1339 lines
30 KiB
HTML
1339 lines
30 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>The Procedure</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux XDMCP HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Introduction"
|
|
HREF="intro.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="X11 Forwarding using SSH"
|
|
HREF="ssh.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux XDMCP HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="intro.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="ssh.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="PROCEDURE"
|
|
></A
|
|
>2. The Procedure</H1
|
|
><P
|
|
> This section details the procedure for setting up Xterminal using XDMCP. The pre-requisite is to have a (any) Linux distribution
|
|
installed and running X.</P
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN52"
|
|
></A
|
|
>2.1. Before you begin, some background</H2
|
|
><P
|
|
> Before you begin, it is better to have a basic understanding of how this works. The X server is usually started from the X Display Manager (DM).
|
|
In this <A
|
|
HREF="http://en.wikipedia.org/wiki/X_display_manager"
|
|
TARGET="_top"
|
|
>X DM Wiki</A
|
|
> page, it gives you a basic understanding of
|
|
how it works! (More details are at the <A
|
|
HREF="#REFS"
|
|
TARGET="_top"
|
|
>Resources</A
|
|
> below and
|
|
<A
|
|
HREF="http://www.tldp.org"
|
|
TARGET="_top"
|
|
>LDP HOWTO page</A
|
|
>)</P
|
|
><P
|
|
> Almost all the Linux distributions include the xdm, kdm and gdm to you as your choices. (This document will use gdm and kdm as an example).
|
|
The Display Manager provides a nice and consistent interfaces for general users (X-based login, starting up a window manager, clock, etc.).
|
|
X Display Manager manages a collection of X displays, which may be on the local host or remote servers. It is worth noting that
|
|
the <B
|
|
CLASS="COMMAND"
|
|
>Xsession</B
|
|
> file is what runs your environment.</P
|
|
><P
|
|
> When xdm runs, it offers display management in two different ways. It can manage X Server running on the local machine and specified in "Xservers",
|
|
and/or it can manage remote X Servers (typically Xterminals) using XDMCP as specified in the "Xaccess" file. (refer to the xdm man page).</P
|
|
><P
|
|
> For kdm (which comes with the KDE desktop), it is a replacement of xdm and configures the same way, except its files are in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/kdm</TT
|
|
> in Caldera/SCO, <TT
|
|
CLASS="FILENAME"
|
|
>/etc/kde/kdm</TT
|
|
> in Red Hat (and Fedora Core) and
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/share/config/kdm</TT
|
|
>, which is a symbolic link to <TT
|
|
CLASS="FILENAME"
|
|
>/etc/kde/kdm</TT
|
|
>, in Mandrake. </P
|
|
><P
|
|
> The gdm (Gnome Display Manager) is a re-implementation of the well known xdm. gdm has similar functions to xdm and kdm,
|
|
gdm is the Gnome Display Manager, and its configuration files are found in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/gdm/gdm.conf</TT
|
|
>.
|
|
The <TT
|
|
CLASS="FILENAME"
|
|
>gdm.conf</TT
|
|
> file contains sets of variables and many options for gdm, and the Sessions directory
|
|
contains a script for each session option; each script calls <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/Xsession</TT
|
|
> with the appropriate option.
|
|
gdm has similar functions to xdm and kdm, but was written from scratch and does not contain any original XDM / X Consortium code. </P
|
|
><P
|
|
> RH 8.0 introduces the new graphical interface called "Bluecurve". The new interface is aimed for XP feel and styles. The setup makes
|
|
no difference in this case!</P
|
|
><P
|
|
>Other good references for the similar setup can be found in the following documents:</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> The <A
|
|
HREF="http://www.tldp.org/HOWTO/XDM-Xterm/index.html"
|
|
TARGET="_top"
|
|
>XDM and Xterminal mini-HOWTO</A
|
|
>, by Kevin Taylor
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Linux <A
|
|
HREF=""
|
|
TARGET="_top"
|
|
>Remote X Apps mini HOWTO</A
|
|
> A very good reference for Remote X in both theoretical and practical view.
