Re: [gdm-list] remote manager (XDMCP) on Suse

[Brian Cameron <Brian Cameron Sun COM>]

Dave:

> Thanks. I have the extra menu option now but when I select xdmcp, I get an
> Xrefresh (cursor becomes clock and large X) then the screen goes back to
> the original login.
>
> In /var/log/gdm, I see an entry implying that the X command is incorrect
> Unrecognized options: 0
> use ... (output from X --help)
>
> In /var/log/messages, I see the command was
> /usr/X11R6/in/X :0 0 -auth /var/gdm:0.Xauth
>    Note the extra 0 ^
> Where else could the X command be defined besides gdm.conf?

What version of GNOME are you using?  Run the following command to find
out:

  gdmflexiserver --command=VERSION

Note in the Xserver command is created in the GDM source file
daemon/server.c in the function gdm_server_resolve_command_line.

If you look at this code, it is shifting the args by one and then
sets argv[1] to the disp->name value.  If this shifting is not
working right the "-audit 0" in your [servers-Standard] section
might be getting changed to just "0".  Or perhaps the disp->command
value is getting corrupted somehow?

As a workaruond does removing the "-audit 0" from the command in
the [servers-Standard" section make it work better?

Unfortunately the gdm_server_resolve_command_line function does not
have any debug output to show any information about how it builds the
command, so even if you turn on GDM debug that will not help.

However, perhaps you could add some gdm_debug statements to this
function to print out some information.  Like what the value of
disp->command is when passed in and to make sure that the shifting
is working.  Then you could run "make" and "make install" and run
GDM with debug turned on to see if this highlights what is causing
the problem.

