTICLE><!-- Header --><ARTHEADER><TITLE>Linux XDMCP HOWTO</TITLE>
<ARTICLE><!-- Header -->
<ARTHEADER>
<TITLE>Linux XDMCP HOWTO</TITLE>
<AUTHOR><FIRSTNAME>Thomas</FIRSTNAME>
<SURNAME>Chao</SURNAME>
<AFFILIATION><ADDRESS>
<EMAIL>tomchao@lucent.com</EMAIL>
</ADDRESS></AFFILIATION></AUTHOR>
<REVHISTORY>
<REVISION>
<REVNUMBER>v1.3</REVNUMBER>
<DATE>2 January 2003</DATE>
<!-- <AUTHORINITIALS>tc</AUTHORINITIALS> -->
<REVREMARK>
Adding info for Red Hat 7.3 & 8.0, Mandrake 8.2 & 9.0, SuSE Linux configuration and contents update.
</REVREMARK>
</REVISION>
<REVISION>
<REVNUMBER>v1.2</REVNUMBER>
<DATE>15 March 2002</DATE>
<AUTHORINITIALS>tc</AUTHORINITIALS>
<!-- <AUTHORINITIALS>tc</AUTHORINITIALS> -->
<REVREMARK>
Adding more info for Red Hat 7.2, Mandrake 8.1 and Slackware 8.0 Linux configuration and SSH X11 Forwarding.
</REVREMARK>
@ -17,14 +27,14 @@
<REVISION>
<REVNUMBER>v1.1</REVNUMBER>
<DATE>20 March 2001</DATE>
<AUTHORINITIALS>tc</AUTHORINITIALS>
<!-- <AUTHORINITIALS>tc</AUTHORINITIALS> -->
<REVREMARK>
Revision and adding RH 7.0.</REVREMARK>
</REVISION>
<REVISION>
<REVNUMBER>v1.0</REVNUMBER>
<DATE>01 November 2000</DATE>
<AUTHORINITIALS>tc</AUTHORINITIALS>
<!-- <AUTHORINITIALS>tc</AUTHORINITIALS> -->
<REVREMARK>
Initial revision and release.
</REVREMARK>
@ -33,21 +43,27 @@
<ABSTRACT><PARA>
This HOWTO describes how you can use the combination of X Display Manager (xdm, kdm and gdm) and XDMCP (X Display Manager Control Protocol)
to provide the mechanism for an X-Terminal and a platform of cheap Remote X Apps solution. This document will be focusing on how to setup connection using XDMCP.
</PARA></ABSTRACT></ARTHEADER>
to provide a solution for the X-Terminal and to provide a platform of efficient Remote X Apps environment. This document will takes the focus on how to setup
the X connection using XDMCP.
</PARA></ABSTRACT>
</ARTHEADER>
<!-- Section1: intro -->
<SECT1 ID="INTRO"><TITLE>Introduction</TITLE>
<PARA>
XDMCP stands for "X Display Manager Control Protocol" and is a network protocol. It provides a mechanism for X-Server to emulates the X-Terminal to run on your PC (or MAC).
This allows the X-Server to run on one or multiple X Window based applications that resides on a host machine. The X-Terminal can be displayed with an individual windows
or multiple windows, based on your X client software capabilities.
XDMCP stands for "X Display Manager Control Protocol" and is a network protocol. It provides a way of running the X-Terminal to run on your PC (or MAC) and
it uses the X Server to provide a client/server interface between display hardware (the mouse, keyboard, and video displays)
and the desktop environment while also providing both the windowing infrastructure and a standardized application interface (quoted from XFree86 Project home page).
The X-Terminal can be displayed with an
individual window or multiple windows, based on your X window system's software capabilities and setup.
</PARA>
<PARA>
Some of us who uses Linux (like me) are looking for the best parts of Linux. Among them is the ability to re-use old systems (like 486 and Pentium, Pentium II CPUs)
as a X-Terminal (with the Win32 apps; like Hummingbird's Exceed, X-Win32 or X-ThinPro. For MAC, try eXodus) to run Linux X solution from any PC remotely.
It is somehow very surprising that there aren't many documents on the Internet which guide you step by step on how to set this up.
This is how I come up with this document as a way to share my experience with all users. Essentially, by using X and XDMCP,
you can create a good, non-expansive solution of a X- environment.
I am always looking for the best way to use Linux, both at home and in work. One of the biggest advantages among all is the ability to re-use the old systems
(like 486 and Pentium, Pentium II CPUs) as a Xterminal (by using the Win32 apps; like Hummingbird's Exceed, Reflection X, X-Win32 or X-ThinPro. For MAC, try eXodus) to run
from any of your PC remotely.
I found out, somehow very surprising, that there are many documents on the INTERNET that can help you to set it up, but not with a step by step HOW-TO format!
This is how I came up with this document as a way to share my experiences with all users. By using X and XDMCP,
you can build a good, reliable and not expansive X- environment for your home or work IT solution.
</PARA>
<!-- Section2: disclaimer -->
@ -86,31 +102,38 @@
<SECT1 ID="PROCEDURE"><TITLE>The Procedure</TITLE>
<PARA>
This section details the procedures for setting up X-Terminal using XDMCP.