|
|
By Vincent Zweije
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The <A
|
|
HREF="http://www.tldp.org/HOWTO/Xterminals/index.html"
|
|
TARGET="_top"
|
|
>Connecting Xterminal mini-HOWTO</A
|
|
>, by Salvador J. Peralta
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The <A
|
|
HREF="http://www.gnome.org/projects/gdm/docs/gdmtalk.pdf"
|
|
TARGET="_top"
|
|
>Using and Managing GDM</A
|
|
> [ PDF ] from The GNOME Project.
|
|
</P
|
|
></LI
|
|
></UL
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="SECURITY"
|
|
></A
|
|
>2.2. Security Reminder</H2
|
|
><P
|
|
> Do not believe the myth that Linux (or UNIX) is a safer OS than the MS Windows! All OSs are vulnerable to the hackers, if the user does poor configuration
|
|
job or maintaining the security updates!</P
|
|
><P
|
|
> You need to bare this in mind that both X and XDMCP is inherently insecure, and that's why many of the distributions shipped
|
|
as it's XDMCP default turned off. If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network
|
|
within a firewall. Never use it in the open network (or Internet) environment without a firewall protection!
|
|
If you are using at home, remember to add a firewall equipped router for protection. </P
|
|
><P
|
|
> A good way to test your network security is to test it using the <A
|
|
HREF="http://www.grc.com"
|
|
TARGET="_top"
|
|
>ShieldsUp</A
|
|
> by Gibson Research. It is free and easy to use!</P
|
|
><P
|
|
> XDMCP connection opens up UDP ports; therefore, it is not natively able to use it with SSH. Currently, SSH1 and SSH2 are not implemented
|
|
to securely forward the UDP communication. To secure the connection with SSH, the technique is called X11 TCP/IP Port Forwarding.
|
|
Check this <A
|
|
HREF="http://www.ox.compsoc.net/~steve/portforwarding.html"
|
|
TARGET="_top"
|
|
>Why Port Forwarding?</A
|
|
> site and
|
|
the <A
|
|
HREF="#REFS"
|
|
TARGET="_top"
|
|
>Resources</A
|
|
> area for additional HOW-TO information. If you would like to experiment this,
|
|
I have add a little section below to show you how it works. I will give you only the basic idea how it works, and I will
|
|
leave the more advanced way of running it to other experts and/or HOWTOs.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="SYSTEM"
|
|
></A
|
|
>2.3. The System I use</H2
|
|
><P
|
|
> I have tested the setup running a GNOME (gdm), as well as KDE (kdm) on the following distributions:</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
><A
|
|
HREF="http://www.redhat.com"
|
|
TARGET="_top"
|
|
>Red Hat</A
|
|
>: From RH 8.0 down to 6.0. RH Workstation v.3 (commercial).
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> <A
|
|
HREF="http://fedoraproject.org"
|
|
TARGET="_top"
|
|
>Fedora Core</A
|
|
> v.5 to v.7. (The new RH free version)
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Mandrake Linux from 7.2 to 10.0 and Limited Edition 2005. I would also like to test it out on the new
|
|
<A
|
|
HREF="http://www.mandriva.com"
|
|
TARGET="_top"
|
|
>Mandriva</A
|
|
> 2007 Spring version.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> <A
|
|
HREF="http://www.ubuntu"
|
|
TARGET="_top"
|
|
>Ubuntu</A
|
|
> version 6.x, 7.04.
|
|
</P
|
|
></LI
|
|
></UL
|
|
>
|
|
</P
|
|
><P
|
|
> SuSE 7.2 (SuSE is now the new <A
|
|
HREF="http://www.novell.com/linux"
|
|
TARGET="_top"
|
|
>Novell Linux</A
|
|
>) and
|
|
<A
|
|
HREF="http://www.slackware.com"
|
|
TARGET="_top"
|
|
>Slackware</A
|
|
> 8.0's setup are tested by the users, thanks to Peter Van Eerten and others,
|
|
who helps the test for this HOW-TO. (I would like to thank all users who help me on this project).
|
|
The other I have tried on is Caldera eDesktop 2.4 (now owned by SCO), which is similar to RH's setup, except that it uses KDE.
