 |
Index for
Section 1 |
|
 |
Alphabetical
listing for D |
|
 |
Bottom of
page |
|
dtlogin(1)
CDE
NAME
dtlogin - CDE login service
SYNOPSIS
dtlogin [-config configuration_file] [-daemon] [-debug debug_level]
[-error error_log_file] [-nodaemon] [-resources resource_file]
[-server server_entry] [-session session_program]
DESCRIPTION
Key Supported Tasks
The dtlogin client supports the following key tasks:
· Launch of dtgreet login screen for explicitly managed local and remote
displays and XDMCP managed remote displays
· Access to traditional terminal (character) login from GUI login screen
· System dependent user authentication and login
· Launching the selected session
The dtlogin client provides services similar to those provided by init(8),
getty(8) and login(1) on character terminals: prompting for login and
password, authenticating the user, and running a session.
A session is defined by the lifetime of a particular process; in the
traditional character-based terminal environment, it is the user's login
shell process. In the desktop (DT) context, it is the DT Session Manager.
Under Tru64 UNIX, if a file $HOME/.xsession is present, it will be executed
and a session established accordingly. See xdm(1X).
If the DT Session Manager is not used, the typical substitute is either a
window manager with an exit option, or a terminal emulator running a shell,
where the lifetime of the terminal emulator is the lifetime of the shell
process that it is running; thus reducing the X session to an emulation of
the character-based terminal session.
When the session is terminated, dtlogin resets the X server and
(optionally) restarts the whole process.
The dtlogin client supports management of remote displays using the X
Display Manager Control Protocol, Version 1.0. (XDMCP).
When dtlogin receives an Indirect query through XDMCP, it can run a chooser
process to perform an XDMCP BroadcastQuery (or an XDMCP Query to specified
hosts) on behalf of the display and offer a menu of possible hosts that
offer XDMCP display management. This feature is useful with X terminals
that do not offer a host menu themselves.
Because dtlogin provides the first interface that users see, it is designed
to be simple to use and easy to customize to the needs of a particular
site.
Login Window
The Login window lets a user enter a user ID and password, select a startup
session and select a startup locale. User may also reset the X server or
temporarily suspend the X server to access the character login prompt.
Contents of Login window:
login field Entry field to enter user ID.
password field Entry field to enter user password (no-echo).
OK Authenticate user and launches session.
Clear Clear login and password field.
Options Display menu for session, locale, reset and no-windows.
Help Display help message.
Login Window - Options Menu
Lets a user select locale name and login session type. Also lets a user
restart the X server or switch to a character login prompt (for local
displays).
Contents of Options Menu:
Languages Show Languages menu.
No-windows Display character login prompt (local displays only).
Reload Login Restart X Server and return to login screen.
Resources Resources to be used
Sessions Show Sessions menu.
Login Window - Sessions Menu
Lets a user select which session type should be started upon login.
Contents of Sessions Menu:
Regular Desktop
Start a regular desktop session (Xsession)
Failsafe Session
Start a failsafe session (Xfailsafe)
Login Window - Languages Menu
Selecting the language from the login screen Options menu immediately
localizes the login screen and sets LANG for the next session. Login screen
localization and LANG return to the default value upon conclusion of the
session. The contents of this menu can vary depending upon the locales
installed on the system and can be overridden by using the languageList
resource. The default locale of C can be overridden using the language
resource.
The system or languageList locales specified are displayed as menu items in
the Languages menu. Alternate text to be displayed may be specified for a
given locale name by using the languageName resource.
Controlling The Server
The dtlogin client controls local servers using POSIX signals. The SIGHUP
signal is expected to reset the server, closing all client connections and
performing other clean up duties. The SIGTERM signal is expected to
terminate the server. If these signals do not perform the expected actions,
the resources resetSignal and termSignal can specify alternate signals.
To control remote servers not using XDMCP, dtlogin searches the window
hierarchy on the display and uses the KillClient X protocol request in an
attempt to clean up the terminal for the next session. This may not
actually kill all of the clients, since only those that have created
windows are noticed. XDMCP provides a more sure mechanism; when dtlogin
closes its initial connection, the session is over and the terminal is
required to close all other connections.
Controlling Dtlogin
The dtlogin client responds to two signals: SIGHUP and SIGTERM. When sent
a SIGHUP, dtlogin rereads the configuration file and the file specified by
the servers resource and determines whether entries have been added or
removed. If a new entry has been added, dtlogin starts a session on the
associated display. Entries that have been removed are disabled
immediately, meaning that any session in progress is terminated without
notice, and no new session is started.
When sent a SIGTERM, dtlogin terminates all sessions in progress and exits.
This can be used when shutting down the system.
Internationalization
All labels and messages can be localized. The message catalog dtlogin.cat
contains the localized representations of the default labels and messages.
The dtlogin client reads the appropriate message catalog indicated by the
LANG environment variable and displays the localized strings. An option on
the authentication screen lets the user override the default language for
the subsequent session. If the authentication screen has been localized for
the selected language, it is redisplayed in that language; otherwise, it is
displayed in the default language. In either case, the LANG environment
variable is set appropriately for the resulting session.