Brian


> Here's my gdm.conf
>
>
> # GDM Configuration file.  You can use gdmsetup program to graphically
> # edit this, or you can optionally just edit this file by hand.  Note that
> # gdmsetup does not tweak every option here, just the ones most users
> # would care about.  Rest is for special setups and distro specific
> # tweaks.  If you edit this file, you should send the HUP or USR1 signal to
> # the daemon so that it restarts: (Assuming you have not changed PidFile)
> #   kill -USR1 `cat /var/run/gdm.pid`
> # (HUP will make gdm restart immediately while USR1 will make gdm not kill
> # existing sessions and will only restart gdm after all users log out)
> #
> # You can also use the gdm-restart and gdm-safe-restart scripts which just
> # do the above for you.
> #
> # For full reference documentation see the gnome help browser under
> # GNOME|System category.  You can also find the docs in HTML form
> # on http://www.jirka.org/gdm.html
> #
> # NOTE: Some of these are commented out but still show their default values.
> # If you wish to change them you must remove the '#' from the beginning of
> # the line.  The commented out lines are lines where the default might
> # change in the future, so set them one way or another if you feel
> # strongly about it.
> #
> # Have fun! - George
>
> [daemon]
> # Automatic login, if true the first local screen will automatically logged
> # in as user as set with AutomaticLogin key.
> AutomaticLoginEnable=false
> AutomaticLogin=
>
> # Timed login, useful for kiosks.  Log in a certain user after a certain
> # amount of time
> TimedLoginEnable=false
> TimedLogin=
> TimedLoginDelay=30
>
> # The gdm configuration program that is run from the login screen, you should
> # probably leave this alone
> Configurator=/usr/bin/gdmsetup --disable-sound --disable-crash-dialog
> # The chooser program.  Must output the chosen host on stdout, probably you
> # should leave this alone
> Chooser=/usr/bin/gdmchooser
> # Greeter for local (non-xdmcp) logins.  Change gdmlogin to gdmgreeter to
> # get the new graphical greeter.
> Greeter=/usr/bin/gdmgreeter
> # Greeter for xdmcp logins, usually you want a less graphically intensive
> # greeter here so it's better to leave this with gdmlogin
> RemoteGreeter=/usr/bin/gdmlogin
> # Launch the greeter with an additional list of colon seperated gtk
> # modules. This is useful for enabling additional feature support
> # e.g. gnome accessibility framework. Only "trusted" modules should
> # be allowed to minimise security holes
> #AddGtkModules=false
> # By default these are the accessibility modules
> #GtkModulesList=gail:atk-bridge:dwellmouselistener:keymouselistener
>
> # Default path to set.  The profile scripts will likely override this
> DefaultPath=/bin:/usr/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/local/bin:/opt/X11R6/bin:/usr/bin
> # Default path for root.  The profile scripts will likely override this
> #RootPath=/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/local/bin:/opt/X11R6/bin:/usr/bin
>
> # If you are having trouble with using a single server for a long time and
> # want gdm to kill/restart the server, turn this on
> AlwaysRestartServer=false
>
> # User and group that gdm should run as.  Probably should be gdm and gdm and
> # you should create these user and group.  Anyone found running this as
> # someone too privilaged will get a kick in the ass.  This should have
> # access to only the gdm directories and files.
> User=gdm
> Group=gdm
> # To try to kill all clients started at greeter time or in the Init script.
> # doesn't always work, only if those clients have a window of their own
> #KillInitClients=true
> LogDir=/var/log/gdm
> # You should probably never change this value unless you have a weird setup
> PidFile=/var/run/gdm.pid
> # Note that a post login script is run before a PreSession script.
> # It is run after the login is successful and before any setup is
> # run on behalf of the user
> PostLoginScriptDir=/etc/X11/gdm/SunRayPostLogin/
> PreSessionScriptDir=/etc/X11/gdm/SunRayPreSession/
> PostSessionScriptDir=/etc/X11/gdm/SunRayPostSession/
> DisplayInitDir=/etc/X11/gdm/SunRayInit
> # Distributions:  If you have some script that runs an X server in say
> # VGA mode, allowing a login, could you please send it to me?
> FailsafeXServer=
> # if X keeps crashing on us we run this script.  The default one does a bunch
> # of cool stuff to figure out what to tell the user and such and can
> # run an X configuration program.
> XKeepsCrashing=/bin/true
> # Reboot, Halt and suspend commands, you can add different commands
> # separated by a semicolon and gdm will use the first one it can find
> RebootCommand=/bin/false
> HaltCommand=/bin/false
> SuspendCommand=/bin/false
> # Probably should not touch the below this is the standard setup
> ServAuthDir=/var/gdm
> # This is our standard startup script.  A bit different from a normal
> # X session, but it shares a lot of stuff with that.  See the provided
> # default for more information.
> BaseXsession=/etc/X11/gdm/Xsession
> # This is a directory where .desktop files describing the sessions live