|
|
I have not had a chance to test it on other Linux flavors like Debian, Turbolinux, Gentoo, etc. However, the setup should be
|
|
similar and should work just fine. If you have successfully setup one other than the distribution listed above,
|
|
please share it with me. I will add them into this document.
|
|
</P
|
|
><P
|
|
> The PC hardware that I am using is an IBM PC clone running an Intel Celeron 2.9 GHz with 1 GB memory and a 160 GB
|
|
ATA-133 Hard Drive. The oldest system I current have (in 2007) for the testing are using the Intel
|
|
Pentium II 450 MHz PC with 128 MB memory and it is running with
|
|
good performance. (I test run on an old Pentium 100 MHz PC in 2003 and it runs OK).
|
|
I use a built-in Fast Ethernet NIC in my Intel clone M/B. In my old machine, I use the 3Com 10/100 (3C509B) NIC
|
|
with an ATAPI DVD-ROM and an IOMEGA ZIP drive. I have also test it on my IBM T21 laptop connecting using my Agere
|
|
Wireless LAN card. I have also test the setup on one of my system at home that is using the AMD 64-bit CPU
|
|
running the Fedora Core 6.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="REMOTE"
|
|
></A
|
|
>2.4. Remote Client Piece</H2
|
|
><P
|
|
> I use the Hummingbird Exceed 10.0 (Exceed 6.x and 7.0 are also working fine) on my PC and have tested them on Windows NT 4.0, Windows 2000 Pro,
|
|
Windows XP. I found out that other popular choices are X-Win32 and X-ThinPro, but I did not have a chance to test them out.
|
|
There are also many open-source applications, as well as commercial one available, if you happen to have one.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="PREP"
|
|
></A
|
|
>2.5. Server Preparation</H2
|
|
><P
|
|
> In RH 7.x and other newer dists, you would need to setup DNS lookup, in order for some networking function to work properly
|
|
(such as <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
> that we will use to test the setup). You can use "<B
|
|
CLASS="COMMAND"
|
|
>netstat -r</B
|
|
>"
|
|
and/or "<B
|
|
CLASS="COMMAND"
|
|
>arp -a</B
|
|
>" command to verify your DNS setup or response time. If you are in a small environment
|
|
(like home or small office) that do not have your own DNS and are relying on your ISP's DNS Server, then add the entry of your
|
|
Linux workstation or server name(s) in the "<TT
|
|
CLASS="FILENAME"
|
|
>/etc/resolv.conf</TT
|
|
>" file.
|
|
If you are only use it in the lab or at home, then, you can add the
|
|
host name of all workstations in your local static hosts table in "<TT
|
|
CLASS="FILENAME"
|
|
>/etc/host</TT
|
|
>".
|
|
You would need the root privileges to update the naming information.</P
|
|
><P
|
|
> To prepare your X Server for XDMCP session, you would need to make sure the following are properly installed:
|
|
<P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> Install your Linux OS. In my case, I use mostly Fedora Core 6 in my lab and Ubuntu 7.04 at home.
|
|
If you plan to use SSH Port Forwarding, you need to install the OpenSSH package or compile SSH with your kernel.
|
|
Also, most dists now come with firewall installed by default (unless you choose not to). You may encounter problem,
|
|
if you do not add firewall rules or temporary disable it in setting up XDMCP. I will not cover the firewall rules here in details,
|
|
since this is not the focus of this document. I will share with you only on how to make it works first and you can fine-tune it yourself.
|
|
</P
|
|
><P
|
|
> To show your firewall rules, in kernel 2.2x, use the command <B
|
|
CLASS="COMMAND"
|
|
>ipchains -L</B
|
|
> to list your default rule sets.