The resource language is available in the dtlogin configuration file to
change the default language for a display. The resource languageList is
available in the dtlogin configuration file to override the default set of
languages displayed on the authentication screen. The resource languageName
is available to provide a mapping from locale names to the text displayed
on the Language menu.
Authentication and Auditing
The dtlogin client performs the usual local UNIX login and auditing.
Additional authentication or auditing function such as Kerberos or B1 may
be added by individual vendors.
X Server Security
The X server provides both user-based and host-based access control.
By default, dtlogin uses user-based access control to the X server (MIT-
MAGIC-COOKIE-1). This level of security permits access control on a per-
user basis. It is based on a scheme where if a client passes authorization
data that is the same as the server, it is permitted access. When a user
logs in, this authorization data is stored and protected by default in the
$HOME/.Xauthority file.
However, using host-based access control mechanisms may be preferable in
environments with unsecure networks, as user-based access control permits
any host to connect since it has discovered the private key. Another
drawback to user-based access control is that R2 or R3 clients will be
unable to connect to the server.
The authorize resource controls whether user-based or host-based access
control is used by dtlogin. See also the Xserver, Xsecurity, xhost, and
xauth reference pages for more information.
OPTIONS
All options, except -config, specify values that can also be specified in
the configuration file as resources. Typically, customization is done
through the configuration file rather than command line options. The
options are most useful for debugging and one-shot tests.
-config configuration_file
Specifies a resource file that specifies the remaining
configuration parameters. This replaces the dtlogin default
Xconfig file. See the Xconfig section for more information.
-daemon Specifies true as the value for the daemonMode resource. This
makes dtlogin close all file descriptors, disassociate the
controlling terminal and put itself in the background when it
first starts up (just like the host of other daemons).
-debug debug_level
Specifies the numeric value for the debugLevel resource. A non-
zero value causes dtlogin to print debugging statements to the
terminal; it also disables the daemonMode resource, forcing
dtlogin to run synchronously.
-error error_log_file
Specifies the value for the errorLogFile resource. See the
Xerrors section for more information.
-nodaemon Specifies false as the value for the resource.
-resources resource_file
Specifies the value for the resources resource. See the
Xresources section for more information.
-server server_entry
Specifies the value for the servers resource. See the Xservers
section for more information.
-udpPort port_number
Specifies the value for the requestPort resource. This sets the
port-number that dtlogin monitors for XDMCP requests. Since XDMCP
uses the registered well-known udp port 177, this resource should
probably not be changed except for debugging.
-session session_program
Specifies the value for the session resource. See the Xsession
section for more information.
RETURN VALUE
Exit values are:
0 Successful completion.
>0 Error condition occurred.
RESOURCES
The dtlogin client is controlled by the contents of the dtlogin
configuration file, the default being /usr/dt/config/Xconfig. Some
resources control the behavior of dtlogin in general, some can be specified
for a particular display.
GENERAL RESOURCES
The dtlogin general resources are not display-specific and apply to all
displays where appropriate.
Name Class ClassType Default
_______________________________________________________________________
accessFile AccessFile String NULL
authDir AuthDir String /var/dt
autoRescan AutoRescan Boolean True
daemonMode DaemonMode Boolean False
debugLevel DebugLevel Int 0
errorLogFile ErrorLogFile String NULL
errorLogSize ErrorLogSize Int 50
exportList ExportList String NULL
fontPathHead FontPathHead String NULL
fontPathTail FontPathTail String NULL
keyFile KeyFile String /usr/dt/config/Xkeys
lockPidFile LockPidFile Boolean True
networkDevice NetworkDevice String /dev/dtremote
pidFile PidFile String NULL
removeDomainname RemoveDomainname Boolean True
requestPort RequestPort Int 177
servers Servers String :0 Local local
/system_dependent
_path/X :0
sysParmsFile SysParmsFile String /system_dependent
_path
timeZone TimeZone String NULL
wakeupInterval WakeupInterval Int 10
accessFile
To prevent unauthorized XDMCP service and to permit forwarding of XDMCP
IndirectQuery requests, this file contains a database of hostnames that are
either permitted direct access to this machine, or have a list of hosts to
which queries should be forwarded. The format of this file is described in
the Xaccess section. If not set, all hosts will be given XDMCP service.
authDir
This is a directory name that dtlogin uses to temporarily store
authorization files for displays using XDMCP.
autoRescan
This boolean controls whether dtlogin rescans the configuration file and
server file after a session terminates and the files have changed. You can
force dtlogin to reread these files by sending a SIGHUP to the main
process.
daemonMode
The dtlogin client can make itself into an unassociated daemon process.
This is accomplished by forking and leaving the parent process to exit,
then closing file descriptors and releasing the controlling terminal. This
is inconvenient when attempting to debug dtlogin. Setting this resource to
"false" disables daemonMode.
If dtlogin is started from /etc/inittab, it should not be run in daemon
mode. Otherwise the init process will think it has terminated and will
attempt to restart it.
debugLevel
A non-zero value specified for this integer resource enables debugging
information to be printed. It also disables daemon mode, which redirects
the information into the bit-bucket.
errorLogFile
Error output is normally directed at the system console. To redirect it,
set this resource to any file name. This file contains any output directed
to stderr by Xsetup, Xstartup and Xreset.
errorLogSize
This resource specifies the maximum size of the error log file in
kilobytes. When the limit is reached dtlogin will delete the oldest entries
in the file until the file size is reduced to 75% of the maximum.
