mirror of https://github.com/tLDP/LDP
removing file; using new name
This commit is contained in:
parent
1d26ca4117
commit
f25d1fade3
|
@ -1,563 +0,0 @@
|
|||
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
||||
|
||||
<article>
|
||||
|
||||
<!-- Header -->
|
||||
|
||||
<artheader>
|
||||
<title>Linux XDMCP HOWTO</title>
|
||||
|
||||
<author>
|
||||
<firstname>Thomas</firstname>
|
||||
<surname>Chao</surname>
|
||||
<affiliation>
|
||||
<address>
|
||||
<email>tomchao@lucent.com</email>
|
||||
</address>
|
||||
</affiliation>
|
||||
</author>
|
||||
|
||||
<revhistory>
|
||||
<revision>
|
||||
<revnumber>v1.0</revnumber>
|
||||
<date>1 November 2000</date>
|
||||
<authorinitials>tc</authorinitials>
|
||||
<revremark>
|
||||
Initial revision and release.
|
||||
</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<abstract>
|
||||
<para>
|
||||
XDMCP stands for "X Display Manager Control Protocol".
|
||||
It provides a mechanism for an
|
||||
Xterminal to request a session from a remote host. This document
|
||||
describes how to setup XDMCP.
|
||||
</para>
|
||||
</abstract>
|
||||
|
||||
</artheader>
|
||||
|
||||
<!-- Section1: intro -->
|
||||
|
||||
<sect1 id="intro">
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
XDMCP stands for "X Display Manager Control Protocol".
|
||||
It provides a mechanism for an
|
||||
Xterminal to request a session from a remote host. This document
|
||||
describes how to setup XDMCP.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Some of us running Linux (like me) are looking for the
|
||||
best parts of Linux. Among them is the ability to re-use old
|
||||
systems (like 486 CPUs) as a client (with the Win32 client; like
|
||||
Hummingbird's Exceed) to run Linux from any PC. It is somehow
|
||||
very surprising that there aren't many documents on the internet
|
||||
which guide you step by step on how to set this up. Essentially, by
|
||||
using XDMCP, you can create a cheap solution of a client and
|
||||
server environment.
|
||||
</para>
|
||||
|
||||
<!-- Section2: copyright -->
|
||||
|
||||
<sect2 id="copyright">
|
||||
<title>Copyright Information</title>
|
||||
|
||||
<para>
|
||||
This document is copyrighted (c) 2000 Thomas Chao and is
|
||||
distributed under the terms of the Linux Documentation Project
|
||||
(LDP) license, stated below.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Unless otherwise stated, Linux HOWTO documents are
|
||||
copyrighted by their respective authors. Linux HOWTO documents may
|
||||
be reproduced and distributed in whole or in part, in any medium
|
||||
physical or electronic, as long as this copyright notice is
|
||||
retained on all copies. Commercial redistribution is allowed and
|
||||
encouraged; however, the author would like to be notified of any
|
||||
such distributions.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
All translations, derivative works, or aggregate works
|
||||
incorporating any Linux HOWTO documents must be covered under this
|
||||
copyright notice. That is, you may not produce a derivative work
|
||||
from a HOWTO and impose additional restrictions on its
|
||||
distribution. Exceptions to these rules may be granted under
|
||||
certain conditions; please contact the Linux HOWTO coordinator at
|
||||
the address given below.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In short, we wish to promote dissemination of this
|
||||
information through as many channels as possible. However, we do
|
||||
wish to retain copyright on the HOWTO documents, and would like to
|
||||
be notified of any plans to redistribute the HOWTOs.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you have any questions, please contact
|
||||
<email>linux-howto@metalab.unc.edu</email>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<!-- Section2: disclaimer -->
|
||||
|
||||
<sect2 id="disclaimer">
|
||||
<title>Disclaimer</title>
|
||||
|
||||
<para>
|
||||
No liability for the contents of this documents can be accepted.
|
||||
Use the concepts, examples and other content at your own risk.
|
||||
As this is a new edition of this document, there may be errors
|
||||
and inaccuracies, that may of course be damaging to your system.