|
|
To temporary disable it, use this command <B
|
|
CLASS="COMMAND"
|
|
>ipchains -F</B
|
|
> to flush
|
|
the rules (Don't worry, it will restore by re-loading or re-boot). For kernel 2.4x and up, replace the command <B
|
|
CLASS="COMMAND"
|
|
>ipchains</B
|
|
> with
|
|
<B
|
|
CLASS="COMMAND"
|
|
>iptables</B
|
|
>. To start with it, you can try to edit this <B
|
|
CLASS="COMMAND"
|
|
>/etc/sysconfig/ipchains</B
|
|
> file and commented out
|
|
this rule (this is a feedback from a user. You can test it by yourself):
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>-A input -p upd -s 0/0 -d 0/0 0:1023 -j REJECT</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> and insert these two rules to allow packets pass through port 177:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>-A input -p udp -s 0/0 -d 0/0 0:176 -j REJECT</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>-A input -p udp -s 0/0 -d 0/0 178:1023 -j REJECT</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> (Note: XDMCP uses TCP, UDP port 177 and TCP port 6000 to 6005. xfs server is using port 7100 in our setup).
|
|
</P
|
|
><P
|
|
> You should be able to use the <B
|
|
CLASS="COMMAND"
|
|
>iptables</B
|
|
> in the similar way. (Check for iptables references at
|
|
the <A
|
|
HREF="#REFS"
|
|
TARGET="_top"
|
|
>Resources</A
|
|
> area
|
|
or this
|
|
<A
|
|
HREF="http://msmvps.com/blogs/rexiology/archive/2006/12/19/windows-x-client-server-to-connect-linux-server-xdmcp-and-vnc-approaches.aspx"
|
|
TARGET="_top"
|
|
> setup example</A
|
|
>).
|
|
</P
|
|
><P
|
|
> For more firewall details, check the
|
|
<A
|
|
HREF="http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IP-Masquerade-HOWTO.html"
|
|
TARGET="_top"
|
|
>IP Masquerade HOWTO page.</A
|
|
>
|
|
</P
|
|
><P
|
|
> One other easy way is to add rules that only accept certain IP address(es) from your trusted workstations. Please feel free to experiment it
|
|
by using the <B
|
|
CLASS="COMMAND"
|
|
>iptables</B
|
|
> command. Again, I will not cover the details here.
|
|
I am the lucky one, because I have my company's firewall to protect me from the outside world.
|
|
</P
|
|
><P
|
|
>If you would like to use the GUI tool to configure the firewall using iptables, try this good one: the
|
|
<A
|
|
HREF="http://www.fs-security.com"
|
|
TARGET="_top"
|
|
>Firestarter</A
|
|
>.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Setup your Networking. To test it out, you can use the <B
|
|
CLASS="COMMAND"
|
|
>ping</B
|
|
>, <B
|
|
CLASS="COMMAND"
|
|
>ftp</B
|
|
> and <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
>
|
|
command to determine if your are networking. RH 7.x and up do not have <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
> daemon
|
|
turn on by default (for security reason). Remember to enable it, if you prefer to use it for your test.
|
|
You can always turn it off when you are done (Using <B
|
|
CLASS="COMMAND"
|
|
>ntsysv</B
|
|
> in RH,
|
|
or <B
|
|
CLASS="COMMAND"
|
|
>rcconf</B
|
|
>, <B
|
|
CLASS="COMMAND"
|
|
>sysvconfig</B
|
|
> in Ubuntu and Debian,
|
|
with root privilege). One other thing is to remember firewall rules are there. Add your own rules or temporary disable it
|
|
(as mentioned above) to make these commands work.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Setup X. Do <EM
|
|
>not</EM
|
|
> setup with a resolution higher than what the remote users are able to use for their display.
|
|
The newer version is now capable of probing the video chipset and determine that for you. Some older (X) version may not!
|
|
Test the X Server by typing either <B
|
|
CLASS="COMMAND"
|
|
>startx</B
|
|
> or <B
|
|
CLASS="COMMAND"
|
|
>telinit 5</B
|
|
>. Make sure X is running properly.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Creates the necessary user account(s) (and associated group) for user who will access via the Xterminal.
|
|
</P
|
|
></LI
|
|
></OL
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="STEPS"
|
|
></A
|
|
>2.6. Steps to Complete the Procedures</H2
|
|
><P
|
|
> Although X can use the local fonts, it is better to use the xfs font server in an networking environment. If this is what you want
|
|
in Linux X environment, you need to provide font using either X font server (xfs) or hard coded font path in XF86Config and
|
|
XF86Config-4 configuration files. If you plan to use xfs font server (check here to see the
|
|
<A
|
|
HREF="http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-x-fonts.html"
|
|
TARGET="_top"
|
|
> xfs advantages</A
|
|
>). xfs server can
|
|
also offload the burden from your local workstations. If you plan to use local fonts, you can skip step 1.