The errorLogFile is shared by dtlogin and the X server process. The
errorLogSize limit may be exceeded if large numbers of errors are logged by
the X server before dtlogin detects the size change.
exportList
This resource can contain a set of variable names separated by a space or
tab. Each variable named is obtained from the dtlogin environment and
loaded into the environment of the server and session. See the Environment
section for details.
fontPathHead
This resource value is prepended to the default X server font path.
fontPathHead
This resource value is appended to the default X server font path.
keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key
be shared between dtlogin and the terminal. This resource specifies the
file containing those values. Each entry in the file consists of a display
name and the shared key. Under Tru64 UNIX, dtlogin supports XDM-
AUTHENTICATION-1.
lockPidFile
This resource controls whether dtlogin uses file locking to prevent
multiple instances of dtlogin from executing concurrently.
networkDevice
For remote connections, the value for 'line' in /etc/utmp must also exist
as a device in the /dev directory for commands such as finger to operate
properly. This resource specifies the pathname of the /dev file dtlogin
will create when a remote display connects. For most platforms, the file
will be created as a symbolic link to /dev/null. The specified value must
start with "/dev/", otherwise the value is discarded and no file is
created.
pidFile
The filename specified is created to contain an ASCII representation of the
process-ID of the main dtlogin process. This can be used when sending
signals to dtlogin. The dtlogin client also uses file locking to attempt
to prevent more than one dtlogin from running on the same machine. See the
lockPidFile resource for more information.
removeDomainname
When computing the display name for XDMCP clients, dtlogin typically
creates a fully qualified host name for the terminal. As this is sometimes
confusing, dtlogin removes the domain name portion of the host name if it
is the same as the domain name for the local host when this variable is
set.
requestPort
This indicates the UDP port number that dtlogin uses to listen for incoming
XDMCP requests. Unless you need to debug the system, leave this with its
default value.
servers
This resource either specifies a file name full of server entries, one per
line (if the value starts with a slash), or a single server entry. Each
entry indicates a display that should constantly be managed and that is not
using XDMCP.
The general syntax for each entry is:
DisplayName DisplayClass DisplayType[@ite] [Command [options]]
A typical entry for local display number 0 is:
:0 Local local@console /usr/bin/X11/X :0
DisplayName
The display name must be something that can be passed in the
-display option to any X program. This string is used in the
display-specific resources to specify the particular display, so be
careful to match the names (for example, use ":0 local
/usr/bin/X11/X :0" instead of "localhost:0 local /usr/bin/X11/X :0"
if your other resources are specified as "Dtlogin._0.session"). A
`*' character in this field will be expanded to "<hostname>:0" by
dtlogin.
DisplayClass
The display class portion is also used in the display-specific
resources as the class portion of the resource. This is useful if
you have a large collection of similar displays (a group of X
terminals, for example) and want to set resources for groups of
them. When using XDMCP, the display is required to specify the
display class, so perhaps your X terminal documentation describes a
reasonably standard display class string for your device.
DisplayType
A DisplayType of "local" indicates that an X server should be
started for this entry. A value of "remote" indicates to attach to
an existing X server.
@ite On local bitmaps, the user may choose a "Command Line Login" option
through the login screen, which temporarily suspends the X-server
and presents the traditional character "login:" prompt. The user
can then log in and perform non-X related tasks. When the user
finishes and logs out, the X-server is restarted, and the login
screen is redisplayed.
In order to support Command Line Login mode, the display must have an
associated Internal Terminal Emulator (ITE) device. By default, dtlogin
associates the ITE device console (/dev/console) with display :0. If your
configuration does not match this default, specify @<device> for the
displays with an associated ITE and @none for all other displays listed in
the servers file.
Command [options]
This is the string used to start the X server. The dtlogin client
will always connect to the X server using the DisplayName
specified, so you might need to specify an explicit connection
number as an option to your X server (:0 in the above example).
sysParmsFile
This resource specifies a file containing shell commands, one of which sets
the time zone environment variable (TZ) for the system. If the time zone is
set through the shell syntax, TZ=, dtlogin can use this information to set
the time zone for the user session.
timeZone
This resource specifies the local time zone for dtlogin. It is loaded into
the environment of dtlogin as the value of the variable TZ and inherited by
all subsequent sessions.
Some systems maintain a configuration file that contains the time zone
setting (for example, /etc/src.sh). See the sysParmsFile resource.
wakeupInterval
If the user selects Command Line Login mode from the login screen, dtlogin
terminates the X-server and displays the traditional character-based login
prompt login:. If the user does not log in within twice the interval
specified by wakeupInterval, the X-server is restarted. Once the user has
logged in, dtlogin checks every wakeupInterval seconds to see if the user
has logged out. If so, the X-server is restarted and the login screen is
redisplayed.
DISPLAY RESOURCES
The dtlogin client display resources can be specified for all displays or
for a particular display. To specify a particular display, the display name
is inserted into the resource name between Dtlogin and the final resource
name segment. For example, Dtlogin.expo_0.startup is the name of the
resource defining the startup shell file on the expo:0 display. The
resource manager separates the name of the resource from its value with
colons, and separates resource name parts with dots, so dtlogin uses
underscores for the dots and colons when generating the resource name.