|
||||
Proceed with caution, and although this is highly unlikely,
|
||||
the author(s) do not take any responsibility for that.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
All copyrights are held by their by their respective owners, unless
|
||||
specifically noted otherwise. Use of a term in this document
|
||||
should not be regarded as affecting the validity of any trademark
|
||||
or service mark.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Naming of particular products or brands should not be seen
|
||||
as endorsements.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You are strongly recommended to take a backup of your system
|
||||
before major installation and backups at regular intervals.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<!-- Section2: feedback -->
|
||||
|
||||
<sect2 id="feedback">
|
||||
<title>Feedback</title>
|
||||
|
||||
<para>
|
||||
Feedback is most certainly welcome for this document. Without
|
||||
your submissions and input, this document wouldn't exist. Please
|
||||
send your additions, comments and criticisms to the following
|
||||
email address : <email>tomchao@lucent.com</email>.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1 id="procedure">
|
||||
<title>The Procedure</title>
|
||||
|
||||
<para>
|
||||
This section details the procedure for setting up and using
|
||||
XDMCP.
|
||||
</para>
|
||||
|
||||
<sect2 id="system">
|
||||
<title>System</title>
|
||||
<para>
|
||||
I have tested the setup running an X Server that listens to an
|
||||
XDMCP session on Red Hat 6.0, 6.2 and Red Hat 7.0. I have not
|
||||
had a chance to test it on any other Linux flavors. If you have
|
||||
successfully setup one other than Red Hat platform, please share
|
||||
it with us. My server hardware is an IBM PC clone running an
|
||||
Intel Pentium II 400 Mhz with 128 MB memory and 30 MB ATA-66
|
||||
Hard Drive. I use a 3COM 10/100 Fast Ethernet (3C509B) NIC.
|
||||
I setup the X Server to accept 6 session clients.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="client">
|
||||
<title>Client</title>
|
||||
<para>
|
||||
I am using Hummingbird Exceed 6.1 with Service Pack 1 on Windows
|
||||
98 SE, Windows NT 4.0 and Windows 2000 Pro.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2 id="prep">
|
||||
<title>Server Preparation</title>
|
||||
<para>
|
||||
To prepare your X Server for XDMCP session, you need to make
|
||||
sure the following are properly installed:
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Install your Linux OS. In my case, I installed
|
||||
Red Hat 6.2 (Custom Installation).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Setup your Networking. To test it out,
|
||||
<command>ping</command> and <command>telnet</command>
|
||||
are good comamnds to use to determine if your network
|
||||
works.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Setup X. Do <emphasis>not</emphasis> setup with a
|
||||
resolution higher than what the clients are able to use for
|
||||
their display. Test the X Server by typing either
|
||||
<command>startx</command> or <command>telinit 5</command>.
|
||||
Make sure X is running properly.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Creates the necessary user accounts (and associated groups)
|
||||
you will need for client access via the XDMCP client.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="steps">
|
||||
<title>Steps to Complete the Procedure</title>
|
||||
|
||||
<para>
|
||||
These are steps I used to setup the Server for accepting XDMCP requests:
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Modify <filename>/etc/rc.d/init.d/xfs</filename> and make the
|
||||
following changes. Change all (this is where the Font Server port):
|
||||
</para>
|
||||
<screen>daemon xfs -droppriv -daemon -port -1</screen>
|
||||
<para>
|
||||
to:
|
||||
</para>
|
||||
<screen>daemon xfs -droppriv -daemon -port 7100</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
In <filename>/etc/X11/xdm/Xaccess</filename>, change
|
||||
(this allow all hosts to connect):
|
||||
</para>
|
||||
<screen>#* # any host can get a login window</screen>
|
||||
<para>
|
||||
to:
|
||||
</para>
|
||||
<screen>* # any host can get a login window</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Edit <filename>/etc/X11/gdm/gdm.conf</filename>.
|
||||
This activates XDMCP, causing it to listen to the request.