|
|
</P
|
|
><P
|
|
>These are the steps I used to setup the X Server for accepting XDMCP requests: </P
|
|
><P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> In earlier version of RH and Mandrake, modify <TT
|
|
CLASS="FILENAME"
|
|
>/etc/rc.d/init.d/xfs</TT
|
|
> and make the
|
|
following changes. Change all lines(this is where the Font Server port), if the port is not set to 7100.
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>daemon xfs -droppriv -daemon -port -1</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>daemon xfs -droppriv -daemon -port 7100</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> In some new distributions, it is by default, for security enhancement, not listening
|
|
to TCP port any longer! If you would like to setup X font server, you need to do the following steps:
|
|
</P
|
|
><P
|
|
> Change this line in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/rc.d/init.d/xfs (or in /etc/init.d/xfs for some dists)</TT
|
|
>:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>daemon xfs -droppriv -daemon</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>daemon xfs -droppriv -daemon -port 7100</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> In Ubuntu 7.04 Desktop version, you need to download and install the xfs package. then modify <TT
|
|
CLASS="FILENAME"
|
|
>/etc/init.d/xfs</TT
|
|
>
|
|
and change the following line:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>start-stop-daemon --start --quiet $SSD_START_ARGS -- -daemon \</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>start-stop-daemon --start --quiet $SSD_START_ARGS -- -droppriv -daemon -port 7100 \</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> Then, in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/fs/config</TT
|
|
>, comment out this line:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># don't listen to TCP ports by default for security reasons
|
|
#no-listen = tcp
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> If you change or add the port, use this command to restart your X font server (requires root):
|
|
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>service xfs restart</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> You do not have to use port 7100. You can set a different port, as long as you carefully plan it first to make sure no conflicts in
|
|
using the port number and change it accordingly. It is better to consult your Linux admin before doing so, so that he/she knows
|
|
the port has been taken! Different Linux distribution may put the xfs in different folder under /etc/rc.d.
|
|
You may search for it if that's the case.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> If you plan to use the XDM, modify <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/xdm-config</TT
|
|
> and make the
|
|
following change. Be default (in most Linux distributions), this line is set, so that it is not listening to XDMCP connection.
|
|
This is for security reason. For Caldera and other dists that uses kdm, this file is at <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/kdm</TT
|
|
>. Find this line:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>DisplayManager.requestPort: 0</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> and comment it out as:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>! DisplayManager.requestPort: 0</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> Remember, this does not affects gdm. For gdm setup, it is in the following section.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> In <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/Xaccess</TT
|
|
>, change this.
|
|
(this allow all hosts to connect). For Caldera using kdm, this file is at <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/kdm</TT
|
|
>. Set the security to 644 (chmod 644):
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>#* # any host can get a login window</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>* # any host can get a login window</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> The above setup is in a Broadcast mode, which will list all the X Server that are listening and willing to manage your X connection.
|
|
If you only want to allow certain connections, use the <B
|
|
CLASS="COMMAND"
|
|
>CHOOSER</B
|
|
> section in this same file.
|
|
An example can be found in the <A
|
|
HREF="#REFS"
|
|
TARGET="_top"
|
|
>Resources</A
|
|
>.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> If you plan to use the GDM as default, one benefit of gdm login window is that it allows you to switch between KDE and GNOME.
|
|
For gdm, edit <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/gdm/gdm.conf</TT
|
|
>.
|
|
This activates XDMCP, causing it to listen to the request. For kdm (if you pick KDE as your DM in your installation), edit
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/usr/share/config/kdm/kdmrc</TT
|
|
> for Mandrake and <TT
|
|
CLASS="FILENAME"
|
|
>/etc/kde/kdm/kdmrc</TT
|
|
> for Red Hat
|
|
or <TT
|
|
CLASS="FILENAME"
|
|
>/opt/kde2/share/config/kdm/kdmrc</TT
|
|
> for Slackware version (KDE2). Change this line:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>[xdmcp]
|
|
Enable=false (may shown as 0 in some distributions)</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>Enable=true (or 1 in some distributions)</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> Make sure "<B
|
|
CLASS="COMMAND"
|
|
>Port=177</B
|
|
>" is at the end of this block, i.e., by commenting out the line "#Port=177".