> # It is really a PATH style variable since 2.4.4.2 to allow actual
> # interoperability with KDM
> #SessionDesktopDir=/etc/X11/sessions/:/etc/X11/dm/Sessions/:/usr/share/xsessions/
> # This is the default .desktop session.  One of the ones in SessionDesktopDir
> #DefaultSession=gnome.desktop
> # Better leave this blank and HOME will be used.  You can use syntax ~/ below
> # to indicate home directory of the user.  You can also set this to something
> # like /tmp if you don't want the authorizations to be in home directories.
> # This is useful if you have NFS mounted home directories.  Note that if this
> # is the home directory the UserAuthFBDir will still be used in case the home
> # directory is NFS, see security/NeverPlaceCookiesOnNFS to override
> this behaviour.
> UserAuthDir=
> # Fallback if home directory not writable
> UserAuthFBDir=/tmp
> UserAuthFile=.Xauthority
> # The X server to use if we can't figure out what else to run.
> StandardXServer=/usr/X11R6/bin/X
> # The maximum number of flexible X servers to run.
> FlexibleXServers=0
> # the X nest command
> Xnest=/usr/X11R6/bin/Xnest -audit 0 -name Xnest
> # Automatic VT allocation.  Right now only works on Linux.  This way
> # we force X to use specific vts.  turn VTAllocation to false if this
> # is causing problems.
> #FirstVT=7
> VTAllocation=false
> # Should double login be treated with a warning (and possibility to change
> # vts on linux systems for console logins)
> #DoubleLoginWarning=true
>
> [security]
> # If any distributions ship with this one off, they should be shot
> # this is only local, so it's only for say kiosk use, when you
> # want to minimize possibility of breakin
> AllowRoot=true
> # If you want to be paranoid, turn this one off
> AllowRemoteRoot=true
> # This will allow remote timed login
> AllowRemoteAutoLogin=false
> # 0 is the most anal, 1 allows group write permissions, 2 allows all write
> # permissions
> RelaxPermissions=0
> # Number of seconds to wait after a bad login
> RetryDelay=3
> # Maximum size of a file we wish to read.  This makes it hard for a user to DoS
> # us by using a large file.
> UserMaxFile=65536
> # If true this will basically append -nolisten tcp to every X command line,
> # a good default to have (why is this a "negative" setting? because if
> # it is false, you could still not allow it by setting command line of
> # any particular server).  It's probably better to ship with this on
> # since most users will not need this and it's more of a security risk
> # then anything else.
> # Note: Anytime we find a -query or -indirect on the command line we do
> # not add a "-nolisten tcp", as then the query just wouldn't work, so
> # this setting only affects truly local sessions.
> DisallowTCP=false
> # By default never place cookies if we "detect" NFS.  We detect NFS
> # by detecting "root-squashing".  It seems bad practice to place
> # cookies on things that go over the network by default and thus we
> # don't do it by default.  Sometimes you can however use safe remote
> # filesystems where this is OK and you may want to have the cookie in your
> # home directory.
> #NeverPlaceCookiesOnNFS=true
>
> # XDMCP is the protocol that allows remote login.  If you want to log into
> # gdm remotely (I'd never turn this on on open network, use ssh for such
> # remote usage that).  You can then run X with -query <thishost> to log in,
> # or -indirect <thishost> to run a chooser.  Look for the 'Terminal' server
> # type at the bottom of this config file.
> [xdmcp]
> # Distributions: Ship with this off.  It is never a safe thing to leave
> # out on the net.  Setting up /etc/hosts.allow and /etc/hosts.deny to only
> # allow local access is another alternative but not the safest.
> # Firewalling port 177 is the safest if you wish to have xdmcp on.
> # Read the manual for more notes on the security of XDMCP.
> Enable=true
> # Honour indirect queries, we run a chooser for these, and then redirect
> # the user to the chosen host.  Otherwise we just log the user in locally.
> HonorIndirect=true
> # Maximum pending requests
> #MaxPending=4
> #MaxPendingIndirect=4
> # Maximum open XDMCP sessions at any point in time
> #MaxSessions=16
> # Maximum wait times
> #MaxWait=15
> #MaxWaitIndirect=15
> # How many times can a person log in from a single host.  Usually better to
> # keep low to fend off DoS attacks by running many logins from a single
> # host.  This is now set at 2 since if the server crashes then gdm doesn't
> # know for some time and wouldn't allow another session.
> #DisplaysPerHost=2
> # The number of seconds after which a non-responsive session is logged off.
> # Better keep this low.
> #PingIntervalSeconds=15
> # The port.  177 is the standard port so better keep it that way
> #Port=177
> # Willing script, none is shipped and by default we'll send
> # hostname system id.  But if you supply something here, the
> # output of this script will be sent as status of this host so that
> # the chooser can display it.  You could for example send load,
> # or mail details for some user, or some such.
> Willing=/etc/X11/xdm/Xwilling
>
> [gui]
> # The 'theme'.  By default we're using the default gtk theme