Resources can also be specified for a class of displays by inserting the
class name instead of a display name. A display that is not managed by
XDMCP can have its class affiliation specified in the file referenced by
the servers resource. A display using XDMCP supplies its class affiliation
as part of the XDMCP packet.
Name ClassClass Type Default
__________________________________________________________________
authorize Authorize Boolean False
authName AuthName String MIT-MAGIC-COOKIE-1
authFile AuthFile String NULL
chooser Chooser
cpp Cpp String system dep.
environment Environment String system dep.
failsafeClient FailsafeClient String /system_dep./xterm
grabServer GrabServer Boolean True
grabTimeout GrabTimeout Int 3 seconds
language Language String system dep.
languageList LanguageList String NULL
languageName LanguageName String NULL
openDelay OpenDelay Int 5 seconds
openRepeat OpenRepeat Int 5 seconds
openTimeout OpenTimeout Int 30 seconds
pingInterval PingInterval Int 5 minutes
pingTimeout PingTimeout Int 5 minutes
reset Reset String NULL
resetForAuth ResetForAuth Boolean False
resetSignal Signal Int 1 SIGHUP
resources Resource String NULL
session Session String /usr/dt/bin/Xsession
setup Setup String NULL
startAttempts StartAttempts Int 4
startup Startup String NULL
systemPath SystemPath String system_dep._path
systemShell SystemShell String /bin/sh
terminateServer TerminateServer Boolean False
termSignal Signal Int 15 (SIGTERM)
userAuthDir UserAuthDir String /var/dt
userPath UserPath String system_dep._path
xdmMode XdmMode Boolean False
xrdb Xrdb String /system_dep./xrdb
authorize
Authorize is a boolean resource that controls whether dtlogin generates and
uses authorization for the server connections. (See authName.)
authName
If authorize is used, authName specifies the type of authorization to be
used. Currently, dtlogin supports only MIT-MAGIC-COOKIE-1 authorization,
XDM-AUTHORIZATION-1 could be supported, but DES is not generally
distributable. XDMCP connections state which authorization types are
supported dynamically, so authName is ignored in this case. (See
authorize.)
authFile
This file is used to communicate the authorization data from dtlogin to the
server, using the -auth server command line option. It should be kept in a
write- protected directory to prevent its erasure, which would disable the
authorization mechanism in the server. If NULL, dtlogin will generate a
file name.
chooser
Specifies the program run to offer a host menu for indirect queries
redirected to the special host name CHOOSER. The default is
/usr/dt/bin/dtchooser. See the Xaccess section.
cpp
This specifies the path of the C preprocessor that is used by xrdb.
environment
This resource can contain a set of <name>=<value> pairs separated by a
space or tab. Each item is loaded into the environment of the server and
session. See the Environment section for details.
failsafeClient
If the default session fails to execute, dtlogin falls back to this
program. This program is executed with no arguments, but executes using the
same environment variables as the session would have had. (See The
Xfailsafe File.)
grabServer
See grabTimeout.
grabTimeout
To improve security, dtlogin grabs the server and keyboard while reading
the name and password. The grabServer resource specifies if the server
should be held while the name and password is read. When FALSE, the server
is ungrabbed after the keyboard grab succeeds; otherwise, the server is
grabbed until just before the session begins. The grabTimeout resource
specifies the maximum time dtlogin will wait for the grab to succeed. The
grab may fail if some other client has the server grabbed, or possibly if
the network latencies are very high. The grabTimeout resource has a default
of 3 seconds; be cautious when using this resource, since a user can be
deceived by a look-alike window on the display. If the grab fails, dtlogin
kills and restarts the server (if possible) and session.
Some X-terminals cannot display their login screens while the server is
grabbed. Setting grabServer to false will permits the screen to be
displayed, but opens the possibility that a user's login name can be stolen
by copying the contents of the login screen. Since the keyboard is still
grabbed and the password is not echoed, the password cannot be stolen.
Under Tru64 UNIX, grabServer defaults to False.
language
This resource specifies the default setting for the LANG environment
variable. If the dtlogin screen is localized for that language, it is
displayed appropriately; otherwise, it is displayed in the C language. The
user may override this setting temporarily through an option on the login
screen. When the subsequent session terminates, the LANG variable reverts
to this setting.
languageList
This resource lets the user override the default set of languages displayed
in the Language menu of the login screen. It is useful if the set of
languages actually used on a particular display is smaller than the set
installed on the system. The resource value is a list of valid values for
the LANG environment variable. Language values should be separated by one
or more spaces or tabs.
languageName
This resource lets the user override the default locale name displayed in
the Language menu of the login screen with alternate text. This way,
instead of users seeing a En_US item, they could see a English (United
States) item instead. This resource is specified as Dtlogin *<locale name>.
languageName: text as follows:
LDtlogin*En_US.languageName: English (United States)
Dtlogin*Fr_CA.languageName: French (Canadian)
openDelay
See startAttempts
openRepeat
See startAttempts
openTimeout
See startAttempts
pingInterval
See pingTimeout
pingTimeout
To discover when remote displays disappear, dtlogin occasionally pings
them, using an X connection and sending XSync requests. The pingInterval
resource specifies the time (in minutes) between successive ping attempts,
and pingTimeout specifies the maximum wait time (in minutes) for the
terminal to respond to the request. If the terminal does not respond, the
session is terminated. The dtlogin client does not ping local displays.