|
||||
Change this:
|
||||
</para>
|
||||
<screen>
|
||||
[xdmcp]
|
||||
Enable=0</screen>
|
||||
<para>
|
||||
to:
|
||||
</para>
|
||||
<screen>Enable=1</screen>
|
||||
<para>
|
||||
Make sure "<command>Port=177</command>" is at the end of this block.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Now edit <filename>/etc/inittab</filename> and change
|
||||
the following line:
|
||||
</para>
|
||||
<screen>id:3:initdefault:</screen>
|
||||
<para>
|
||||
to:
|
||||
</para>
|
||||
<screen>id:5:initdefault:</screen>
|
||||
<para>
|
||||
Before changing this line, you can use the
|
||||
<command>telinit</command> command to test prior to
|
||||
modifying the line. Use either <command>telinit 3</command>
|
||||
to set to level 3, or <command>telinit 5</command> to set to
|
||||
level 5, graphics mode (you can issue this command on the
|
||||
second machine that telnets into this server).
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Change the XServers file located at
|
||||
<filename>/etc/X11/XServers</filename> by adding these lines
|
||||
to get 4 xdm (or gdm) sessions running so that 4 different
|
||||
users can log in (you can add more depending on how powerful
|
||||
your server is).
|
||||
</para>
|
||||
<screen>
|
||||
:0 A local /usr/X11R6/bin/X :0
|
||||
:1 B local /usr/X11R6/bin/X :1
|
||||
:2 C local /usr/X11R6/bin/X :2
|
||||
:3 D local /usr/X11R6/bin/X :3</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Locate <filename>/etc/X11/xdm/Xsetup_0</filename> and <command>chmod 755</command>
|
||||
this file.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Edit the <filename>XF86Config</filename> file in <filename>/etc/X11</filename>
|
||||
and change the line:
|
||||
</para>
|
||||
<screen>FontPath "unix:-1"</screen>
|
||||
<para>
|
||||
to:
|
||||
</para>
|
||||
<screen>FontPath "unix:7100"</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Add this line to the end of <filename>/etc/inittab</filename>:
|
||||
</para>
|
||||
<screen>x:5:respawn:/usr/bin/gdm</screen>
|
||||
</listitem>
|
||||
|
||||
</orderedlist>
|
||||
</para>
|
||||
|
||||
<para>You are now ready to run a test.</para>
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2 id="testing">
|
||||
<title>Testing</title>
|
||||
|
||||
<para>
|
||||
To test if your XDMCP X Server is now ready to accept
|
||||
connections, do these steps. I find it easier using the X
|
||||
Server and another machine to test:
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
(Though you don't need to; it doesn't hurt...) Reboot the machine (I am
|
||||
assuming you are running level 5).
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Make sure the Graphical login page comes up. Make sure the
|
||||
display resolution and mouse work. Log in from the console to
|
||||
see if the local access is OK. If OK, do not log off.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Setup Hummingbird Exceed to either query this machine (using
|
||||
the IP address or fully qualified DNS name) and try to
|
||||
connect to the X server. You should see the X Session come
|
||||
up and the login screen appear.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
If possible, test the maximum number of allowed login sessions.
|
||||
This will ensure access is open to only this number.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1 id="ts">
|
||||
<title>Troubleshooting</title>
|
||||
|
||||
<para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
If X cannot come up and is broken:
|
||||
</para>
|
||||
<para>
|
||||
If X is broken and the connection fails,
|
||||
most of the time it has this error messages:
|
||||
</para>
|
||||
<screen>
|
||||
_ FontTransSocketUNIXConnect: Can't connect: errno = 111
|
||||
failed to set dafault font path 'unix:-1'
|
||||
Fatal server error:
|
||||
could not open default font 'fixed'</screen>
|
||||
<para>
|
||||
This is likely due to xfs not finding the correct port for
|
||||
the Font Server. To resolve this, check steps 1 and
|
||||
7 above. Make sure all the ports are pointing to (port)
|
||||
7100 and make sure you have the following fonts installed (if
|
||||
not re-install the XFree86 font packages):
|
||||
</para>
|
||||
<screen>
|
||||
FontPath "/usr/lib/X11/fonts/75dpi/"
|
||||
FontPath "/usr/lib/X11/fonts/misc/"
|
||||
FontPath "/usr/lib/X11/fonts/CID"
|
||||
FontPath "/usr/lib/X11/fonts/Speedo"
|
||||
FontPath "/usr/lib/X11/fonts/100dpi"</screen>
|
||||
<para>
|
||||
Use the command <command>startx</command> (on local) to restart
|
||||
the X server (or use <command>telinit 5</command>).