This section details the procedure for setting up Xterminal using XDMCP. The pre-requisite is to have a (any) Linux distribution installed and running X.
</PARA>
<!-- Section2: Backgrounds-->
<SECT2><TITLE>Before you begin, some backgrounds</TITLE>
<!-- Section2: Background-->
<SECT2><TITLE>Before you begin, some background</TITLE>
<PARA>
Before you begin, it is better to have a basic understanding of how this works. (More details are at the <ULINK URL="#REFS">Resources</ULINK> below
and <ULINK URL="http://www.linuxdoc.org">LDP HOWTO page</ULINK>)
and <ULINK URL="http://www.tldp.org">LDP HOWTO page</ULINK>)
</PARA>
<PARA>
The X server is usually started from the X Display Manager program (xdm, kdm and gdm. This document will use gdm as an example).
It provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.).
X Display Manager manages a collection of X displays, which may be on the local host or remote servers. </PARA>
<PARA>The X server is usually started from the X Display Manager (DM). Almost all the Linux distributions include the
xdm, kdm and gdm to you as your choices. (This document will use gdm and kdm as an example).
The Display Manager provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.).
X Display Manager manages a collection of X displays, which may be on the local host or remote servers.
It is worth noting that the <COMMAND>Xsession</COMMAND> file is what runs your environment.</PARA>
<PARA>When xdm runs, it offers display management in two different ways. It can manage X Server running on the local machine and specified in "Xservers",
and/or it can manage remote X Servers (typically Xterminals) using XDMCP as specified in the "Xaccess" file. (refer to the xdm man page).</PARA>
<PARA>When xdm runs, it is usually run as a local copy of X, also xdm can listen for requests from remote hosts over a network.
For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in <FILENAME>/etc/X11/kdm</FILENAME>.
The gdm ( Gnome Display Manager) is a re-implementation of the xdm program. gdm has similar functions to xdm and kdm,
but was written from scratch and does not contain any original XDM / X Consortium code. </PARA>
<PARA>For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in
<FILENAME>/etc/X11/kdm</FILENAME> in Caldera, <FILENAME>/etc/kde/kdm</FILENAME> in Red Hat and
<FILENAME>/usr/share/config/kdm</FILENAME> in Mandrake. </PARA>
<PARA>In the case of xdm, it offers display management in two different ways. It can manage X servers running on the local machine and specified in X-servers,
and it can manage remote X-servers (typically X-terminals) using XDMCP (the XDM Control Protocol) as specified in the Xaccess file. (Courtesy of xdm man page).</PARA>
<PARA>The gdm (Gnome Display Manager) is a re-implementation of the well known xdm. gdm has similar functions to xdm and kdm,
gdm is the Gnome Display Manager, and its configuration files are found in <FILENAME>/etc/X11/gdm/gdm.conf</FILENAME>.
The <FILENAME>gdm.conf</FILENAME> file contains sets of variables and many options for gdm, and the Sessions directory
contains a script for each session option; each script calls <FILENAME>/etc/X11/xdm/Xsession</FILENAME> with the appropriate option.
gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code. </PARA>
<PARA>Other good references for the similar setup can be found in the following documents:</PARA>
<PARA>RH 8.0 introduces the new graphical interface called "Bluecurve". The new interface is aimed for XP feel and styles. The setup makes
no difference in this case!</PARA>
<PARA>Other good references for the similar setup can be found in the following documents:</PARA>
<PARA>
<ITEMIZEDLIST>
<LISTITEM><PARA>The <ULINK URL="http://ibiblio.org/pub/Linux/docs/HOWTO/mini/other-formats/html_single/XDM-Xterm.html">XDM and Xterminal mini-HOWTO</ULINK>, by Kevin Taylor</PARA>
@ -129,94 +152,103 @@ A very good reference for Remote X in both theoretical and practical view. By V
<PARA>
Using XDMCP is inherently insecure, therefore, most of the distributions shipped as it's XDMCP default turned off.
If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network within a firewall.
Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not natively able to use it with SSH. To secure the connection with SSH, the technique is called
X11 TCP/IP Port Forwarding.
Unfortunately, XDMCP uses UDP port 177 and TCP port 6000; therefore, it is not natively able to use it with SSH.
Currently, SSH1 and SSH2 are not implemented to securely forward the UDP communication. </PARA>
<PARA>To secure the connection with SSH, the technique is called X11 TCP/IP Port Forwarding.
Check this <ULINK URL="http://www.ox.compsoc.net/~steve/portforwarding.html">Why Port Forwarding?</ULINK> site and
the <ULINK URL="#REFS">Resources</ULINK> area for additional HOW-TO information. If you would like to experiment this,
I have added a new section below to show you the basic idea of how it works, and I am
leaving the more advanced way of running it to other experts and/or HOWTOs.
I have add a little section below to show you how it works. I will give you only the basic idea how it works, and I will
leave the more advanced way of running it to other experts and/or HOWTOs.
</PARA></SECT2>
<SECT2 ID="SYSTEM"><TITLE>The System I use</TITLE>
<PARA>
I have tested the setup running a GNOME (gdm), as well as KDE (kdm) on Red Hat 6.0, 6.2 and Red Hat 7.x (up to 7.2). (Thanks to Peter van Eerten
in Netherlands who provides info regarding Slakware 8.0 setup. Many others also provide me info regarding different distributions. I would like
to thank them as well).