> # Of course assuming that gtk got installed in the same prefix,
> # if not change this.
> # NOTE - the next line is modified by the specfile.src in
> # src/pkg/gdm for suse/jds. Know what you are doing before changing.
> GtkRC=/usr/share/themes/Bluecurve/gtk-2.0/gtkrc
> # Maximum size of an icon, larger icons are scaled down
> #MaxIconWidth=128
> #MaxIconHeight=128
>
> [greeter]
> # Greeter has a nice title bar that the user can move
> TitleBar=false
> # Configuration is available from the system menu of the greeter
> ConfigAvailable=true
> # Face browser is enabled.  This only works currently for the
> # standard greeter as it is not yet enabled in the graphical greeter.
> Browser=false
> # The default picture in the browser
> DefaultFace=/usr/share/pixmaps/nobody.png
> # These are things excluded from the face browser, not from logging in
> Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,gdm,postgres,pvm,rpm,nfsnobody,pcap
> # As an alternative to the above this is the minimum uid to show
> #MinimalUID=100
> # If user or user.png exists in this dir it will be used as his picture
> GlobalFaceDir=/usr/share/faces/
> # File which contains the locale we show to the user.  Likely you want to use
> # the one shipped with gdm and edit it.  It is not a standard locale.alias file,
> # although gdm will be able to read a standard locale.alias file as well.
> LocaleFile=/etc/X11/gdm/locale.alias
> # Logo shown in the standard greeter
> Logo=
> # The standard greeter should shake if a user entered the wrong username or
> # password.  Kind of cool looking
> Quiver=true
> # The Actions menu (formerly system menu) is shown in the greeter, this is the
> # menu that contains reboot, shutdown, suspend, config and chooser.  None of
> # these is available if this is off.  They can be turned off individually
> # however
> SystemMenu=true
> # Should the chooser button be shown.  If this is shown, GDM can drop into
> # chooser mode which will run the xdmcp chooser locally and allow the user
> # to connect to some remote host.  Local XDMCP does not need to be enabled
> # however
> ChooserButton=true
> DefaultWelcome=true
> DefaultRemoteWelcome=true
> # Note to distributors, if you wish to have a different Welcome string
> # and wish to have this translated you can have entries such as
> # Welcome[cs]=Vitejte na %n
> # Just make sure the string is in utf-8
> # Welcome is for all console logins and RemoteWelcome is for remote logins
> # (through XDMCP).
> # The default entries that are shipped are translated inside genius and
> # are as follows:
> Welcome=Hi there
> RemoteWelcome=Welcome to Remote host %n
> # Don't allow user to move the standard greeter window.  Only makes sense
> # if TitleBar is on
> LockPosition=true
> # Set a position rather then just centering the window.  If you enter
> # negative values for the position it is taken as an offset from the
> # right or bottom edge.
> SetPosition=false
> PositionX=0
> PositionY=0
> # Xinerama screen we use to display the greeter on.  Not for true
> # multihead, currently only works for Xinerama.
> XineramaScreen=0
> # Background settings for the standard greeter:
> # Type can be 0=None, 1=Image, 2=Color
> BackgroundType=0
> BackgroundImage=
> BackgroundScaleToFit=true
> BackgroundColor=#27408b
> # XDMCP session should only get a color, this is the sanest setting since
> # you don't want to take up too much bandwidth
> BackgroundRemoteOnlyColor=true
> # Program to run to draw the background in the standard greeter.  Perhaps
> # something like an xscreensaver hack or some such.
> #BackgroundProgram=
> # if this is true then the background program is run always, otherwise
> # it is only run when the BackgroundType is 0 (None)
> RunBackgroundProgramAlways=false
> # Show the Failsafe sessions.  These are much MUCH nicer (focus for xterm for
> # example) and more failsafe then those supplied by scripts so distros should
> # use this rather then just running an xterm from a script.
> ShowGnomeFailsafeSession=false
> ShowXtermFailsafeSession=false
> # Normally there is a session type called 'Last' that is shown which refers to
> # the last session the user used.  If off, we will be in 'switchdesk' mode where
> # the session saving stuff is disabled in GDM
> #ShowLastSession=true
> # Always use 24 hour clock no matter what the locale.
> Use24Clock=false
> # Use circles in the password field.  Looks kind of cool actually,
> # but only works with certain fonts.
> UseCirclesInEntry=false
> # These two keys are for the new greeter.  Circles is the standard
> # shipped theme
> GraphicalTheme=circles
> GraphicalThemeDir=/usr/share/gdm/themes/
>
> # The chooser is what's displayed when a user wants an indirect XDMCP
> # session, or selects Run XDMCP chooser from the system menu
> [chooser]
> # Default image for hosts
> DefaultHostImg=/usr/share/pixmaps/nohost.png
> # Directory with host images, they are named by the hosts: host or host.png
> HostImageDir=/usr/share/hosts/
> # Time we scan for hosts (well only the time we tell the user we are
> # scanning actually, we continue to listen even after this has
> # expired)
> ScanTime=4
> # A comma separated lists of hosts to automatically add (if they answer to
> # a query of course).  You can use this to reach hosts that broadcast cannot
> # reach.
> Hosts=
> # Broadcast a query to get all hosts on the current network that answer
> Broadcast=true
> # Allow adding random hosts to the list by typing in their names
> AllowAdd=true
>
> [debug]
> # This will enable debugging into the syslog, usually not neccessary
> # and it creates a LOT of spew of random stuff to the syslog.  However it
> # can be useful in determining when something is going very wrong.
> Enable=false
>
> [servers]
> # These are the standard servers.  You can add as many you want here
> # and they will always be started.  Each line must start with a unique
> # number and that will be the display number of that server.  Usually just
> # the 0 server is used.
> #0=StandardVT
> 0=Standard
> #1=Standard
> # Note the VTAllocation and FirstVT keys on linux.  Don't add any vt<number>
> # arguments if VTAllocation is on, and set FirstVT to be the first vt
> # available that your gettys don't grab (gettys are usually dumb and grab
> # even a vt that has already been taken).  Using 7 will work pretty much for
> # all linux distributions.  VTAllocation is not currently implemented on
> # anything but linux since I don't own any non-linux systems.  Feel free to
> # send patches.  X servers will just not get any extra arguments then.
> #
> # If you want to run an X terminal you could add an X server such as this
> #0=Terminal -query serverhostname
> # or for a chooser (optionally serverhostname could be localhost)
> #0=Terminal -indirect serverhostname
> #
> # If you wish to run the XDMCP chooser on the local display use the following
> # line
> #0=Chooser
>
> ## Note:
> # is your X server not listening to TCP requests?  Perhaps you should look
> # at the security/DisallowTCP setting!
>
> # Definition of the standard X server.
> [server-Standard]
> name=Standard server
> command=/usr/X11R6/bin/X -audit 0
> flexible=false
>
> # Standard Server with forced vt allocation
> [server-StandardVT]
> name=Standard server with VTAllocation
> command=/usr/X11R6/bin/X -audit 0 vt7
> flexible=false
>
> # To use this server type you should add -query host or -indirect host
> # to the command line
> [server-Terminal]
> name=Terminal server
> # Add -terminate to make things behave more nicely
> command=/usr/X11R6/bin/X -audit 0 -terminate
> # Make this not appear in the flexible servers (we need extra params
> # anyway, and terminate would be bad for xdmcp choosing).  You can
> # make a terminal server flexible, but not with an indirect query.
> # If you need flexible indirect query server, then you must get rid
> # of the -terminate and the only way to kill the flexible server will
> # then be by Ctrl-Alt-Backspace
> flexible=false
> # Not local, we do not handle the logins for this X server
> handled=false
>
> # To use this server type you should add -query host or -indirect host
> # to the command line
> [server-Chooser]
> name=Chooser server
> command=/usr/X11R6/bin/X -audit 0
> # Make this not appear in the flexible servers for now, but if you
> # wish to allow a chooser server then make this true.  This is the
> # only way to make a flexible chooser server that behaves nicely.
> flexible=false
> # Run the chooser instead of the greeter.  When the user chooses a
> # machine they will get this same server but run with
> # "-terminate -query hostname"
> chooser=true
>
>
>
> On Sun, May 18, 2008 at 5:12 PM, Brian Cameron <Brian Cameron sun com> wrote:
> > Dave:
> >
> > If you have turned on SystemMenu=true and ChooserButton=true in your
> > GDM configuration, then you should be able to use the "Options" button
> > to start the gdmchooser program, which will allow you to XMDCP to
> > other machines.
> >
> > Some GDM themes may not support the Options button, or a button to
> > run the XDMCP chooser.  You can hit the F10 key to see a menu which
> > will show all the options.  If you are using a theme that doesn't
> > support showing the XDMCP chooser via a more direct method than
> > the "F10" key, then you might consider using a better theme, or
> > enhancing your theme to support the Options button or a button to
> > launch the chooser.
> >
> > Brian
> >
> > > I have a Suse 9 SP3 host I've installed gdm via sunray server. The
> > > default WM is KDE.
> > > What I'd like the login screen to allow is a remote login to any
> > > machine broadcasting
> > > via XDMCP without first logging in to this host.
> > > Under CDE, this would be found under options-->remote host.
> > > I've already modified gdm.conf with
> > > Enable=True
> > > Browser=true
> > > ChooserButton=true
> > >
> > > I've restarted X11 but see no difference. On this host I can xnest to
> > > get a remote login
> > > display from the various target hosts so I know they're running XDMCP.
> > >
> > > What other steps do I need to take?
> > >
> > > TIA
> > > _______________________________________________
> > > gdm-list mailing list
> > > gdm-list gnome org
> > > http://mail.gnome.org/mailman/listinfo/gdm-list