GDM and XDMCP
Daniel B. Thurman
dant at cdkkt.com
Fri Aug 20 17:46:29 UTC 2010
On 08/20/2010 09:23 AM, Steve Blackwell wrote:
> On Thu, 19 Aug 2010 20:09:48 -0700
> "Daniel B. Thurman" <dant at cdkkt.com> wrote:
>> On 08/19/2010 07:48 AM, Steve Blackwell wrote:
>>> I want to be able to log in to another computer from this computer
>>> using XDMCP. Assuming that I have configured the other computer
>>> correctly, a big assumption to be sure, what do I have to do to GDM
>>> to show a menu or some other way of displaying the available XDMCP
>>> computers on my login screen?
>>>
>>> I get plenty of google hits on GDM & XDMCP but they all appear to be
>>> about how to configure GDM to allow a remote computer to log in to
>>> my local computer and not the other way around.
>>>
>>> Is XDMCP even the right way to go? Should I be using VNC? I know
>>> XDMCP is inherently insecure but this is on a local private network.
>>>
>>> Thanks,
>>> Steve
>> I use XDMCP on all of my boxes and
>> force only local connections. Tested
>> from 5 -> 13 and it works.
> Are you using GDM or KDM?
> If GDM can you post your custom.conf file and if it is possible, a pic
> of your GDM screen with the XDMCP hosts shown?
>
> Thanks,
> Steve
I am using both gdm & kdm.
There was a very hard to locate webpage that explained
how to enable and configure XDMCP for both, but I will try
to give you the run down, best as I can. I hope I have not
missed anything...
As for security, make sure that you read up online on how
to use X SSH tunnelling if later, you decide to expose your
X chooser to the Internet for remote access. Also, if you do
this, you have to expose port 177 on your firewall.
Keep in mind that you will get a chooser, a login screen
showing the same background image with the login
dialog with the list of users, exactly as it appears when
you log directly onto your console terminal.
When you use a vnc viewer, the remote access host
field is in the form: <host or IP address>:<last-2 digit-port#>
What this does is to choose the port number defining
the window properties as defined in vncserver shown
below, the color depth and the screen size. This allows
for flexibility for the particular terminal console you are
using remotely.
After you properly configured everything below, a reboot
is required. If there are any issues, be SURE that port 177
is actually accessible remotely and you can use nmap
to check it since it is a udp port. Also make sure that
vncserver services are actually listening via netstat.
1) GDM
/etc/gdm/custom.conf
Add to: [xdmcp]
Enable=true
Willing=/etc/X11/xdm/Xwilling
Xaccess=/etc/X11/xdm/Xaccess
Port=177
2) XDM
/etc/X11/xdm/xdm-config
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
!DisplayManager.requestPort: 0
/etc/X11/xdm/Xaccess
* #any host can get a login window
#localhost
10.1.0. # Listen to local area network only <== at bottom,
newly added & set your network here
3) KDE
/etc/kde/kdm/kdmrc
[Xdmcp]
Enable=true
Port=177
Xaccess=/etc/kde/kdm/Xaccess
Willing=/etc/kde/kdm/Xwilling
/etc/kde/kdm/Xaccess
* #any host can get a login window
#localhost
10.1.0. # Listen to local area network only <== at bottom,
newly added & set your network here
4) Services & Server
*** Add to bottom & make sure spaces are single <TAB>
*** You can add or remove to your taste but make sure that
if you change anything below, update /etc/xinetd.d/vncserver
/etc/services
#========== Added by: <your initials>
vnc-640x480x8 5950/tcp
vnc-800x600x8 5951/tcp
vnc-1024x768x8 5952/tcp
vnc-1280x1024x8 5953/tcp
vnc-1600x1200x8 5954/tcp
vnc-640x480x16 5960/tcp
vnc-800x600x16 5961/tcp
vnc-1024x768x16 5962/tcp
vnc-1280x1024x16 5963/tcp
vnc-1600x1200x16 5964/tcp
vnc-640x480x24 5970/tcp
vnc-800x600x24 5971/tcp
vnc-1024x768x24 5972/tcp
vnc-1280x1024x24 5973/tcp
vnc-1600x1200x24 5974/tcp
vnc-640x480x32 5980/tcp
vnc-800x600x32 5981/tcp
vnc-1024x768x32 5982/tcp
vnc-1280x1024x32 5983/tcp
vnc-1600x1200x32 5984/tcp
#==========
/etc/xinetd.d/vncserver <=== NEW FILE with:
# VNC XServer
# Each line should be on one line, starting vnc-
# and ending -depth x where x is the number.
#
service vnc-640x480x8
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 640x480 -depth 8
}
service vnc-800x600x8
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 800x600 -depth 8
}
service vnc-1024x768x8
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1024x768 -depth 8
}
service vnc-1280x1024x8
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1280x1024 -depth 8
}
service vnc-1600x1200x8
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1600x1200 -depth 8
}
service vnc-640x480x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 640x480 -depth 16
}
service vnc-800x600x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 800x600 -depth 16
}
service vnc-1024x768x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1024x768 -depth 16
}
service vnc-1280x1024x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1280x1024 -depth 16
}
service vnc-1600x1200x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1600x1200 -depth 16
}
service vnc-640x480x24
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 640x480 -depth 24
}
service vnc-800x600x24
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 800x600 -depth 24
}
service vnc-1024x768x24
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1024x768 -depth 24
}
service vnc-1280x1024x24
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1280x1024 -depth 24
}
service vnc-1600x1200x24
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1600x1200 -depth 24
}
service vnc-640x480x32
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 640x480 -depth 32
}
service vnc-800x600x32
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 800x600 -depth 32
}
service vnc-1024x768x32
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1024x768 -depth 32
}
service vnc-1280x1024x32
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1280x1024 -depth 32
}
service vnc-1600x1200x32
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once securitytypes=none
-geometry 1600x1200 -depth 32
}
More information about the users
mailing list