The other I have tried on are Caldera eDesktop 2.4, which is similar to RH's setup. I have also test it on current Mandrake version (V8.1) without a problem.
I have not had a chance to test it on other Linux flavors like Debian and Slackware (One Slackware user told me it works the same way as mentioned in
I have tested the setup running a GNOME (gdm), as well as KDE (kdm) on Red Hat 6.0, 6.2 and Red Hat 7.x and 8.0. I also had a chance to
test this on Mandrake 7.2, 8.0, 8.2 and 9.0. SuSE 7.2 and Slakware 8.0's setup are tested by the users, thanks to Peter Van Eerten and others,
who helps the test for this HOW-TO. I would like to thank all users who help me on this project).
The other I have tried on is Caldera eDesktop 2.4, which is similar to RH's setup, except that it uses KDE.
I have not had a chance to test it on other Linux flavors like Debian and Slackware (Slackware users had told me it works the same way as mentioned in
this document). However, the setup should be similar and should works fine.
If you have successfully setup one other than the Red Hat, Caldera and Mandrake platform, please share it with me. I will add them into this document.
</PARA>
<PARA>My server hardware is an IBM PC clone running an Intel Pentium II 500 MHz with 256 MB memory and 20 GB ATA-66 Hard Drive.
(I found out that my old Pentium 100 MHz PC runs this just fine). I use a 3COM 10/100 Fast Ethernet (3C509B) NIC with an ATAPI 32X CD-ROM and an IOMEGA ZIP drive.
I have also test it on my Toshiba Tecra 8100 laptop connecting using my Lucent/Agere Orinico Wireless LAN card (80211.b).</PARA>
<PARA>The PC hardware I use is an IBM PC clone running an AMD Athelon XP 1800+ with 384 MB memory and a 60 GB ATA-100 Hard Drive. This machine has been
since upgraded from Intel Pentium II 500 MHz PC.
(I found out that my old Pentium 100 MHz PC runs this just fine). I use a built-in Fast Ethernet NIC in my new AMD type M/B.
In my old machine, I use the 3Com 10/100 (3C509B) NIC with an ATAPI 48X CD-ROM and an IOMEGA ZIP drive.
I have also test it on my Toshiba Tecra 8100 laptop connecting using my Agere Wireless LAN card.</PARA>
</SECT2>
<SECT2 ID="remote"><TITLE>Remote piece</TITLE>
<PARA>
I use the Hummingbird Exceed 6.x (with Service Pack), Exceed 7.x and have tested them on Windows 98 SE, Windows NT 4.0 and Windows 2000 Pro.
I found out that another popular choice are X-Win32 and X-ThinPro. However, there are many open-source apps as well as commercial one available.
</PARA>
</SECT2>
I use the Hummingbird Exceed 7.0 (Exceed 6.x also works fine) on my PC and have tested them on Windows 98 SE, Windows NT 4.0 and Windows 2000 Pro.
I found out that other popular choices are X-Win32 and X-ThinPro. There are also many open-source apps as well as commercial one available.
</PARA></SECT2>
<SECT2 ID="PREP"><TITLE>Server Preparation</TITLE>
<PARA>
In RH 7.x, you need to setup DNS lookup, in order for some networking function to work properly (such as <COMMAND>telnet</COMMAND>). If you are in a small isolated
environment (like home or small office, etc.) that do not have access to a public DNS Server, then add entry of the working DNS Server name(s) (such as your ISP's)
in the <FILENAME>resolv.conf</FILENAME> file or you can add the host name of all workstations in your local <FILENAME>host</FILENAME> table.
In RH 7.x, you need to setup DNS lookup, in order for some networking function to work properly (such as <COMMAND>telnet</COMMAND> that we will
use to test the setup). You can use "<COMMAND>netstat -r</COMMAND>" and/or "<COMMAND>arp -a</COMMAND>" command to verify your DNS setup or response time.
If you are in a small
environment (like home or small office, etc.) that do not have your own DNS and is relying on your ISP's DNS Server, then add the entry of your DNS Server name(s)
in the "<FILENAME>resolv.conf</FILENAME>" file. If you are only use it in the lab or at home, then, you can add the host name of all workstations in your local "<FILENAME>host</FILENAME>" table.
</PARA>
<PARA>
To prepare your X-Server for XDMCP session, you need to make sure the following are properly installed:
To prepare your X Server for XDMCP session, you need to make sure the following are properly installed:
<ORDEREDLIST><LISTITEM><PARA>
Install your Linux OS. In my case, I installed
Red Hat 7.2 (Custom Installation). If you plan to use SSH Port Forwarding, you need to compile SSH with your kernel.
Also, RH 7.x comes with firewall installed as default. You will encounter problem,
if you do not add firewall rules or temporary disable it for setting up XDMCP. I will not cover the firewall rules here in details,
Red Hat 7.3 (Custom Installation). If you plan to use SSH Port Forwarding, you need to install the OpenSSH package or compile SSH with your kernel.
Also, RH 7.x comes with firewall installed by default (unless you choose not to). You may encounter problem,
if you do not add firewall rules or temporary disable it in setting up XDMCP. I will not cover the firewall rules here in details,
since this is not the focus of this document. I will share only how to make it works first and you can fine-tune it yourself.