Although it may seem harmless, it is undesirable when a local session is
terminated as a result of the server waiting (for remote filesystem
service, for example) and not responding to the ping.
reset
This specifies a program that is run (as root) after the session
terminates. If not set, no program is run. The conventional name is Xreset.
See The Xreset File.
resetForAuth
The original implementation of authorization in the sample server rereads
the authorization file at server reset time, instead of when checking the
initial connection. Since dtlogin generates the authorization information
just before connecting to the display, an old server does not get current
authorization information. This resource causes dtlogin to send SIGHUP to
the server after setting up the file, causing an additional server reset to
occur, during which time the new authorization information is read.
resetSignal
This resource specifies the signal dtlogin sends to reset the server. See
the section Controlling The Server
resources
This resource specifies the name of the file to be loaded by xrdb(1) as the
resource database onto the root window of screen 0 of the display. This
resource database is loaded just before the authentication procedure is
started, so it can control the appearance of the login window. See the
section on the authentication screen, which describes the various resources
that are appropriate to place in this file. There is no default value for
this resource, but the conventional name is Xresources. See the Resource
section.
session
This specifies the session to be executed for the authenticated user. By
default, the /usr/dt/bin/Xsession file is run. The conventional name is
Xsession. See The Xsession File.
setup
This specifies a program that is run (as root) prior to the display of the
authentication screen. By default, no program is run. The conventional name
for a file used here is Xsetup. See the Xsetup section.
startAttempts
Four numeric resources control the behavior of dtlogin when attempting to
open reluctant servers: openDelay, openRepeat, openTimeout, and
startAttempts.
openDelay Reflects the duration (in seconds) between successive
attempts
openRepeat Reflects the number of attempts to make
openTimeout Reflects the amount of time to wait while actually
attempting the opening (that is, the maximum time spent in
the connect(2) syscall)
startAttempts Reflects the number of times the entire process occurs
before giving up on the server
After openRepeat attempts have been made or if openTimeout seconds elapse
in any particular attempt, dtlogin terminates and restarts the server,
attempting to connect again. This process is repeated startAttempts times,
at which point the display is declared dead and disabled. (See openDelay,
openRepeat, and openTimeout.)
startup
This specifies a program that is run (as root) after the authentication
process succeeds. By default, no program is run. The conventional name for
a file used here is Xstartup. See the Xstartup section.
systemPath
The dtlogin client sets the PATH environment variable for the startup and
reset scripts to the value of this resource. Note the conspicuous absence
of `.' from this entry. This is a good practice to follow for root; it
avoids many system penetration schemes.
systemShell
The dtlogin client sets the SHELL environment variable for the startup and
reset scripts to the value of this resource.
terminateServer
This boolean resource specifies whether the X server should be terminated
when a session terminates (instead of resetting it). This option can be
used if the server tends to grow without bound over time in order to limit
the amount of time the server is run continuously.
termSignal
This resource specifies the signal dtlogin sends to terminate the server.
See the section Controlling The Server.
userAuthDir
When dtlogin cannot write to the usual user authorization file (
$HOME/.Xauthority), it creates a unique file name in this directory and
points the environment variable XAUTHORITY at the created file.
userPath
The dtlogin client sets the PATH environment variable for the session to
this value. It should be a colon-separated list of directories; see sh(1)
for a full description.
xdmMode
If True, the $HOME/.xsession file will be executed from Xsession upon user
authentication, rather than dtsession.
xrdb
Specifies the program used to load the resources. The authentication
screen reads a name-password pair from the keyboard. As this is a Motif
toolkit client, colors, fonts and some layout options can be controlled
with resources. General resources for this screen should be put into the
file named by the dtlogin resources resource, the default being
Xresources. Language specific values such as text or fonts should be
specified in the Dtlogin app-defaults file.
Logo Resources
Name ClassClass Type Default
__________________________________________________________
bitmapFile BitmapFile String NULL
background Background Pixel #a8a8a8
topShadowPixmap TopShadowPixmap String 25_foreground
The default logo on the authentication screen may be replaced with a bitmap
or pixmap of the user's choice. The resources should be prefaced with the
string Dtlogin*logo* when specified.
bitmapFile
Specifies the absolute path name to the bitmap or pixmap file to
be used for the logo.
background
Specifies the background color for the logo.
topShadowPixmap
Specifies the pixmap to use for the logo border shadow.
Greeting Resources
The following resources describe the greeting string used on the login
screen. The resources should be prefaced with the string Dtlogin*greeting*
when specified.
Name ClassClass Type Default
_______________________________________________________________________________
foreground Foreground Pixel black
background Background Pixel dynamic
fontList FontList FontList -*-*schoolbook-medium-i-normal--18-*
labelString LabelString String Welcome to %LocalHost%
persLabelString LabelString String Welcome %s
alignment Alignment String ALIGNMENT_CENTER
foreground
Specifies the foreground color for the welcome message.
background
Specifies the background color for the welcome message. The
default is light-gray for color systems or white for monochrome
systems.
fontList Specifies the font to use for the welcome message.
labelString
Specifies the string to use for the welcome message. Multiple
lines can be specified by including newline characters (0 in the
text. If the token %LocalHost" is included in the text, it will
be replaced with the name of the host providing login service. If
the token %DisplayName% is included in the text, it will be
replaced with the display name.
persLabelString
Specifies the string to use for the personalized welcome message.