|
|
</P
|
|
><P
|
|
> (As a side note for Ubuntu user who care only about ease of use, this is what you can do (just turn on XDMCP w/o xfs). From "System" menu,
|
|
go to "Administration" and the "Login Window" Alternatively, you can use "sudo gdmsetup" command). Click the "Remote" tab and in "Style", select "Same as Local". Then click the bottom "Configure
|
|
XDMCP" button to verify the setup. If you choose "Remote login disabled" in style, it will disable the XDMCP. Additional setup is in the
|
|
"Security" tab and the lower "Configure X Server..." button and select "Chooser" in Server. You must restart gdm to enable it! Doing this is quick and simple,
|
|
but you lose the sense of what files are being touched and changed! Easy of use or controllability is your choice here!)
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> (For Ubuntu and new Debian see notes below) Now edit <TT
|
|
CLASS="FILENAME"
|
|
>/etc/inittab</TT
|
|
> and change
|
|
the following line. The digit here meaning the default runlevel. For X, the runlevel should be "5".
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>id:3:initdefault:</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>id:5:initdefault:</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> In Slackware, the X11 mode is number "4", not "5". Refer to this <A
|
|
HREF="http://en.wikipedia.org/wiki/Runlevel"
|
|
TARGET="_top"
|
|
>runlevel wiki page</A
|
|
>
|
|
for different dists' definition.
|
|
</P
|
|
><P
|
|
> This is switching from Text Mode login to Graphical Mode using Display Manager. Before changing this line, you can use the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>telinit</B
|
|
> command to test prior to modifying the line. Use either <B
|
|
CLASS="COMMAND"
|
|
>telinit 3</B
|
|
> to set to level 3,
|
|
or <B
|
|
CLASS="COMMAND"
|
|
>telinit 5</B
|
|
> to set to level 5, graphics mode (you can issue this command on the second machine that telnets into this server).
|
|
</P
|
|
><P
|
|
> Runlevel 2-5 is the same in Debian and Ubuntu. Since Ubuntu 6.10 (and future Debian), the way to start the runlevel were changed from the init daemon to the
|
|
<A
|
|
HREF="http://upstart.ubuntu.com"
|
|
TARGET="_top"
|
|
>Upstart</A
|
|
>, with which the tasks and services are managed by events.
|
|
Each runlevel is defined by the files in the system in the format of <TT
|
|
CLASS="FILENAME"
|
|
>/etc/rcx.d</TT
|
|
>, where the "x" represent. Each event is trigger
|
|
(or changed) by issuing the <B
|
|
CLASS="COMMAND"
|
|
>telinit 3</B
|
|
> command.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Make sure the proper security of the file <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/Xservers</TT
|
|
> is set to 444 (chmod 444).
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Locate <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/Xsetup_0</TT
|
|
> and <B
|
|
CLASS="COMMAND"
|
|
>chmod 755</B
|
|
> this file.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Edit the <TT
|
|
CLASS="FILENAME"
|
|
>xorg.conf</TT
|
|
> file in the <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11</TT
|
|
> folder and change the line (for older version,
|
|
it is either <TT
|
|
CLASS="FILENAME"
|
|
>XF86Config</TT
|
|
> or the <TT
|
|
CLASS="FILENAME"
|
|
>XF86Config-4</TT
|
|
> file for XFree86 4.x):
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>FontPath "unix/:-1"</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> to:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>FontPath "unix/:7100"</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> If you decide to use the port number other than the usual 7100, be sure to change both in "/etc/rc.d/init.d/xfs" (or in "/etc/init.d/xfs")
|
|
file and here!
