LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

removing file; using new name

This commit is contained in:
gferg 2001-03-20 22:34:07 +00:00
parent 1d26ca4117
commit f25d1fade3
1 changed files with 0 additions and 563 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

563
LDP/howto/docbook/XDMCP.sgml
View File

@ -1,563 +0,0 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<article>
<!-- Header -->
<artheader>
<title>Linux XDMCP HOWTO</title>
<author>
<firstname>Thomas</firstname>
<surname>Chao</surname>
<affiliation>
<address>
<email>tomchao@lucent.com</email>
</address>
</affiliation>
</author>
<revhistory>
<revision>
<revnumber>v1.0</revnumber>
<date>1 November 2000</date>
<authorinitials>tc</authorinitials>
<revremark>
Initial revision and release.
</revremark>
</revision>
</revhistory>
<abstract>
<para>
XDMCP stands for &quot;X Display Manager Control Protocol&quot;.
It provides a mechanism for an
Xterminal to request a session from a remote host. This document
describes how to setup XDMCP.
</para>
</abstract>
</artheader>
<!-- Section1: intro -->
<sect1 id="intro">
<title>Introduction</title>
<para>
XDMCP stands for &quot;X Display Manager Control Protocol&quot;.
It provides a mechanism for an
Xterminal to request a session from a remote host. This document
describes how to setup XDMCP.
</para>
<para>
Some of us running Linux (like me) are looking for the
best parts of Linux. Among them is the ability to re-use old
systems (like 486 CPUs) as a client (with the Win32 client; like
Hummingbird's Exceed) to run Linux from any PC. It is somehow
very surprising that there aren't many documents on the internet
which guide you step by step on how to set this up. Essentially, by
using XDMCP, you can create a cheap solution of a client and
server environment.
</para>
<!-- Section2: copyright -->
<sect2 id="copyright">
<title>Copyright Information</title>
<para>
This document is copyrighted (c) 2000 Thomas Chao and is
distributed under the terms of the Linux Documentation Project
(LDP) license, stated below.
</para>
<para>
Unless otherwise stated, Linux HOWTO documents are
copyrighted by their respective authors. Linux HOWTO documents may
be reproduced and distributed in whole or in part, in any medium
physical or electronic, as long as this copyright notice is
retained on all copies. Commercial redistribution is allowed and
encouraged; however, the author would like to be notified of any
such distributions.
</para>
<para>
All translations, derivative works, or aggregate works
incorporating any Linux HOWTO documents must be covered under this
copyright notice. That is, you may not produce a derivative work
from a HOWTO and impose additional restrictions on its
distribution. Exceptions to these rules may be granted under
certain conditions; please contact the Linux HOWTO coordinator at
the address given below.
</para>
<para>
In short, we wish to promote dissemination of this
information through as many channels as possible. However, we do
wish to retain copyright on the HOWTO documents, and would like to
be notified of any plans to redistribute the HOWTOs.
</para>
<para>
If you have any questions, please contact
<email>linux-howto@metalab.unc.edu</email>
</para>
</sect2>
<!-- Section2: disclaimer -->
<sect2 id="disclaimer">
<title>Disclaimer</title>
<para>
No liability for the contents of this documents can be accepted.
Use the concepts, examples and other content at your own risk.
As this is a new edition of this document, there may be errors
and inaccuracies, that may of course be damaging to your system.
Proceed with caution, and although this is highly unlikely,
the author(s) do not take any responsibility for that.
</para>
<para>
All copyrights are held by their by their respective owners, unless
specifically noted otherwise. Use of a term in this document
should not be regarded as affecting the validity of any trademark
or service mark.
</para>
<para>
Naming of particular products or brands should not be seen
as endorsements.
</para>
<para>
You are strongly recommended to take a backup of your system
before major installation and backups at regular intervals.
</para>
</sect2>
<!-- Section2: feedback -->
<sect2 id="feedback">
<title>Feedback</title>
<para>
Feedback is most certainly welcome for this document. Without
your submissions and input, this document wouldn't exist. Please
send your additions, comments and criticisms to the following
email address : <email>tomchao@lucent.com</email>.
</para>
</sect2>
</sect1>
<sect1 id="procedure">
<title>The Procedure</title>
<para>
This section details the procedure for setting up and using
XDMCP.
</para>
<sect2 id="system">
<title>System</title>
<para>
I have tested the setup running an X Server that listens to an
XDMCP session on Red Hat 6.0, 6.2 and Red Hat 7.0. I have not
had a chance to test it on any other Linux flavors. If you have
successfully setup one other than Red Hat platform, please share
it with us. My server hardware is an IBM PC clone running an
Intel Pentium II 400 Mhz with 128 MB memory and 30 MB ATA-66
Hard Drive. I use a 3COM 10/100 Fast Ethernet (3C509B) NIC.
I setup the X Server to accept 6 session clients.
</para>
</sect2>
<sect2 id="client">
<title>Client</title>
<para>
I am using Hummingbird Exceed 6.1 with Service Pack 1 on Windows
98 SE, Windows NT 4.0 and Windows 2000 Pro.
</para>
</sect2>
<sect2 id="prep">
<title>Server Preparation</title>
<para>
To prepare your X Server for XDMCP session, you need to make
sure the following are properly installed:
<orderedlist>
<listitem>
<para>
Install your Linux OS. In my case, I installed
Red Hat 6.2 (Custom Installation).
</para>
</listitem>
<listitem>
<para>
Setup your Networking. To test it out,
<command>ping</command> and <command>telnet</command>
are good comamnds to use to determine if your network
works.
</para>
</listitem>
<listitem>
<para>
Setup X. Do <emphasis>not</emphasis> setup with a
resolution higher than what the clients are able to use for
their display. Test the X Server by typing either
<command>startx</command> or <command>telinit 5</command>.
Make sure X is running properly.
</para>
</listitem>
<listitem>
<para>
Creates the necessary user accounts (and associated groups)
you will need for client access via the XDMCP client.
</para>
</listitem>
</orderedlist>
</para>
</sect2>
<sect2 id="steps">
<title>Steps to Complete the Procedure</title>
<para>
These are steps I used to setup the Server for accepting XDMCP requests:
<orderedlist>
<listitem>
<para>
Modify <filename>/etc/rc.d/init.d/xfs</filename> and make the
following changes. Change all (this is where the Font Server port):
</para>
<screen>daemon xfs -droppriv -daemon -port -1</screen>
<para>
to:
</para>
<screen>daemon xfs -droppriv -daemon -port 7100</screen>
</listitem>
<listitem>
<para>
In <filename>/etc/X11/xdm/Xaccess</filename>, change
(this allow all hosts to connect):
</para>
<screen>#* # any host can get a login window</screen>
<para>
to:
</para>
<screen>* # any host can get a login window</screen>
</listitem>
<listitem>
<para>
Edit <filename>/etc/X11/gdm/gdm.conf</filename>.
This activates XDMCP, causing it to listen to the request.
Change this:
</para>
<screen>
[xdmcp]
Enable=0</screen>
<para>
to:
</para>
<screen>Enable=1</screen>
<para>
Make sure &quot;<command>Port=177</command>&quot; is at the end of this block.
</para>
</listitem>
<listitem>
<para>
Now edit <filename>/etc/inittab</filename> and change
the following line:
</para>
<screen>id:3:initdefault:</screen>
<para>
to:
</para>
<screen>id:5:initdefault:</screen>
<para>
Before changing this line, you can use the
<command>telinit</command> command to test prior to
modifying the line. Use either <command>telinit 3</command>
to set to level 3, or <command>telinit 5</command> to set to
level 5, graphics mode (you can issue this command on the
second machine that telnets into this server).
</para>
</listitem>
<listitem>
<para>
Change the XServers file located at
<filename>/etc/X11/XServers</filename> by adding these lines
to get 4 xdm (or gdm) sessions running so that 4 different
users can log in (you can add more depending on how powerful
your server is).
</para>
<screen>
:0 A local /usr/X11R6/bin/X :0
:1 B local /usr/X11R6/bin/X :1
:2 C local /usr/X11R6/bin/X :2
:3 D local /usr/X11R6/bin/X :3</screen>
</listitem>
<listitem>
<para>
Locate <filename>/etc/X11/xdm/Xsetup_0</filename> and <command>chmod 755</command>
this file.
</para>
</listitem>
<listitem>
<para>
Edit the <filename>XF86Config</filename> file in <filename>/etc/X11</filename>
and change the line:
</para>
<screen>FontPath "unix:-1"</screen>
<para>
to:
</para>
<screen>FontPath "unix:7100"</screen>
</listitem>
<listitem>
<para>
Add this line to the end of <filename>/etc/inittab</filename>:
</para>
<screen>x:5:respawn:/usr/bin/gdm</screen>
</listitem>
</orderedlist>
</para>
<para>You are now ready to run a test.</para>
</sect2>
<sect2 id="testing">
<title>Testing</title>
<para>
To test if your XDMCP X Server is now ready to accept
connections, do these steps. I find it easier using the X
Server and another machine to test:
<orderedlist>
<listitem>
<para>
(Though you don't need to; it doesn't hurt...) Reboot the machine (I am
assuming you are running level 5).
</para>
</listitem>
<listitem>
<para>
Make sure the Graphical login page comes up. Make sure the
display resolution and mouse work. Log in from the console to
see if the local access is OK. If OK, do not log off.
</para>
</listitem>
<listitem>
<para>
Setup Hummingbird Exceed to either query this machine (using
the IP address or fully qualified DNS name) and try to
connect to the X server. You should see the X Session come
up and the login screen appear.
</para>
</listitem>
<listitem>
<para>
If possible, test the maximum number of allowed login sessions.
This will ensure access is open to only this number.
</para>
</listitem>
</orderedlist>
</para>
</sect2>
</sect1>
<sect1 id="ts">
<title>Troubleshooting</title>
<para>
<itemizedlist>
<listitem>
<para>
If X cannot come up and is broken:
</para>
<para>
If X is broken and the connection fails,
most of the time it has this error messages:
</para>
<screen>
_ FontTransSocketUNIXConnect: Can't connect: errno = 111
failed to set dafault font path 'unix:-1'
Fatal server error:
could not open default font 'fixed'</screen>
<para>
This is likely due to xfs not finding the correct port for
the Font Server. To resolve this, check steps 1 and
7 above. Make sure all the ports are pointing to (port)
7100 and make sure you have the following fonts installed (if
not re-install the XFree86 font packages):
</para>
<screen>
FontPath "/usr/lib/X11/fonts/75dpi/"
FontPath "/usr/lib/X11/fonts/misc/"
FontPath "/usr/lib/X11/fonts/CID"
FontPath "/usr/lib/X11/fonts/Speedo"
FontPath "/usr/lib/X11/fonts/100dpi"</screen>
<para>
Use the command <command>startx</command> (on local) to restart
the X server (or use <command>telinit 5</command>).
</para>
</listitem>
<listitem>
<para>
If Exceed has no respond:
</para>
<para>
In this case, most likely your xdm (or gdm, depending upon which
is used in <filename>/etc/inittab</filename>) is not starting
correctly. Issue the command:
<command>ps -ef | grep gdm</command> (or
<command>ps -ef | grep xdm</command> if xdm is used).
</para>
<para>
If the process is not running, check step 8 on the setup above (make sure
there are no typo's and that the correct path is given). Restart
X using the command <command>telinit 5</command>.
</para>
</listitem>
</itemizedlist>
</para>
</sect1>
<sect1 id="gdm">
<title>XDMCP and GDM (Gnome Display Manager)</title>
<para>
The following is taken from the
<ulink url="http://www.oswg.org/oswg-nightly/oswg/en_US.ISO_8859-1/articles/gdm-reference/gdm-reference/index.html">
Gnome Display Manager Reference Manual</ulink>:
</para>
<para>
GDM also supports the X Display Manager Protocol (XDMCP) for
managing remote displays.
</para>
<para>
GDM listens to UDP port 177 and will repond to QUERY and
BROADCAST_QUERY requests by sending a WILLING packet to the
originator.
</para>
<para>
GDM can also be configured to honor INDIRECT queries and
present a host chooser to the remote display. GDM will
remember the user's choice and forward subsequent requests to
the chosen manager.
</para>
<para>
GDM only supports the MIT-MAGIC-COOKIE-1 authentication
system. Little is gained from the other schemes, and no
effort has been made to implement them so far.
</para>
<para>
Since it is fairly easy to do denial of service attacks on the
XDMCP service, GDM incorporates a few features to guard
against attacks. Please read the XDMCP reference section below
for more information.
</para>
<para>
Even though GDM tries to outsmart potential attackers, it is
still adviced that you block UDP port 177 on your firewall
unless you really need it. GDM guards against DoS attacks, but
the X protocol is still inherently insecure and should only be
used in controlled environments.
</para>
<para>
Even though your display is protected by cookies the XEvents
and thus the keystrokes typed when entering passwords will
still go over the wire in clear text. It is trivial to capture
these. You should also be aware that cookies, if placed on an
NFS mounted directory, are prone to eavesdropping too.
</para>
</sect1>
<sect1 id="refs">
<title>Additional References</title>
<para>Some additional references on this subject include:
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.con.wesleyan.edu/~triemer/network/xdmcp/xdmcp_udp.html">
xdmcp/udp</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="ftp://ftp.x.org/pub/R6.4/xc/doc/hardcopy/XDMCP/xdmcp.PS.gz">
XDMCP Documentation</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www-uxsup.csx.cam.ac.uk/security/probing/about/xdmcp.html">
Should you be running XDMCP?</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.linuxgazette.com/issue27/kaszeta.html">
X Window System Terminals</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.tcu-inc.com/mark/projects/xdm/index2.html">
A second way of using XDM</ulink>
</para>
</listitem>
</itemizedlist>
</para>
</sect1>
</article>