This is the message displayed after the use name has been
entered. The %s will be replaced with the user name entered.
alignment Specifies the string to use for the alignment of the Welcome
message. Valid values are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER
and ALIGNMENT_END.
Matte Resources
The following resources describe the matte layout used on the login screen.
The resources should be prefaced with the string Dtlogin*matte. when
specified.
Name ClassClass Type Default
________________________________________________________
width Width Int 806 for Highres displays
755 for Mediumres displays
585 for lowres displays
height Height Int 412 for Highres displays
385 for Mediumres displays
300 for Lowres displays
width Specifies the width to use for the login_matte.
height Specifies the height to use for the login_matte. The following
resources describe the fonts layout used on the login screen. The
resources should be prefaced with the string Dtlogin*. when
specified.
Label Resources
Name ClassClass Type Default
______________________________________________________________________________
labelFont LabelFont String -*-swiss 742-bold-r-normal-*-140-*-p-100-*
for lowres displays
-*-swiss 742-medium-r-normal-*-140-*-p-110-*
for high res displays.
textFont TextFont String -*-prestige-medium-r-normal-*-128-72-*
for highres displays.
-*-helvetica-bold-r-normal-*-100-*
for lowres displays
labelFont Specifies the labelFont to use for the pushButtons and labels.
textFont Specifies the textFont to use for the pushButtons and labels.
ENVIRONMENT
The dtlogin client invokes the user's session with the following default
environment:
DISPLAY
is set to the associated display name
EDITOR
is set to /usr/dt/bin/dtpad
HOME
is set to the home directory of the user
KBD_LANG
is set to the value of LANG for applicable languages
LANG
is set to the current NLS language (if any)
LC_ALL
is set to the current NLS language (if any)
LC_MESSAGES
is set to the current NLS language (if any)
LOGNAME
is set to the user name
MAIL
is set to /usr/mail/$USER (system dependent)
PATH
is set to the value of the userPath resource
USER
is set to the user name
SHELL
is set to the user's default shell (from /etc/passwd)
TERM
is set to dtterm
TZ
is set to the value of the timeZone resource or system default
XAUTHORITY
may be set to an authority file
Adding to the Environment List
Four methods are available to modify or add to this list depending on the
required scope of the resulting environment variable.
The exportList resource is available to permit the export of variables
provided to the dtlogin process by its parent. Variables specified by this
method are available to both the display's X server process and the user's
session and override any default settings. The resource accepts a string of
<name> separated by at least one space or tab.
The environment resource is available in the dtlogin configuration file to
permit setting of environment variables on a global or per-display basis.
Variables specified by this method are available to both the display's X
server process and the user's session and override any default settings.
The resource accepts a string of <name>=<value> pairs separated by at least
one space or tab. The values specified must be constants because no shell
is used to parse the string. See the Resources section for details on
setting this resource.
For example:
Dtlogin*environment:MAIL_HOST=blanco MAIL_SERVER=pablo
The environment variables LANG and TZ have their own dedicated resources in
the configuration file and should not be set through the environment.
Environment variables that require processing by a shell or are dependent
on the value of another environment variable can be specified in the
startup script Xsession. These variables are loaded into the environment of
all users on the display, but not to the X server process. They override
any previous settings of the same variable. The Xsession script accepts ksh
syntax for setting environment variables. For example:
MAIL=/usr/mail/$USER
Finally, personal environment variables can be set on a per-user basis in
the script file $HOME/.dtprofile.
The dtlogin client accepts either sh, ksh, or csh syntax for the commands
in this file. The commands should only be those that set environment
variables, not any that perform terminal I/O, excepting tset(1) or stty(1).
If the first line of .dtprofile is #!/bin/sh, #!/bin/ksh, or #!/bin/csh,
dtlogin uses the appropriate shell to parse .dtprofile. Otherwise, the
user's default shell ($SHELL) is used.
FILES
The dtlogin client is designed to operate in a wide variety of environments
and provides a suite of configuration files that can be changed to suit a
particular system. The default dtlogin configuration files can be found in
/usr/dt/config with the exception of Xsession which is stored in
/usr/dt/bin. They are listed below:
Xconfig specifies other dtlogin configuration files and dtlogin
behavior
Xaccess used by dtlogin to control access from displays requesting
XDMCP service
Xservers contains the list of displays for dtlogin to explicitly
manage
Xresources contains resource definitions specifying the appearance of
the login screen
Xsetup a script executed as root prior to display of the login
screen
Xstartup a script executed as root after user has successfully
authenticated
Xsession a script executed as the authenticated user that starts the
user's session
Xfailsafe a script executed as the authenticated user that starts a
failsafe session
Xreset a script executed as root after the user's session has
exited
The Xconfig File
The Xconfig file contains the general resources for dtlogin and is the top
of the dtlogin configuration file tree. Xconfig specifies the location of
other dtlogin configuration and log files and specifies dtlogin behavior.