</PARA>
<PARA>
To show your firewall rules, use the command <COMMAND>ipchains -L</COMMAND> to list your default rule sets.
To show your firewall rules, in kernel 2.2x, use the command <COMMAND>ipchains -L</COMMAND> to list your default rule sets.
To temporary disable it, use this command <COMMAND>ipchains -F</COMMAND> to flush
the rules (Don't worry, it will restore by re-loading or re-boot). One user, Ryan Sheidow,
shared with me that by adding this rule, you can do it without disable your firewall
and can allow yourself to access the X-Server (you can try for yourself).
the rules (Don't worry, it will restore by re-loading or re-boot). For kernel 2.4x, replace command <COMMAND>ipchains</COMMAND> with
<COMMAND>iptables</COMMAND>. One user shared with me that by adding this rule,
you can do it without disable your firewall and can allow yourself to access the X Server (you can verify this yourself).
</PARA>
<SCREEN>ipchains -A input -p udp -i $extint --dport 177 -j DENY</SCREEN>
<SCREEN>ipchains -A input -p udp -i $extint --dport 177 -j ACCEPT</SCREEN>
<PARA>You should be able to use the <COMMAND>iptables</COMMAND> in the similar way. (Check for iptables
references at the <ULINK URL="#REFS">Resources</ULINK> area). </PARA>
<PARA>For more firewall details, check the
<ULINK URL="http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IP-Masquerade-HOWTO.html">IP Masquerade HOWTO page.</ULINK></PARA>
<PARA>One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. This is how I use it
myself.</PARA>
<PARA>Linux Kernel 2.4x shipped with new firewall app called <COMMAND>iptables</COMMAND>. Please feel free to experiment it.
Again, I will not cover it here.</PARA>
<PARA>One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. For using the
command <COMMAND>iptables</COMMAND>, please feel free to experiment it. Again, I will not cover it here. I am the lucky one, because I use my company's
firewall to protect me.</PARA>
</LISTITEM>
<LISTITEM><PARA>
Setup your Networking. To test it out,
<COMMAND>ping</COMMAND>, <COMMAND>ftp</COMMAND> and <COMMAND>telnet</COMMAND>
are good commands to use to determine if your network
works. RH 7.2 do not have <COMMAND>telnet</COMMAND> daemon turn on by default. Remember to enable it, if you prefer to use it
for your test. One other thing is to remember firewall rules are there. Add your own rules or temporary disable it (as mentioned
works. RH 7.x and up do not have <COMMAND>telnet</COMMAND> daemon turn on by default (for security reason). Remember to enable it, if you prefer to use it
for your test. You can always turn it off when you are done (Using <COMMAND>ntsysv</COMMAND> with root privilege).
One other thing is to remember firewall rules are there. Add your own rules or temporary disable it (as mentioned
above) to make these commands work.
</PARA></LISTITEM>
<LISTITEM><PARA>
Setup X. Do <EMPHASIS>not</EMPHASIS> setup with a
resolution higher than what the remote users are able to use for
their display. Test the X-Server by typing either
their display. Test the X Server by typing either
<COMMAND>startx</COMMAND> or <COMMAND>telinit 5</COMMAND>.
Make sure X is running properly.
</PARA></LISTITEM>
Make sure X is running properly.</PARA>
</LISTITEM>
<LISTITEM><PARA>
Creates the necessary user accounts (and associated groups) for user who will access via the X-Terminal.
Creates the necessary user accounts (and associated groups) for user who will access via the Xterminal.
</PARA></LISTITEM></ORDEREDLIST>
</PARA></SECT2>
<SECT2 ID="STEPS"><TITLE>Steps to Complete the Procedures</TITLE>
<PARA>
These are steps I used to setup the X-server for accepting XDMCP requests:
These are steps I used to setup the X Server for accepting XDMCP requests:
<ORDEREDLIST>
<LISTITEM><PARA>
For RH 6.2, modify <FILENAME>/etc/rc.d/init.d/xfs</FILENAME> and make the
In Linux X environment, you need to provide font using either X font server (xfs) or hard coded font path in XF86Config and XF86Config-4 configuration
files. If you plan to use xfs font server (check here to see the <ULINK URL="http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-x-fonts.html">
xfs advantages</ULINK>), do this in RH 6.2 and Mandrake 8.x and 9.0, modify <FILENAME>/etc/rc.d/init.d/xfs</FILENAME> and make the
following changes. Change all (this is where the Font Server port):
</PARA>
<SCREEN>daemon xfs -droppriv -daemon -port -1</SCREEN>
@ -224,9 +256,28 @@ A very good reference for Remote X in both theoretical and practical view. By V
to:
</PARA>
<SCREEN>daemon xfs -droppriv -daemon -port 7100</SCREEN>
<PARA>In Mandrake 7.2, the port is already set to 7100. Also, in RH 7.x, you do not need to do this, since by default, it is, for security enhancement,
not listening to TCP port any longer! If you need to setup default font server to use, do it in /etc/X11/fs/config and add the setting there.
Different Linux distribution may put the xfs in different folder under /etc/rc.d. You may search for it if that's the case.</PARA></LISTITEM>
<PARA>In Mandrake 7.2, the port is already set to 7100. Also, in RH 7.x, it is by default, for security enhancement,
not listening to TCP port any longer! If you like to setup X font server, do the following steps:</PARA>
<PARA>Change this line in <FILENAME>/etc/rc.d/init.d/xfs</FILENAME>:</PARA>
<SCREEN>daemon xfs -droppriv -daemon</SCREEN>
<PARA>
to:
</PARA>
<SCREEN>daemon xfs -droppriv -daemon -port 7100</SCREEN>
<PARA>Then, in <FILENAME>/etc/X11/fs/config</FILENAME>, comment out this line:</PARA>
<SCREEN># don't listen to TCP ports by default for security reasons
#no-listen = tcp</SCREEN>
<PARA>If you change or add the port, use this command to restart your X font server (requires root):
<SCREEN>service xfs restart</SCREEN>
</PARA>
<PARA>You do not have to use port 7100. You can set a different port, as long as you carefully plan it first to make sure no conflicts in
using the port number and change it accordingly. It is better to consult your Linux admin before doing so, so that he/she knows the port has been taken!
Different Linux distribution may put the xfs in different folder under /etc/rc.d. You may search for it if that's the case.</PARA>
</LISTITEM>
<LISTITEM><PARA>
Modify <FILENAME>/etc/X11/xdm/xdm-config</FILENAME> and make the
@ -250,36 +301,29 @@ Different Linux distribution may put the xfs in different folder under /etc/rc.d
to:
</PARA>
<SCREEN>* # any host can get a login window</SCREEN>
<PARA>xdm usually run as a local copy of X and can listen for requests from remote hosts over a network.
xdm reads its configuration files <FILENAME>/etc/X11/xdm/xdm-config</FILENAME> for all configuration and log files that xdm uses.
For kdm, it is a replacement of xdm and configures the same way, except its files are in <FILENAME>/etc/X11/kdm</FILENAME> for Caldera.
It is worth noting that the <COMMAND>Xsession</COMMAND> file is what runs your environment.</PARA>
<PARA>The gdm (Gnome Display Manager) is a re-implementation of the well known xdm.
gdm has similar functions to xdm and kdm, gdm is the Gnome Display Manager, and its configuration files are found in <FILENAME>/etc/X11/gdm/gdm.conf</FILENAME>.
The <FILENAME>gdm.conf</FILENAME> file contains sets of variables and many options for gdm, and the Sessions directory contains a script for each session option;
each script calls <FILENAME>/etc/X11/xdm/Xsession</FILENAME> with the appropriate option.</PARA>
<PARA>
The above setup is in a Broadcast mode, which will list all the X-Server that are listening and willing to manage your X connection. If you only want
The above setup is in a Broadcast mode, which will list all the X Server that are listening and willing to manage your X connection. If you only want
to allow certain connections, use the <COMMAND>CHOOSER</COMMAND> section in this same file. An example can be found in the <ULINK URL="#REFS">Resources</ULINK>.
</PARA>
</LISTITEM>
<LISTITEM><PARA>
I use the gdm as default and use gdm login window to switch between KDE and GNOME. For gdm, edit <FILENAME>/etc/X11/gdm/gdm.conf</FILENAME>.
This activates XDMCP, causing it to listen to the request. (For kdm, if you are using KDE2, edit <FILENAME>/usr/share/config/kdm/kdmrc</FILENAME>
or <FILENAME>/opt/kde2/share/config/kdm/kdmrc</FILENAME> for Slackware version). Change this:
This activates XDMCP, causing it to listen to the request. For kdm (if you pick KDE as your DM in your installation), edit
<FILENAME>/usr/share/config/kdm/kdmrc</FILENAME> for Mandrake and <FILENAME>/etc/kde/kdm/kdmrc</FILENAME> for Red Hat
or <FILENAME>/opt/kde2/share/config/kdm/kdmrc</FILENAME> for Slackware version (KDE2). Change this line:
</PARA>
<SCREEN>[xdmcp]
Enable=0</SCREEN>
Enable=false (may shown as 0 in some distributions)</SCREEN>
<PARA>
to:
</PARA>
<SCREEN>Enable=1</SCREEN>
<SCREEN>Enable=true (or 1 in some distributions)</SCREEN>
<PARA>
Make sure &quot;<COMMAND>Port=177</COMMAND>&quot; is at the end of this block. For Caldera using kdm,
modify this file <FILENAME>/usr/share/config/kdm/kdmrc</FILENAME>.
</PARA></LISTITEM>
Make sure &quot;<COMMAND>Port=177</COMMAND>&quot; is at the end of this block. </PARA>
</LISTITEM>
<LISTITEM><PARA>
Now edit <FILENAME>/etc/inittab</FILENAME> and change
the following line:
@ -289,12 +333,10 @@ Enable=0</SCREEN>
to:
</PARA>
<SCREEN>id:5:initdefault:</SCREEN>
<PARA>
Before changing this line, you can use the
<COMMAND>telinit</COMMAND> command (or preferably <COMMAND>ssh</COMMAND> command) to test prior to
modifying the line. Use either <COMMAND>telinit 3</COMMAND>
to set to level 3, or <COMMAND>telinit 5</COMMAND> to set to
level 5, graphics mode (you can issue this command on the
<PARA>In Slackware, the X11 mode is number "4", not "5".</PARA>
<PARA>This is switching from Text Mode login to Graphical Mode using Display Manager. Before changing this line, you can use the
<COMMAND>telinit</COMMAND> command to test prior to modifying the line. Use either <COMMAND>telinit 3</COMMAND>
to set to level 3, or <COMMAND>telinit 5</COMMAND> to set to level 5, graphics mode (you can issue this command on the
second machine that telnets into this server).
</PARA></LISTITEM>
<LISTITEM><PARA>
@ -307,41 +349,57 @@ Enable=0</SCREEN>
</PARA></LISTITEM>
<LISTITEM><PARA>
Edit the <FILENAME>XF86Config</FILENAME> file (if you are using XFree86 4.x, the file is <FILENAME>XF86Config-4</FILENAME>) at <FILENAME>/etc/X11</FILENAME>
and change the line, if you are using RH Linux:
and change the line:
</PARA>
<SCREEN>FontPath "unix:-1"</SCREEN>
<SCREEN>FontPath "unix/:-1"</SCREEN>
<PARA>
to:
</PARA>
<SCREEN>FontPath "unix:7100"</SCREEN></LISTITEM>
<SCREEN>FontPath "unix/:7100"</SCREEN>
<PARA>If you decide to use the port number other than the usual 7100, be sure to change both in "/etc/rc.d/init.d/xfs" file and here!</PARA>
<PARA>To save your time and energy, I recommend you to add the FontPath in the XF86Config and XF86Config-4 configuration files.
If you are not sure what fonts are available to you, you can use this command to check it out (requires root):</PARA>
<SCREEN>chkfontpath --list</SCREEN>
<PARA>The following are some of the example fonts for your reference. Make sure you have these fonts before editing these path.</PARA>
<SCREEN>
FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/CID/"
FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/" </SCREEN>
</LISTITEM>
<LISTITEM><PARA>
(You <COMMAND>do not</COMMAND> have to make this change. You can keep the default setting, but this is what I use. If you are not sure, leave this alone.)
Add this line to the end of <FILENAME>/etc/inittab</FILENAME>:
(You <COMMAND>do not</COMMAND> have to make this change. You can keep the default setting, but this is what I prefer. If you are not sure, leave this alone.)
Change this line to the end of <FILENAME>/etc/inittab</FILENAME>:
</PARA>
<SCREEN>x:5:respawn:/usr/bin/gdm</SCREEN></LISTITEM></ORDEREDLIST>
<SCREEN>x:5:respawn:/usr/bin/gdm</SCREEN>
<PARA>If you decided not to change this line, it is fine! This is not a required step, but of a personal preference!</PARA>
</LISTITEM></ORDEREDLIST>
</PARA>
<PARA>You are now ready to run a test.</PARA>
<PARA>One other thing to know (that some users have asked) is how to display with <COMMAND>Willing to manage</COMMAND> message with load info As I know this is available
in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAME>.
<SCREEN>DisplayManager.willing: su noboby -c /etc/X11/xdm/XWilling</SCREEN> and the XWilling script must exist. For gdm, add this line to the
<SCREEN>DisplayManager.willing: su noboby -c /etc/X11/xdm/Xwilling</SCREEN> and the XWilling script must exist. For gdm, add this line to the
<FILENAME>/etc/X11/gdm/gdm.conf</FILENAME> in <FILENAME>[security]</FILENAME> section:
<SCREEN>Willing=/etc/X11/gdm/Xwilling</SCREEN>
</PARA>
<PARA>A sample of <ULINK URL="http://www.penguinlovers.net/linux/Xwilling">Xwilling script</ULINK> is here for your reference. Adding this script or not is your preference. It is not required step here!</PARA>
</SECT2>
<SECT2 ID="TESTING"><TITLE>Testing</TITLE>
<PARA>
To test if your XDMCP with X-Server is ready to accept
connections, do these steps. I find it easier using the X-Server and another machine to test it:
To test if your XDMCP with X Server is ready to accept
connection(s), do these steps. I find it easier using the X Server and another machine to test it:
<ORDEREDLIST>
<LISTITEM><PARA>
Restart your display manager gdm (or xdm and I am assuming you are running level 5). If you are not sure how to do this, simply reboot your system (but this
is really not necessary, if you know how to restart it using command line. That's the beauty of Linux, comparing to my Windows).
(Re-)Start your X (which is in runlevel 5). If you are not sure how to do this, simply reboot your system (but this
is really not necessary, if you know how to restart it using command line. That's the beauty of Linux, when comparing it to my Windows).
</PARA></LISTITEM>
<LISTITEM><PARA>
If you have not modify your firewall rules, you need to temporary disable it by using <COMMAND>ipchains -F</COMMAND>.
If you have not modify your firewall rules, you need to temporary disable it by using <COMMAND>iptables -F</COMMAND> (or <COMMAND>ipchains -F</COMMAND>).
</PARA></LISTITEM>
<LISTITEM><PARA>
Make sure the Graphical login page comes up. Make sure the
@ -349,9 +407,9 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
see if the local access is OK. If OK, do not log off.
</PARA></LISTITEM>
<LISTITEM><PARA>
Setup Hummingbird Exceed to either query this machine (using
Setup Hummingbird Exceed (or other X Client software) to either query this machine (using
the IP address or fully qualified DNS name) or set to use XDMCP-Broadcast and try to
connect to the X server. You should see the X Session come
connect to the X Server. You should see the X Session come
up and the login screen appear.
</PARA></LISTITEM>
</ORDEREDLIST>
@ -360,9 +418,9 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
<SECT1 ID="SSH"><TITLE>X11 Forwarding using SSH</TITLE>
<PARA>
As I have explained earlier, using XDMCP to display X across Internet is basically a no-no, due to it's lack of
encryption across the Internet. One way of enforce the traffic security is to use the SSH by the way of
X11 forwarding. SSH (Secure Shell) is developed in 1995 by Tatu Ylonen to replace the insecure <COMMAND>telnet</COMMAND>
and <COMMAND>ftp</COMMAND>. The first thing you need to know is that X11 forwarding using SSH is different from
encryption across the Internet. One way to enforce the traffic security is to use the SSH by the way of
X11 tunnelling or port forwarding. SSH (Secure Shell) is developed in 1995 by Tatu Ylonen to replace the insecure telnet, ftp,
scp, rcp, rlogin, rsh, etc. The first thing you need to know is that X11 forwarding using SSH is different from
your regular, non-secure way of running X Window.
</PARA>
@ -370,8 +428,8 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
In Linux, they are the OpenSSH packages. Check your distribution to decide what package you need to install (some installed it
as standard packages). Secondly, you need a Windows SSH Client (other OS version, like MAC, are also available).
I recommend PuTTY. It is a wonderful free SSH client and you can download them from
<ULINK URL="http://www.chiark.greenend.org.uk/~sgtatham/putty/">this link</ULINK>. Download the document as well and read
them carefully. The other good free SSH client are: Tera Term Pro + TTSSH: An SSH Extension to Tera Term, SSH Secure Shell
<ULINK URL="http://www.chiark.greenend.org.uk/~sgtatham/putty/">this link</ULINK>. Remember to download the document and read
them carefully. The other good free SSH clients are: Tera Term Pro + TTSSH: An SSH Extension to Tera Term, SSH Secure Shell
Client by SSH.com (only free for non-commercial use). I will break down again into steps, so it is easy for you to follow.
</PARA>
@ -408,11 +466,11 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
<PARA> Now you see the difference is that you do not see all your X Window. You are simply running X application one by one and
forwarding via SSH to your local screen. Therefore, you need to know the command for running each X application. All the
control are done via SSH client window. To me, the security is worth the slightly inconvenience!
</PARA>
<PARA>
For user running the X-Win32, you can <ULINK URL="http://www.starnet.com/products/ssh.htm">use this link</ULINK> for your SSH + X11 forwarding setup.
control are done via SSH client window. To me, the security is worthy than the slightly inconvenience!
</PARA>
<PARA>If you are using X-Win32 and you want to use <ULINK URL="http://www.starnet.com/products/ssh.htm">SSH with Port Forwarding</ULINK>,
you can use this reference to set it up.</PARA>
</SECT1>
<SECT1 ID="TS"><TITLE>Troubleshooting</TITLE>
@ -426,27 +484,31 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
</PARA>
<SCREEN>
_ FontTransSocketUNIXConnect: Can't connect: errno = 111
failed to set default font path 'unix:-1'
failed to set dafault font path 'unix:-1'
Fatal server error:
could not open default font 'fixed'</SCREEN>
<PARA>
This is likely due to xfs not finding the correct port for
the Font Server (again, if you are running RH 6.2). To resolve this, check steps 1 and
7 above. Make sure the configuration are pointing to (port)
the Font Server or the font path is not set correctly! To resolve this, check steps 1 and
8 above. Make sure the configuration are pointing to (port)
7100 and make sure you have the following fonts installed (if
not re-install the XFree86 font packages from your CD). Check the listing in <FILENAME>XF86Config</FILENAME> file
(if you are using XFree86 4.x, the file is <FILENAME>XF86Config-4</FILENAME>) at <FILENAME>/etc/X11</FILENAME>:
</PARA>
<SCREEN>
FontPath "/usr/lib/X11/fonts/75dpi/"
FontPath "/usr/lib/X11/fonts/misc/"
FontPath "/usr/lib/X11/fonts/CID"
FontPath "/usr/lib/X11/fonts/Speedo"
FontPath "/usr/lib/X11/fonts/100dpi"</SCREEN>
<PARA>
Use the command <COMMAND>startx</COMMAND> (on local) to restart
the X server (or use <COMMAND>telinit 5</COMMAND> to switch the run-level).
</PARA></LISTITEM>
FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/CID/"
FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"</SCREEN>
<PARA>Use the command <COMMAND>startx</COMMAND> (on local) to restart
the X server (or use <COMMAND>telinit 5</COMMAND> to switch the run-level). To restart xfs, use the command in step 1.
</PARA>
<PARA>I found out in my RH 7.3 that if my xfs is not setup, it will crash the Exceed connection if I use the GNOME. (Using KDE is
fine and it does not affect my Mandrake GNOME). After I fix it and start up my xfs, it works fine!</PARA>
</LISTITEM>
<LISTITEM><PARA>
If Exceed has no respond (in blank screen):
</PARA>
@ -455,14 +517,14 @@ in xdm by adding the following to the <FILENAME>/etc/X11/xdm/xdm-config</FILENAM
is used in <FILENAME>/etc/inittab</FILENAME>) is not starting
correctly. Issue the command:
<COMMAND>ps -ef | grep gdm</COMMAND> (or
<COMMAND>ps -ef | grep xdm</COMMAND> if xdm is used). Also, if your box has udp port turned on for XDMCP, you can type
xdm or kdm, replace it in the command). Also, if your box has udp port turned on for XDMCP, you can type
<COMMAND>netstat -l | grep xdmcp</COMMAND> and you should see this:
</PARA>
<SCREEN>
udp 0 0 *:xdmcp *:*</SCREEN>
<PARA>
If the process is not running, check the steps on the setup above (make sure
there are no typos and that the correct path is given). Restart
there are no typo's and that the correct path is given). Restart
X using the command <COMMAND>telinit 5</COMMAND>. If the udp port is not there for XDMCP, do step 2 as above.
</PARA>
<PARA>
@ -481,8 +543,8 @@ I personally do not have the environment to test this, so you can test it yourse
<LISTITEM><PARA>
Linux to Linux Display export:
</PARA>
<PARA>If you are using another Linux with X, you do not need to use XDMCP to manage your display. You can actually export your display right in your X box.
To do this, you must enable your access control to allow to make connection to the X Server. The common error you will get without doing so are:</PARA>
<PARA>If you are using another Linux with X, you do not need to use XDMCP to manage your display. You can actually export your display right from your X box.
To do this, you must enable your access control to allow other to make connection to the X Server. The common error you will get without doing so are:</PARA>
<SCREEN>xlib: Connection refused (error 111): unable to connect to X server
xlib: No such process (error 3): Server error</SCREEN>
<PARA>To resolve the problem, use the command below:
@ -505,7 +567,7 @@ HonorIndirect=1</SCREEN>
I got a &quot;Signal 11&quot; error:
</PARA>
<PARA>The &quot;Signal 11&quot; error, also called &quot;Segmentation Fault&quot;, can sometimes be a problem of your hardware and/or software. If you have this problem
in bring up the X-server, you need to fix it before configuring XDMCP. Unfortunately, there is no simple way to fix the problem due to many possible causes. For details,
in bring up the X Server, you need to fix it before configuring XDMCP. Unfortunately, there is no simple way to fix the problem due to many possible causes. For details,
please check this <ULINK URL="http://www.bitwizard.nl/sig11/">SIG 11 while compiling the Kernel.</ULINK>
</PARA>
</LISTITEM>
@ -538,6 +600,10 @@ BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM can
<ULINK URL="http://www.linuxgazette.com/issue43/nielsen.xdm.html">
Configuring XDM</ULINK>
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://www.me.umn.edu/~kaszeta/unix/xterminal/config.html">
Configuring Chooser through X Resources</ULINK>
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://sun3.gs.uni-heidelberg.de/~malsburg/files/ports/xdmcp_udp.html">
xdmcp/udp</ULINK>
@ -573,15 +639,20 @@ BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM can
<LISTITEM><PARA>
<ULINK URL="http://www.ox.compsoc.net/~steve/portforwarding.html">
Why Port Forwarding?</ULINK>,
Why Port Forwarding?</ULINK>;
<ULINK URL="http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html">
Port Forwarding</ULINK>,
Port Forwarding</ULINK>;
<ULINK URL="http://www.ssh.com/products/ssh/administrator30/X11_Forwarding.html">
SSH: X11 Forwarding</ULINK>
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://www.socsci.auc.dk/~mkp/gdm/">GNOME Display Manager</ULINK>
<ULINK URL="http://www.5z.com/jirka/gdm.html">GNOME Display Manager</ULINK>
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://www.linuxworld.com/site-stories/2001/0920.ipchains.html">10 minutes to an iptables-base Linux firewall</ULINK>;
<ULINK URL="http://www.onlamp.com/linux/cmd/i/iptables.html">iptables command introduction</ULINK>
</PARA></LISTITEM>
@ -593,20 +664,21 @@ BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM can
<ULINK URL="http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ch-sec-services.en.html">Securing Services on your system</ULINK> (Debian)
</PARA></LISTITEM>
<LISTITEM><PARA>
<ULINK URL="http://linux.nf/remotexkdm.html">Remote X using KDM</ULINK> (Caldera)
<ULINK URL="http://linux-sxs.org/remotexkdm.html">Remote X using KDM</ULINK> (Caldera)
</PARA></LISTITEM>
</ITEMIZEDLIST>
</PARA></SECT1>
<SECT1 ID="AU"><TITLE>Authors</TITLE>
<PARA>
Current: Thomas Chao, Lucent Technologies
Current: Thomas Chao, Lucent Technologies.
<EMAIL>tomchao@lucent.com</EMAIL>
</PARA></SECT1>
<!-- Section1: copyright -->
<SECT1 ID="COPYRIGHT"><TITLE>Copyright Information</TITLE>
<PARA>
This document is copyrighted (c) 2000, 2001 Thomas Chao and is
This document is copyrighted (c) 2000 - 2003 Thomas Chao and is
distributed under the terms of the Linux Documentation Project
(LDP) license, stated below.
</PARA>