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
If Exceed has no respond:
|
||||
</para>
|
||||
<para>
|
||||
In this case, most likely your xdm (or gdm, depending upon which
|
||||
is used in <filename>/etc/inittab</filename>) is not starting
|
||||
correctly. Issue the command:
|
||||
<command>ps -ef | grep gdm</command> (or
|
||||
<command>ps -ef | grep xdm</command> if xdm is used).
|
||||
</para>
|
||||
<para>
|
||||
If the process is not running, check step 8 on the setup above (make sure
|
||||
there are no typo's and that the correct path is given). Restart
|
||||
X using the command <command>telinit 5</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1 id="gdm">
|
||||
<title>XDMCP and GDM (Gnome Display Manager)</title>
|
||||
|
||||
<para>
|
||||
The following is taken from the
|
||||
<ulink url="http://www.oswg.org/oswg-nightly/oswg/en_US.ISO_8859-1/articles/gdm-reference/gdm-reference/index.html">
|
||||
Gnome Display Manager Reference Manual</ulink>:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
GDM also supports the X Display Manager Protocol (XDMCP) for
|
||||
managing remote displays.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
GDM listens to UDP port 177 and will repond to QUERY and
|
||||
BROADCAST_QUERY requests by sending a WILLING packet to the
|
||||
originator.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
GDM can also be configured to honor INDIRECT queries and
|
||||
present a host chooser to the remote display. GDM will
|
||||
remember the user's choice and forward subsequent requests to
|
||||
the chosen manager.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
GDM only supports the MIT-MAGIC-COOKIE-1 authentication
|
||||
system. Little is gained from the other schemes, and no
|
||||
effort has been made to implement them so far.
|
||||
</para>
|
||||
<para>
|
||||
Since it is fairly easy to do denial of service attacks on the
|
||||
XDMCP service, GDM incorporates a few features to guard
|
||||
against attacks. Please read the XDMCP reference section below
|
||||
for more information.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Even though GDM tries to outsmart potential attackers, it is
|
||||
still adviced that you block UDP port 177 on your firewall
|
||||
unless you really need it. GDM guards against DoS attacks, but
|
||||
the X protocol is still inherently insecure and should only be
|
||||
used in controlled environments.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Even though your display is protected by cookies the XEvents
|
||||
and thus the keystrokes typed when entering passwords will
|
||||
still go over the wire in clear text. It is trivial to capture
|
||||
these. You should also be aware that cookies, if placed on an
|
||||
NFS mounted directory, are prone to eavesdropping too.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1 id="refs">
|
||||
<title>Additional References</title>
|
||||
|
||||
<para>Some additional references on this subject include:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<ulink url="http://www.con.wesleyan.edu/~triemer/network/xdmcp/xdmcp_udp.html">
|
||||
xdmcp/udp</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<ulink url="ftp://ftp.x.org/pub/R6.4/xc/doc/hardcopy/XDMCP/xdmcp.PS.gz">
|
||||
XDMCP Documentation</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<ulink url="http://www-uxsup.csx.cam.ac.uk/security/probing/about/xdmcp.html">
|
||||
Should you be running XDMCP?</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<ulink url="http://www.linuxgazette.com/issue27/kaszeta.html">
|
||||
X Window System Terminals</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<ulink url="http://www.tcu-inc.com/mark/projects/xdm/index2.html">
|
||||
A second way of using XDM</ulink>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
||||
</article>
|
||||
|
Loading…
Reference in New Issue