The location of other dtlogin configuration and log files are specified by
resource definitions. The defaults are listed below:
Dtlogin.errorLogFile: /var/dt/Xerrors
Dtlogin.pidFile: /var/dt/Xpid
Dtlogin.accessFile: Xaccess
Dtlogin.servers: Xservers
Dtlogin*resources: %L/Xresources
Dtlogin*setup: Xsetup
Dtlogin*startup: Xstartup
Dtlogin*reset: Xreset
Dtlogin*failsafeClient: Xfailsafe
Dtlogin*session: /usr/dt/bin/Xsession
If the path specified for accessFile, servers, resources, setup, startup,
reset, failsafeClient, or session is relative, dtlogin will first look for
the file in directory /etc/dt/config, then /usr/dt/config.
Some of the resources are specified with a `*' character separating the
components. These resources can be made unique for each different display,
by replacing the `*' with the display name. See the DISPLAY RESOURCES
section for a complete discussion.
The default Xconfig file is /usr/dt/config/Xconfig. A system administrator
can customize Xconfig by copying the file /usr/dt/config/Xconfig to
/etc/dt/config/Xconfig and modifying /etc/dt/config/Xconfig.
The default Xconfig file contains the configuration and log file entries
shown above as well as a few vendor specific resource definitions and
examples. See the GENERAL RESOURCES and DISPLAY RESOURCES sections for the
complete list of resources that can be defined in Xconfig.
The Xaccess File
The database file specified by the accessFile resource provides information
that dtlogin uses to control access from displays requesting XDMCP service.
This file contains three types of entries: entries that control the
response to Direct and Broadcast queries, entries that control the response
to Indirect queries, and macro definitions.
The format of a Direct entry is either a host name or a pattern. A pattern
is distinguished from a host name by the inclusion of one or more meta
characters (an asterisk matches any sequence of 0 or more characters, and a
question mark matches any single character) that are compared against the
host name of the display device. If the entry is a host name, all
comparisons are done using network addresses, so any name that converts to
the correct network address may be used. For patterns, only canonical host
names are used in the comparison, so ensure that you do not attempt to
match aliases. Preceding either a host name or a pattern with a `!'
character causes hosts that match that entry to be excluded.
An Indirect entry also contains a host name or pattern, but follows it with
a list of host names or macros to which indirect queries should be sent.
Indirect entries may also specify to have dtlogin run dtchooser to offer a
menu of hosts to which a login screen can be displayed.
A macro definition contains a macro name and a list of host names and other
macros that the macro expands to. To distinguish macros from hostnames,
macro names start with a `%' character. Macros may be nested.
When checking access for a particular display host, each entry is scanned
in turn and the first matching entry determines the response. Direct and
Broadcast entries are ignored when scanning for an Indirect entry and
vice-versa.
Blank lines are ignored, the `#' character is treated as a comment
delimiter (causing the rest of that line to be ignored), and `\newline'
causes the newline character to be ignored, permitting indirect host lists
to span multiple lines.
Here is an example Xaccess file: DJB
#
# Xaccess - XDMCP access control file
#
#
# Direct/Broadcast query entries
#
!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
bambi.ogi.edu # allow access from this particular display
*.lcs.mit.edu # allow access from any display in LCS
#
# Indirect query entries
#
#define %HOSTS macro
%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \
excess.lcs.mit.edu kanga.lcs.mit.edu
#force extract to contact xenon
extract.lcs.mit.edu xenon.lcs.mit.edu
#disallow indirect access by xtra
!xtra.lcs.mit.edu dummy
#all others get to choose among %HOSTS
*.lcs.mit.edu %HOSTS
If XDMCP access is granted, a temporary file may be created in the
directory specified by authDir, containing authorization information for
the X-terminal. It is deleted when the session starts.
For X terminals that do not offer a host menu for use with Broadcast or
Indirect queries, the chooser program can do this for them. In the Xaccess
file, specify CHOOSER as the first entry in the Indirect host list. Chooser
will send a Query request to each of the remaining host names in the list
and offer a menu of all the hosts that respond.
The list may consist of the word BROADCAST, in which case chooser will send
a Broadcast instead, again offering a menu of all hosts that respond. On
some operating systems, UDP packets cannot be broadcast, so this feature
will not work.
For example, Xaccess file using chooser:
#offer a menu of these hosts to extract
extract.lcs.mit.edu CHOOSER %HOSTS
#offer a menu of all hosts to xtra
xtra.lcs.mit.edu CHOOSER BROADCAST
The program to use for chooser is specified by the chooser resource.
Resources for this program can be put into the file named by resources.
The default Xaccess file is /usr/dt/config/Xaccess. A system administrator
can customize Xaccess by copying the file /usr/dt/config/Xaccess to
/etc/dt/config/Xaccess and modifying /etc/dt/config/Xaccess.
The default Xaccess file contains no entries.
The Xservers File
Contains the list of displays to manage. See the servers resource
description under GENERAL RESOURCES for more information.
The default Xservers file is /usr/dt/config/Xservers. A system
administrator can customize Xservers by copying the file
/usr/dt/config/Xservers to /etc/dt/config/Xservers and modifying
/etc/dt/config/Xservers.
The default Xservers file contains an entry for one local display.
The Xresources File
Contains the resource definitions specifying the appearance of the login
screen. See the dtgreet specification for more information.
The default Xresources file is /usr/dt/config/Xresources. A system
administrator can customize Xresources by copying the file
/usr/dt/config/Xresources to /etc/dt/config/Xresources and modifying
/etc/dt/config/Xresources.
The Xsetup File
This file is typically a shell script. It is run as "root" and should be
very careful about security. This script is run before the login screen is
displayed. No arguments of any kind are passed to the script. Dtlogin waits
until this script exits before displaying the login screen.
The default Xsetup file is /usr/dt/config/Xsetup. A system administrator
can customize Xsetup by copying the file /usr/dt/config/Xsetup to
/etc/dt/config/Xsetup and modifying /etc/dt/config/Xsetup.
The default Xsetup file contains vendor specific code but typically
contains code that sets up the X server prior to the display of the login
screen, such as setting up keyboard maps.
The Xstartup File
This file is typically a shell script. It is run as "root" and should be
very careful about security. This is the place to put commands that display
the message of the day or do other system-level functions on behalf of the
user. Various environment variables are set for the use of this script:
DISPLAY set to the associated display name
HOME set to the home directory of the user
PATH set to the value of the systemPath resource
USER set to the user name
SHELL set to the value of the systemShell resource
No arguments of any kind are passed to the script. Dtlogin waits until this
script exits before starting the user session. If the exit value of this
script is non-zero, dtlogin discontinues the session immediately and starts
another authentication cycle.
The default Xstartup file is /usr/dt/config/Xstartup. A system
administrator can customize Xstartup by copying the file
/usr/dt/config/Xstartup to /etc/dt/config/Xstartup and modifying
/etc/dt/config/Xstartup.
The default Xstartup file contains code to change ownership of /dev/console
to the user whose session is running on the console.
The Xsession File
This script initializes a user's session and invokes the desktop session
manager. It is run with the permissions of the authorized user, and has
several environment variables preset. See the Environment section for a
list of the preset variables.
The default Xsession file is /usr/dt/bin/Xsession. A system administrator
can customize Xsession by copying the file /usr/dt/bin/Xsession to
/etc/dt/config/Xsession and modifying /etc/dt/config/Xsession. The session
resource defined in Xconfig must also be changed to reference the
customized Xsession file. See the Xconfig section for information on how to
update the Xconfig file.
The default Xsession file contains session initialization code. It does
contain some vendor specific code but its general function is as follows:
· Sources the user's $HOME/.dtprofile
· Sources any /etc/dt/config/Xsession.d/* scripts
· Sources any /usr/dt/config/Xsession.d/* scripts
· Launches in the background the desktop welcome client, dthello
· Sources the application search path setup script, dtsearchpath
· Launches in the background the help setup client, dthelpgen
· Launches in the background the application manager directory setup
client, dtappgather
· Executes the desktop session manager, dtsession
System administrators are discouraged from customizing the Xsession file.
The Xreset File
Symmetrical with Xstartup, this script is run after the user session has
terminated. Run as root, it should probably contain commands that undo the
effects of commands in Xstartup, such as unmounting directories from file
servers. The collection of environment variables that were passed to
Xstartup are also given to Xreset.
The default Xreset file is /usr/dt/config/Xreset. A system administrator
can customize Xreset by copying the file /usr/dt/config/Xreset to
/etc/dt/config/Xreset and modifying /etc/dt/config/Xreset.
The default Xreset file contains code change ownership of /dev/console back
to root.
STATUS FILES
The Xerrors File
Contains error messages from dtlogin and anything output to stderr by
Xsetup, Xstartup or Xreset. The system administrator can use the contents
of this file for dtlogin troubleshooting. The errorLogSize resource limits
the size of the Xerrors file and can prevent it from growing without bound.
A system administrator can change the pathname of the Xerrors file by
setting the errorLogFile resource in the Xconfig file. See the Xconfig
section for information on how to update the Xconfig file.
The Xpid File
Contains the process ID of the master dtlogin process that can be used when
sending signals to dtlogin. A system administrator can change the pathname
of the Xpid file by setting the pidFile resource in the Xconfig file. See
the Xconfig section for information on how to update the Xconfig file.
ERROR MESSAGES
Login incorrect; please try again.
Unable to change to home directory.
Sorry. Maximum number of users already logged in.
Login error, invalid user ID.
Login error, invalid group ID.
Login error, invalid audit ID.
Login error, invalid audit flag.
Logins are currently disabled.
Your current password has expired.
RESTRICTIONS
The Dtlogin.errorLogSize resource in /usr/dt/config/Xconfig controls the
maximum error log file size (in kilobytes) of the error log for the dtlogin
processes and the X server, /var/dt/Xerrors. The dtlogin application
truncates the file if it grows larger than the size specified in the
resource parameter.
Because both dtlogin and the X server can write to this log file, the X
server may write more data than the limit allows before the dtlogin process
can truncate it. Sending a signal to the primary dtlogin process on the
system also forces the file to be truncated.
|
Index for
Section 1 |
|
|
Alphabetical
listing for D |
|
 |
Top of
page |
|