|
|
</P
|
|
><P
|
|
> To save your time and energy, I recommend you to add the FontPath in the xorg.conf (or XF86Config and/or XF86Config-4) configuration files. If you are
|
|
not sure what fonts are available to you, you can use this command to check it out (requires root):
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chkfontpath --list</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The following are some of the example fonts for your reference. Make sure you have these fonts before editing these path.</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
|
|
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
|
|
FontPath "/usr/X11R6/lib/X11/fonts/CID/"
|
|
FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
|
|
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
|
|
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> If you don't have the chkfontpath command and you are using the local fonts, you can simply edit the file "/etc/X11/fs/config".
|
|
Find the line that starts with "catalog=", and add your directory at the end of the list, separated by a comma. An example are like this:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> catalogue = /usr/X11R6/lib/X11/fonts/misc:unscaled,
|
|
/usr/X11R6/lib/X11/fonts/100dpi:unscaled,
|
|
/usr/X11R6/lib/X11/fonts/100dpi,
|
|
/usr/X11R6/lib/X11/fonts/75dpi
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></LI
|
|
><LI
|
|
><P
|
|
> (You <B
|
|
CLASS="COMMAND"
|
|
>do not</B
|
|
> have to make this change. You can keep the default setting, but this is what I prefer. If you are not sure, leave this alone.)
|
|
Change this line to the end of <TT
|
|
CLASS="FILENAME"
|
|
>/etc/inittab</TT
|
|
>:
|
|
</P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>x:5:respawn:/usr/bin/gdm</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> If you decided not to change this line, it is fine! This is not a required step, but of a personal preference! There is no need to do this in Ubuntu
|
|
and newer Debian dist.
|
|
</P
|
|
></LI
|
|
></OL
|
|
><P
|
|
>You are now ready to run a test.</P
|
|
><P
|
|
> One other thing to know (that some users have asked) is how to display with <B
|
|
CLASS="COMMAND"
|
|
>Willing to manage</B
|
|
> message
|
|
with load info As I know this is available in xdm by adding the following to the <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/xdm/xdm-config</TT
|
|
>.
|
|
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>DisplayManager.willing: su noboby -c /etc/X11/xdm/Xwilling</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
and the XWilling script must exist. For gdm, add this line to the <TT
|
|
CLASS="FILENAME"
|
|
>/etc/X11/gdm/gdm.conf</TT
|
|
> in <TT
|
|
CLASS="FILENAME"
|
|
>[security]</TT
|
|
> section:
|
|
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>Willing=/etc/X11/gdm/Xwilling</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>A sample of <A
|
|
HREF="http://www.penguinlovers.net/linux/xwilling.html"
|
|
TARGET="_top"
|
|
>Xwilling script</A
|
|
> is here for your reference.
|
|
Adding this script or not is your preference. It is not required step here!</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="TESTING"
|
|
></A
|
|
>2.7. Testing</H2
|
|
><P
|
|
> To test if your XDMCP with X Server is ready to accept
|
|
connection(s), do these steps. I find it easier using the X Server and another machine to test it:
|
|
|
|
<P
|
|
></P
|
|
><OL
|
|
TYPE="1"
|
|
><LI
|
|
><P
|
|
> (Re-)Start your X (which is in runlevel 5 or runlevel 2 in Ubuntu). If you are not sure how to do this, simply reboot your system (but this
|
|
is really not necessary, if you know how to restart it using command line. That's the beauty of Linux, when comparing it to MS Windows).
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> If you have not modify your firewall rules, you need to temporary disable it by using <B
|
|
CLASS="COMMAND"
|
|
>iptables -F</B
|
|
> (or <B
|
|
CLASS="COMMAND"
|
|
>ipchains -F</B
|
|
>).
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Make sure the graphical login page comes up. Make sure the display resolution and mouse work. Log in from the console to
|
|
see if the local access is OK. If OK, do not log off.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Setup Hummingbird Exceed (or other X Client software) to either query this machine (using the IP address or fully qualified DNS name)
|
|
or set to use XDMCP-Broadcast and try to connect to the X Server. You should see the X Session come up and the login screen appear.
|
|
</P
|
|
></LI
|
|
></OL
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="intro.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="ssh.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Introduction</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>X11 Forwarding using SSH</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |