From 4aed2c8219774f5d797760606b8489a92ddc5163 Mon Sep 17 00:00:00 2001 From: toma Date: Wed, 25 Nov 2009 17:56:58 +0000 Subject: Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features. BUG:215923 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- doc/kdm/Makefile.am | 6 + doc/kdm/index.docbook | 1472 ++++++++++++++++++++++++++++ doc/kdm/kdmrc-ref.docbook | 2316 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 3794 insertions(+) create mode 100644 doc/kdm/Makefile.am create mode 100644 doc/kdm/index.docbook create mode 100644 doc/kdm/kdmrc-ref.docbook (limited to 'doc/kdm') diff --git a/doc/kdm/Makefile.am b/doc/kdm/Makefile.am new file mode 100644 index 000000000..c04fe0908 --- /dev/null +++ b/doc/kdm/Makefile.am @@ -0,0 +1,6 @@ +conf_def = $(top_srcdir)/kdm/config.def +ref: $(conf_def) $(top_srcdir)/kdm/confproc.pl + $(PERL) -w $(top_srcdir)/kdm/confproc.pl --doc $(conf_def) kdmrc-ref.docbook + +KDE_LANG = en +KDE_DOCS = AUTO diff --git a/doc/kdm/index.docbook b/doc/kdm/index.docbook new file mode 100644 index 000000000..1a127a506 --- /dev/null +++ b/doc/kdm/index.docbook @@ -0,0 +1,1472 @@ + + + + kdmrc"> + ksmserver"> + kdesktop"> + XDMCP"> + xdm"> + + + +]> + + + +The &kdm; Handbook + + + +&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail; + + + + + + + +2000 +&Neal.Crook; + + + +2002 +&Oswald.Buddenhagen; + + + +2003 +&Lauri.Watts; + + +2003-03-01 +0.05.02 + + +This document describes &kdm; the &kde; Display Manager. &kdm; +is also known as the Login Manager. + + + +KDE +kdm +xdm +display manager +login manager + + + + + +Introduction + +&kdm; provides a graphical interface that allows you to log in to a +system. It prompts for login (username) and password, authenticates the user +and starts a session. &kdm; is superior to &xdm;, the X +Display Manager, in a number of ways. + + + + + + + +Quick Start Guide + +This is a quick start guide for users who fit the following +pattern: + + + +X is configured and works with the command +startx from the commandline. + + +Each user will generally only use a single window manager or +desktop environment, and does not change this choice very +often, or is comfortable editing a single text file in order to change +their choice. + + + +This scenario will be sufficient for many environments where a single +user or several users normally boot the computer and log into their +preferred environment. + + +Setting up a Default Session + +Create or open the file ~/.xinitrc +If you already have a working ~/.xinitrc, go to +the next step + + +If one does not already exist, add a line to the +~/.xinitrc to start your preferred window manager +or desktop environment. +For &kde; you should enter: +startkde +For other window managers or desktop environments, you should +look in their documentation for the correct command. + +Make a link as follows: +ln ~/.xinitrc ~/.xsession + + + +At this point, typing startx +on the commandline should start X, with a &kde; session. The next task is +to try &kdm;. + +As root, type +kdm at the prompt. + +You should see a login window, which is described more fully in . + +Typing your normal username and password in the fields provided, and +leaving selected as the session type should now +open a &kde; session for your user. + +If you have other users to configure, you should repeat the procedure +above for each of them. + + +This is a quick guide to getting up and running only. You probably +will want to customize &kdm; further, for example, to hide the names of the +system accounts, to allow further sessions, and much more. Please read +through the rest of this manual to find out how to do these things. + + + + + +The Login Window + + The user interface to &kdm; consists of two dialog boxes. The main +dialog box has these controls: + + + +A Username: field for you to enter your +username. + + + +A Password: field for you to enter your +password. + + + +(Optionally) a graphical image of each user (for example, a digitized +photograph). Clicking on an image is equivalent to typing the associated +username into the Username: field. (This feature is an +imitation of the login box on &IRIX;). + + + +A Menu drop down box that allows &kdm; to be used +to start sessions with various different window managers or desktop +environments installed on the system. + + + +(Optionally) a region to the right of the +Username:, Password: and +Session Type: fields which can be used to display +either a static image or an analog clock. + + + +A Login button that validates the +username/password combination and attempts to start a session of the +selected type. + + + +A Clear button that clears the text from +the Login and Pass +fields. + + + +A Menu button that opens an action menu +with the following items: + + + +(On local displays) A Restart X Server item +that terminates the currently running &X-Server;, starts a new one and +displays the login dialog again. You can use this if the display content +seems to be broken somehow. + + + +(On remote displays) A Close Connection +item that closes the connection to the &XDMCP; server you are currently +connected to. If you got to this server through a host chooser, this will +bring you back to the chooser, otherwise it will only reset the &X-Server; +and bring up the login dialog again. + + + +(Optionally on local displays) A Console +Mode item that terminates the currently running &X-Server; and +leaves you alone with a console login. &kdm; will resume the graphical login +if nobody is logged in at the console for some time. + + + + + +(Optionally) A Shutdown button that displays +the Shutdown dialog box. + + + +The Shutdown dialog box presents a set of +radio buttons that allow one of these options to be selected: + + + +Shutdown + +Shut the system down in a controlled manner, ready for +power-down. + + + +Restart + +Shut the system down and reboot. For systems that use +Lilo, an optional drop down box allows you to +select a particular operating-system kernel to be used for the +reboot. + + + +Restart X Server + +Stop and then restart the X-server. Typically, you might need to use +this option if you have changed your X11 configuration in some way. + + + +Console Mode + +Stop the &X-Server; and return the system to console mode. This is +achieved by bringing the system down to runlevel 3. Typically, the system +manager might need to use this option before upgrading or re-configuring X11 +software. + + + + +Pressing the OK button initiates the selected +action; pressing the Cancel button returns to the +main &kdm; dialog box. + + + + + +Configuring &kdm; + +This chapter assumes that &kdm; is already up and running on your +system, and that you simply want to change its behavior in some way. + +When &kdm; starts up, it reads its configuration from the folder +$KDEDIR/share/config/kdm/ (this may +be /etc/kde3/kdm/ or something else +on your system). + +The main configuration file is &kdmrc;; all other files are +referenced from there and could be stored under any name anywhere on +the system - but usually that would not make much sense for obvious +reasons (one particular exception is referencing configuration files +of an already installed &xdm; - however when a new &kdm; is installed, +it will import settings from those files if it finds an already installed +&xdm;). + +Since &kdm; must run before any user is logged in, it is not +associated with any particular user. Therefore, it is not possible to have +user-specific configuration files; all users share the common &kdmrc;. It +follows from this that the configuration of &kdm; can only be altered by +those users that have write access to +$KDEDIR/share/config/kdm/kdmrc (normally +restricted to system administrators logged in as root). + +You can view the &kdmrc; file currently in use on your system, and you +can configure &kdm; by editing this file. Alternatively, you can use the +graphical configuration tool provided by the &kcontrolcenter; (under +System AdministrationLogin +Manager), which is described in the &kcontrolcenter; help files. + + +The remainder of this chapter describes configuration of &kdm; +via the &kcontrolcenter; module, and the next +chapter describes the options available in &kdmrc; itself. If +you only need to configure for local users, the &kcontrolcenter; module +should be sufficient for your needs. If you need to configure remote +logins, or have multiple &kdm; sessions running, you will need to read +on. + + + + +&Thomas.Tanghus; &Thomas.Tanghus.mail; +&Steffen.Hansen; &Steffen.Hansen.mail; +&Mike.McBride; &Mike.McBride.mail; + + + +The Login Manager &kcontrolcenter; Module + +Using this module, you can configure the &kde; graphical login +manager, &kdm;. You can change how the login screen looks, who has +access using the login manager and who can shutdown the +computer. + +All settings will be written to the configuration file +&kdmrc;, which in its original state has many comments to help you +configure &kdm;. Using this &kcontrolcenter; module will strip these +comments from the file. All available options in &kdmrc; are covered +in . + +The options listed in this chapter are cross referenced with +their equivalents in &kdmrc;. All options available in the &kcontrol; +module are also available directly in &kdmrc; but the reverse is not +true. + +In order to organize all of these options, this module is +divided into several sections: Appearance, +Font, Background, +Shutdown, +Users and +Convenience. + +You can switch between the sections using the tabs at the top of +the window. + +If you are not currently logged in as a superuser, you +will need to click the Administrator Mode... +Button. You will then be asked for a superuser password. Entering a +correct password will allow you to modify the settings of this +module. + + +Appearance + +From this page you can change the visual appearance of &kdm;, +&kde;'s graphical login manager. + +The Greeting: is the title of the login + screen. Setting this is especially useful if you have many servers users + may log in to. You may use various placeholders, which are described + along with the corresponding key + + in &kdmrc;. + + +You can then choose to show either the current system time, a logo or +nothing special in the login box. Make your choice in the radio buttons +labeled Logo area:. This corresponds to in &kdmrc; + +If you chose Show logo you can now choose a +logo: + + + +Drop an image file on the image button. + + +Click on the image button and select a new image from the image chooser +dialog. + + + +If you do not specify a logo the default +$KDEDIR/share/apps/kdm/pics/kdelogo.xpm +will be displayed. + +Normally the login box is centered on the screen. Use the +Position: options if you want it to appear +elsewhere on the screen. You can specify the relative position +(percentage of the screen size) for the center of the login window, +relative to the top left of the display, in the fields labeled +X: and Y: respectively. +These correspond to the key + +in &kdmrc;. + +While &kde;'s style depends on the settings of the user logged +in, the style used by &kdm; can be configured using the GUI +Style: and Color Scheme: options. +These correspond to the keys and in +&kdmrc; respectively. + +Below that, you have a drop down box to choose the language for +your login box, corresponding to setting in +&kdmrc;. + + + + +Font + +From this section of the module you can change the fonts used in the +login window. Only fonts available to all users are available here, not +fonts you have installed on a per user basis. + +You can select three different font styles from the drop down box +(General:, Failures:, +Greeting:). When you click on the +Choose... button a dialog appears from which you can +select the new characteristics for the font style. + + + +The General: font is used in all other places in the +login window. + + +The Failures: font is used when a login +fails. + + +The Greeting: font is the font used for the title +(Greeting String). + + + +You can also check the box labeled Use anti-aliasing for +fonts if you want smoothed fonts in the login dialog. + + + + +Background + +Here you can change the desktop background which will be displayed +before a user logs in. You can have a single color or an image as a +background. If you have an image as the background and select center, the +selected background color will be used around the image if it is not +large enough to cover the entire desktop. + +The background colors and effects are controlled by the options on +the tab labeled Background and you select a +background image and its placement from the options on the tab labeled +Wallpaper. + +To change the default background color(s) simply click either of +the color buttons and select a new color. + +The drop down box above the color buttons provides you with several +different blend effects. Choose one from the list, and it will be +previewed on the small monitor at the top of the window. Your choices +are: + + + +Flat +By choosing this mode, you select one color (using the color +button labeled Color 1), and the entire background is +covered with this one color. + + +Pattern +By choosing this mode, you select two colors (using both color +buttons). You then select a pattern by clicking +Setup. This opens a new dialog window, which gives you +the opportunity to select a pattern. Simply click once on the pattern of your +choice, then click on OK, and &kde; will render the pattern +you selected using the two colors you selected. For more on patterns, see the +section Background: Adding, Removing and Modifying +Patterns. + + +Background Program +By selecting this option, you can have &kde; use an external +program to determine the background. This can be any program of your choosing. +For more information on this option, see the section entitled Background: Using an external program. + + +Horizontal Gradient +By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by Color +1 on the left edge of the screen, and slowly transform into the +color selected by Color 2 by the time it gets to the +right edge of the screen. + + +Vertical Gradient +By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by Color +1 on the top edge of the screen, and slowly transform into the color +selected by Color 2 as it moves to the bottom of the +screen. + + +Pyramid Gradient +By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by Color +1 in each corner of the screen, and slowly transform into the color +selected by Color 2 as it moves to the center of the +screen. + + +Pipecross Gradient +By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by Color +1 in each corner of the screen, and slowly transform into the color +selected by Color 2 as it moves to the center of the +screen. The shape of this gradient is different then the pyramid +gradient. + + +Elliptic Gradient +By choosing this mode, you select two colors (using both color +buttons). &kde; will then start with the color selected by Color +2 in the center of the screen, and slowly transform into the color +selected by Color 1 as it moves to the edges, in an +elliptical pattern. + + + +The setup button is only needed for if you select Background +program or Patterns. In these instances, +another window will appear to configure the specifics. +Wallpaper +To select a new background image first, click on the +Wallpapers tab, then you can either select an image from the drop down list labeled Wallpaper or select +Browse... and select an image file from a file +selector. + +The image can be displayed in six different ways: + + +No wallpaper +No image is displayed. Just the background colors. + + +Centered +The image will be centered on the screen. The background colors +will be present anywhere the image does not cover. + + +Tiled +The image will be duplicated until it fills the entire +desktop. The first image will be placed in the upper left corner of the screen, +and duplicated downward and to the right. + + +Center Tiled +The image will be duplicated until it fills the entire +desktop. The first image will be placed in the center of the screen, and +duplicated upward, downward to the right, and to the left. + + +Centered Maxpect +The image will be placed in the center of the screen. It will +be scaled to fit the desktop, but it will not change the aspect ratio of the +original image. This will provide you with an image that is not distorted. + + + +Scaled +The image will be scaled to fit the desktop. It will be +stretched to fit all four corners. + + + + + + +<guilabel>Shutdown</guilabel> + +Allow Shutdown +Use this drop down box to choose who is allowed to shut down: + + +Nobody: No one can shutdown the computer using +&kdm;. You must be logged in, and execute a command. + + +Everybody: Everyone can shutdown the computer using +&kdm;. + +Only Root: &kdm; requires that the +root password be entered before shutting down the +computer. + + +You can independently configure who is allowed to issue a +shutdown command for the Local: and +Remote: users. + +Commands Use these text fields to +define the exact shutdown command. The +Halt: command defaults to +/sbin/halt. The Restart: command +defaults to +/sbin/reboot. + +When Show boot options is enabled, &kdm; +will on reboot offer you options for the lilo boot manager. For this +feature to work, you will need to supply the correct paths to your +lilo command and to lilo's map file. Note that this +option is not available on all operating systems. + + + + +Users + +From here you can change the way users are represented in the +login window. + +You may disable the user list in &kdm; entirely in the +Show Users section. You can choose from: + + + +Show List + +Only show users you have specifically enabled in the list +alongside +If you do not check this box, no list will be shown. This is the most secure setting, since an +attacker would then have to guess a valid login name as well as a +password. It's also the preferred option if you have more than a +handful of users to list, or the list itself would become +unwieldy. + + + +Inverse selection + +Allows you to intead select a list of users that should +not be shown, and all other users will be +listed. + + + + +Independently of the users you specify by name, you can use the +System UIDs to specify a range of valid +UIDs that are shown in the list. By default user +id's under 1000, which are often system or daemon users, and user id's +over 65000, are not shown. + +You can also enable the Sort users +checkbox, to have the user list sorted alphabetically. If this is +disabled, users will appear in the order they are listed in the +password file. &kdm; will also autocomplete user names if you enable the +Autocompletion option. + +If you choose to show users, then the login window will show +images (which you select), of a list of users. When someone is ready +to login, they may select their user name/image, enter their password, +and they are granted access. + +If you permit a user image, then you can configure the source +for those images. + +You can configure the admin picture here, for each user on the +system. Depending on the order selected above, users may be able to +override your selection. + +If you choose not to show users, then the login window will be +more traditional. Users will need to type their username and password +to gain entrance. This is the preferred way if you have many users on +this terminal. + + + + +Convenience + +In the convenience tab you can configure +some options that make life easier for lazy people, like automatic +login or disabling passwords. + +Please think more than twice before using these +options. Every option in the Convenience tab is +well-suited to seriously compromise your system security. Practically, +these options are only to be used in a completely non-critical +environment, ⪚ a private computer at home. + + +Automatic Login + +Automatic login will give anyone access to a certain account on +your system without doing any authentication. You can enable it using +the option Enable Auto-login. + +You can choose the account to be used for automatic login from +the list labeled User:. + + + + +<guilabel>Password-Less Login</guilabel> + +Using this feature, you can allow certain users to login without +having to provide their password. Enable this feature using the +Enable Password-less logins option. + +Below this option you'll see a list of users on the system. +Enable password-less login for specific users by checking the checkbox +next to the login names. By default, this feature is disabled for +all users. + +Again, this option should only be used in a safe +environment. If you enable it on a rather public system you should +take care that only users with heavy access restrictions are granted +password-less login, ⪚ +guest. + +You can also choose which user is preselected +when &kdm; starts. The default is None, but you +can choose Previous to have &kdm; default to the +last successfully logged in user, or you can +Specify a particular user to always be selected +from the list. You can also have &kdm; set the focus to the password +field, so that when you reach the &kdm; login screen, you can type the +password immediately. + +The Automatically login after X server crash +option allows you to skip the authentication procedure when your X +server accidentally crashed. + + + + + + + + + +&kdmrc-ref; + + + +Configuring your system to use &kdm; + +This chapter assumes that your system is already configured to +run the &X-Window;, and that you only need to reconfigure it to +allow graphical login. + + +Setting up &kdm; + +The fundamental thing that controls whether your computer boots to a +terminal prompt (console mode) or a graphical login prompt is the default +runlevel. The runlevel is set by the program /sbin/init under the control of the +configuration file /etc/inittab. The default runlevels +used by different &UNIX; systems (and different &Linux; distributions) vary, +but if you look at /etc/inittab the start of it should +be something like this: + +# Default runlevel. The runlevels used by RHS are: +# 0 - halt (Do NOT set initdefault to this) +# 1 - Single user mode +# 2 - Multiuser, without NFS +# 3 - Full multiuser mode +# 4 - unused +# 5 - X11 +# 6 - reboot (Do NOT set initdefault to this) + +id:3:initdefault: + + +All but the last line of this extract are comments. The comments +show that runlevel 5 is used for X11 and that runlevel 3 is used for +multi-user mode without X11 (console mode). The final line specifies +that the default runlevel of the system is 3 (console mode). If your +system currently uses graphical login (for example, using &xdm;) its +default runlevel will match the runlevel specified for X11. + +The runlevel with graphical login (&xdm;) for some common &Linux; +distributions is: + + +5 for &RedHat; 3.x and later, and for &Mandrake; +4 for Slackware +3 for &SuSE;. 4.x and 5.x + + +The first step in configuring your system is to ensure that you +can start &kdm; from the command line. Once this is working, you can +change your system configuration so that &kdm; starts automatically +each time you reboot your system. + +To test &kdm;, you must first bring your system to a runlevel +that does not run &xdm;. To do so, issue a command like this: + +/sbin/init + +Instead of the number you should specify the +appropriate runlevel for console mode on your system. + +If your system uses Pluggable Authentication Modules +(PAM), which is normal with recent &Linux; and &Solaris; +systems, you should check that your PAM configuration permits +login through the service named kde. If you previously used +&xdm; successfully, you should not need to make any +changes to your PAM configuration in order to use +&kdm;. /etc/pam.conf or +/etc/pam.d/kde. Information on configuring +PAM is beyond the scope of this handbook, but +PAM comes with comprehensive documentation (try looking in +/usr/share/doc/*pam*/html/). + +Now it's time for you to test &kdm; by issuing the following +command: + +kdm + + +If you get a &kdm; login dialog and you are able to log in, +things are going well. The main thing that can go wrong here is that +the run-time linker might not find the shared &Qt; or &kde; libraries. +If you have a binary distribution of the &kde; libraries, make sure +&kdm; is installed where the libraries believe &kde; is installed and +try setting some environment variables to point to your &kde; and &Qt; +libraries. + +For example: + +export + +export + +export + +export + + + +If you are still unsuccessful, try starting &xdm; instead, to +make sure that you are not suffering from a more serious X +configuration problem. + +When you are able to start &kdm; successfully, you can start to +replace &xdm; by &kdm;. Again, this is distribution-dependent. + + + +For &RedHat;, edit /etc/inittab, look for this + line: +x:5:respawn:/usr/X11/bin/xdm -nodaemon +and replace with: +x:5:respawn:/opt/kde/bin/kdm +This tells init(8) to respawn &kdm; when the +system is in run level 5. Note that &kdm; does not need the + option. + + +For &Mandrake;, the X11 runlevel in +/etc/inittab invokes the shell script +/etc/X11/prefdm, which is set up to select from +amongst several display managers, including &kdm;. Make sure that all +the paths are correct for your installation. + + +For &SuSE;, edit /sbin/init.d/xdm to add a +first line: + +. /etc/rc.config +DISPLAYMANAGER=kdm +export DISPLAYMANAGER + +For FreeBSD, edit /etc/ttys and find +the line like this: +ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure +and edit it to this: +ttyv8 "/usr/local/bin/kdm" xterm on secure + + +Most other distributions are a variation of one of +these. + + +At this stage, you can test &kdm; again by bringing your system +to the runlevel that should now run &kdm;. To do so, issue a command +like this: + +/sbin/init + + +Instead of the number you should specify the +appropriate runlevel for running X11 on your system. + +The final step is to edit the initdefault +entry in /etc/inittab to specify the appropriate +runlevel for X11. + +Before you make this change, ensure that you have a way +to reboot your system if a problem occurs. This might be a +rescue floppy-disk provided by your operating system +distribution or a specially-designed rescue +floppy-disk, such as tomsrtbt. Ignore this advice +at your peril. + +This usually involves changing the line: +id:3:initdefault: +to +id:5:initdefault: + +When you reboot your system, you should end up with the +graphical &kdm; login dialog. + +If this step is unsuccessful the most likely problem is that the +environment used at boot time differs from the environment that you used for +testing at the command line. If you are trying to get two versions of &kde; +to co-exist, be particularly careful that the settings you use for your +PATH and LD_LIBRARY_PATH environment variables +are consistent, and that the startup scripts are not over-riding them in +some way. + + + + + + +Supporting multiple window managers + +&kdm; detects most available window manager and desktop environments when +it is run. Installing a new one should make it automatically available in +the &kdm; main dialog Session Type:. + +If you have a very new window manager, or something that &kdm; does +not support, the first thing you should check is that the application to be +run is in the PATH and has not been renamed during the +install into something unexpected. + +If the case is that the application is too new and not yet supported +by &kdm;, you can quite simply add a new session. + +The sessions are defined in .desktop files in +$KDEDIR/share/apps/kdm/sessions. +You can simply add an appropriately named .desktop file in this directory. The fields +are: + +[Desktop Entry] +Encoding=UTF-8 This is fixed to and +may be omitted +Type=XSession This is fixed to and +may be omitted +Exec=executable name Passed to +eval exec in a Bourne shell +TryExec=executable name Supported +but not required +Name=name to show in the &kdm; session list + +There are also three magic: + + + +default + + +The default session for &kdm; is normally &kde; but can be configured by the +system administrator. + + + + +custom + + +The Custom session will run the users ~/.xsession if it exists. + + + + +failsafe + + +Failsafe will run a very plain session, and is useful only for debugging +purposes. + + + + + +To override a session type, copy the .desktop file from the data dir +to the config dir and edit it at will. Removing the shipped session types +can be accomplished by shadowing them with .desktop files +containing Hidden=true. For the magic session types no .desktop files exist +by default, but &kdm; pretends they would, so you can override them like any +other type. I guess you already know how to add a new session type by +now. ;-) + + + + +Using &kdm; for Remote Logins (&XDMCP;) + +&XDMCP; is the Open Group standard, the X Display Manager +Control Protocol. This is used to set up connections between +remote systems over the network. + +&XDMCP; is useful in multiuser situations where there are users +with workstations and a more powerful server that can provide the +resources to run multiple X sessions. For example, &XDMCP; is a good +way to reuse old computers - a Pentium or even 486 computer with 16 Mb +RAM is sufficient to run X itself, and using &XDMCP; such a computer can +run a full modern &kde; session from a server. For the server part, +once a single &kde; (or other environment) session is running, running +another one requires very few extra resources. + +However, allowing another method of login to your machine +obviously has security implications. You should run this service only +if you need to allow remote X Servers to start login sessions on your +system. Users with a single &UNIX; computer should not need to run +this. + + + + +Advanced Topics + + +Command Sockets + +This is a feature you can use to remote-control &kdm;. It's mostly +intended for use by &ksmserver; and &kdesktop; from a running session, but +other applications are possible as well. + +The sockets are &UNIX; domain sockets which live in subdirectories of the +directory specified by =. The subdir is the key to +addressing and security; the sockets all have the file name +socket and file permissions +rw-rw-rw- (0666). This is because some systems don't care +for the file permission of the socket files. + +There are two types of sockets: the global one (dmctl) and the +per-display ones (dmctl-<display>). + +The global one's subdir is owned by root, the subdirs of the per-display +ones' are owned by the user currently owning the session (root or the +logged in user). Group ownership of the subdirs can be set via FifoGroup=, +otherwise it is root. The file permissions of the subdirs are rwxr-x--- +(0750). + +The fields of a command are separated by tabs (\t), the +fields of a list are separated by spaces, literal spaces in list fields are +denoted by \s. + +The command is terminated by a newline (\n). + +The same applies to replies. The reply on success is +ok, possibly followed by the requested +information. The reply on error is an errno-style word (⪚ +perm, noent, &etc;) +followed by a longer explanation. + + +Global commands: + +login +(now | schedule) user password +[session_arguments] + +login user at specified display. if now is +specified, a possibly running session is killed, otherwise the login is done +after the session exits. session_arguments are printf-like escaped contents +for .dmrc. Unlisted keys will default to previously saved values. + + + + + +Per-display commands: + +lock + +The display is marked as locked. If the &X-Server; crashes in this +state, no auto-relogin will be performed even if the option is on. + + + +unlock + +Reverse the effect of lock, and re-enable +auto-relogin. + + + +suicide + +The currently running session is forcibly terminated. No auto-relogin +is attempted, but a scheduled "login" command will be executed. + + + + + +Commands for all sockets + +caps + +Returns a list of this socket's capabilities: + + + +&kdm; + +identifies &kdm;, in case some other DM implements this protocol, +too + + + +list, lock, +suicide, login + +The respective command is supported + + + +bootoptions + +The listbootoptions command and the + to shutdown are supported + + + +shutdown <list> + +shutdown is supported and allowed for the listed +users (a comma separated list.) * means all +authenticated users. + + + +nuke <list> + +Forced shutdown may be performed by the listed users. + + + +nuke + +Forced shutdown may be performed by everybody + + + +reserve <number> + +Reserve displays are configured, and number +are available at this time + + + + +list [all | +alllocal] + +Return a list of running sessions. By default all active sessions are +listed. if all is specified, passive sessions are +listed as well. If alllocal is specified, passive +sessions are listed as well, but all incoming remote sessions are +skipped. +Each session entry is a comma separated tuple of: + +Display or TTY name +VT name for local sessions +Logged in user's name, empty for passive sessions and +outgoing remote sessions (local chooser mode) +Session type or <remote> for outgoing +remote sessions, empty for passive sessions. +A Flag field: +* for the display belonging +to the requesting socket. +! for sessions that cannot be killed by the +reqeusting socket. + + + +New fields may be added in the future. + + + + +reserve [timeout in +seconds] + +Start a reserve login screen. If nobody logs in within the specified +amount of time (one minute by default), the display is removed again. When +the session on the display exits, the display is removed, too. +Permitted only on sockets of local displays and the global +socket. + + + + +activate +(vt|display) + +Switch to a particular VT (virtual terminal). The VT may be specified +either directly (⪚ vt3) or by a display using it +(eg; :2). +Permitted only on sockets of local displays and the global +socket. + + + + +listbootoptions + +List available boot options. + + + + + +shutdown (reboot | +halt) +[=bootchoice] +(ask|trynow|forcenow|schedule|start +(-1|end +(force|forcemy|cancel)))) + +Request a system shutdown, either a reboot or a halt/poweroff. +An OS choice for the next boot may be specified from the list returned +by listbootoptions +Shutdowns requested from per-display sockets are executed when the +current sessino on that display exits. Such a request may pop up a dialog +asking for confirmation and/or authentication +start is the time for which the shutdown is +scheduled. If it starts with a plus-sign, the current time is added. Zero +means immediately. +end is the latest time at which the shutdown +should be performed if active sessions are still running. If it starts with +a plus-sign, the start time is added. -1 means wait infinitely. If end is +through and active sessions are still running, &kdm; can do one of the +following: + +cancel - give up the +shutdown +force - shut down +nonetheless +forcemy - shut down nonetheless if +all active sessions belong to the requesting user. Only for per-display sockets. + +start and end are +specified in seconds since the &UNIX; epoch. +trynow is a synonym for 0 0 +cancel, forcenow for 0 0 +force and schedule for 0 +-1. +ask attempts an immediate shutdown and +interacts with the user if active sessions are still running. Only for +per-display sockets. + + + + +shutdown cancel +[local|global} + +Cancel a scheduled shutdown. The global socket always cancels the +currently pending shutdown, while per-display sockets default to cancelling +their queued request. + + + + +shutdown status + +Return a list with information about shutdowns. +The entries are a comma-separated tuples of: + + +(global|local) - +pending vs. queued shutdown. A local entry can be returned only by a +per-display socket. + +(halt|reboot) +start +end +("ask"|"force"|"forcemy"|"cancel") +Numeric user ID of the requesting user, -1 for the global +socket. +The next boot OS choice or "-" for none. + +New fields might be added later + + + + + + +There are two ways of using the sockets: + + +Connecting them directly. FifoDir is exported as +$DM_CONTROL; the name of per-display sockets can be derived +from $DISPLAY. + + +By using the kdmctl command (⪚ from within a +shell script). Try kdmctl to find out +more. + + + +Here is an example bash script reboot into FreeBSD: + +if kdmctl | grep -q shutdown; then + IFS=$'\t' + set -- `kdmctl listbootoptions` + if [ "$1" = ok ]; then + fbsd=$(echo "$2" | tr ' ' '\n' | sed -ne 's,\\s, ,g;/freebsd/I{p;q}') + if [ -n "$fbsd" ]; then + kdmctl shutdown reboot "=$fbsd" ask > /dev/null + else + echo "FreeBSD boot unavailable." + fi + else + echo "Boot options unavailable." + fi +else + echo "Cannot reboot system." +fi + + + + + + +Other sources of information + +Since &kdm; is descended from &xdm;, the &xdm; man page may provide useful background +information. For X-related problems try the man pages X and startx. If you have +questions about &kdm; that are not answered by this handbook, take advantage of +the fact the &kdm; is provided under the terms of the &GNU; +General Public License: look at the source code. + + + + + +Credits and License + +&kdm; is derived from, and includes code from, +&xdm; (C) Keith Packard, MIT X Consortium. + +&kdm; 0.1 was written by &Matthias.Ettrich;. Later versions till &kde; +2.0.x were written by &Steffen.Hansen;. Some new features for &kde; 2.1.x and +a major rewrite for &kde; 2.2.x made by &Oswald.Buddenhagen;. + +Other parts of the &kdm; code are copyright by the authors, and +licensed under the terms of the &GNU; +GPL. Anyone is allowed to change &kdm; and redistribute the result +as long as the names of the authors are mentioned. + +&kdm; requires the &Qt; library, which is copyright Troll Tech AS. + +Documentation contributors: + + +Documentation written by &Steffen.Hansen; +stefh@dit.ou.dk + +Documentation extended by Gregor +Zumsteinzumstein@ssd.ethz.ch. Last update August 9, +1998 + +Documentation revised for &kde; 2 by &Neal.Crook; &Neal.Crook.mail;. Last update August 6, 2000 + +Documentation extended and revised for &kde; 2.2 by &Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;. Last update August, +2001 + + + +Documentation copyright &Steffen.Hansen;, Gregor Zumstein, &Neal.Crook; +and &Oswald.Buddenhagen;. This document also includes large parts of the &xdm; +man page, which is © Keith Packard. + + + +&underFDL; +&underGPL; + + + + +Glossary + + +greeter +The greeter is the login dialog, &ie; the part of &kdm; +which the user sees. + + + + +entropy +The entropy of a system is the measure of its +unpredictability. This is used during the generation of random numbers. + + + + + + diff --git a/doc/kdm/kdmrc-ref.docbook b/doc/kdm/kdmrc-ref.docbook new file mode 100644 index 000000000..9ebcfbdd3 --- /dev/null +++ b/doc/kdm/kdmrc-ref.docbook @@ -0,0 +1,2316 @@ + + + +The Files &kdm; Uses for Configuration + +This chapter documents the files that control &kdm;'s behavior. +Some of this can be also controlled from the &kcontrol; module, but +not all. + + +&kdmrc; - The &kdm; master configuration file + +The basic format of the file is INI-like. +Options are key/value pairs, placed in sections. +Everything in the file is case sensitive. +Syntactic errors and unrecognized key/section identifiers cause &kdm; to +issue non-fatal error messages. + +Lines beginning with # are comments; empty lines +are ignored as well. + +Sections are denoted by +[Name of Section]. + + +You can configure every X-display individually. +Every display has a display name, which consists of a host name +(which is empty for local displays specified in +or ), a colon, and a display number. +Additionally, a display belongs to a +display class (which can be ignored in most cases). + +Sections with display-specific settings have the formal syntax +[X- host [ : number [ _ class ] ] - sub-section ] + +All sections with the same sub-section +make up a section class. + +You can use the wildcard * (match any) for +host, number, +and class. You may omit trailing components; +they are assumed to be * then. The host part may be a +domain specification like .inf.tu-dresden.de +or the wildcard + (match non-empty). + +From which section a setting is actually taken is determined by +these rules: + + + +An exact match takes precedence over a partial match (for the +host part), which in turn takes precedence over a wildcard +(+ taking precendence over *). + + + +Precedence decreases from left to right for equally exact matches. + + + + + +Example: display name myhost.foo:0, class dpy + + + +[X-myhost.foo:0_dpy] precedes + + +[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes + + +[X-myhost.foo:*_dpy] precedes + + +[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes + + +[X-.foo:*_*] (same as [X-.foo]) precedes + + +[X-+:0_dpy] precedes + + +[X-*:0_dpy] precedes + + +[X-*:0_*] (same as [X-*:0]) precedes + + +[X-*:*_*] (same as [X-*]). + + +These sections do not match this display: +[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*] + + + + + + + +Common sections are [X-*] (all displays), [X-:*] (all local displays) +and [X-:0] (the first local display). + +The format for all keys is + = value. +Keys are only valid in the section class they are defined for. +Some keys do not apply to particular displays, in which case they are ignored. + + +If a setting is not found in any matching section, the default +is used. + +Special characters need to be backslash-escaped (leading and trailing +spaces (\s), tab (\t), linefeed +(\n), carriage return (\r) and the +backslash itself (\\)). +In lists, fields are separated with commas without whitespace in between. + +Some command strings are subject to simplified sh-style word splitting: +single quotes (') and double quotes (") +have the usual meaning; the backslash quotes everything (not only special +characters). Note that the backslashes need to be doubled because of the +two levels of quoting. + +A pristine &kdmrc; is very thoroughly commented. +All comments will be lost if you change this file with the +kcontrol frontend. + + + +The [General] section of &kdmrc; + + +This section contains global options that do not fit into any specific section. + + + + + + + + +This option exists solely for the purpose of clean automatic upgrades. +Do not change it, you may interfere with future +upgrades and this could result in &kdm; failing to run. + + + + + + + + +List of displays (&X-Server;s) permanently managed by &kdm;. Displays with a +hostname are foreign displays which are expected to be already running, +the others are local displays for which &kdm; starts an own &X-Server;; +see . Each display may belong to a display class; +append it to the display name separated by an underscore. +See for the details. + +The default is :0. + + + + + + + +List of on-demand displays. See for syntax. + +Empty by default. + + + + + + + +List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the +absolute value is used, and the VT will be allocated only +if the kernel says it is free. If &kdm; exhausts this list, it will allocate +free VTs greater than the absolute value of the last entry +in this list. +Currently Linux only. + +Empty by default. + + + + + + + +This option is for operating systems (OSs) with support +for virtual terminals (VTs), by both &kdm; and the +OSs itself. +Currently this applies only to Linux. + +When &kdm; switches to console mode, it starts monitoring all +TTY lines listed here (without the leading +/dev/). +If none of them is active for some time, &kdm; switches back to the X login. + +Empty by default. + + + + + + + +The filename specified will be created to contain an ASCII representation +of the process ID of the main &kdm; process; the PID will not be stored +if the filename is empty. + +Empty by default. + + + + + + + +This option controls whether &kdm; uses file locking to keep multiple +display managers from running onto each other. + +The default is true. + + + + + + + +This names a directory under which &kdm; stores &X-Server; authorization +files while initializing the session. &kdm; expects the system to clean up +this directory from stale files on reboot. + +The authorization file to be used for a particular display can be +specified with the option in [X-*-Core]. + +The default is /var/run/xauth. + + + + + + + +This boolean controls whether &kdm; automatically re-reads its +configuration files if it finds them to have changed. + +The default is true. + + + + + + + +Additional environment variables &kdm; should pass on to all programs it runs. +LD_LIBRARY_PATH and XCURSOR_THEME are good candidates; +otherwise, it should not be necessary very often. + +Empty by default. + + + + + + + +If the system has no native entropy source like /dev/urandom (see +) and no entropy daemon like EGD (see + and ) is running, +&kdm; will fall back to its own pseudo-random number generator +that will, among other things, successively checksum parts of this file +(which, obviously, should change frequently). + +This option does not exist on Linux and various BSDs. + +The default is /dev/mem. + + + + + + + +If the system has no native entropy source like /dev/urandom (see +), read random data from a Pseudo-Random +Number Generator Daemon, +like EGD (http://egd.sourceforge.net) via this UNIX domain socket. + +This option does not exist on Linux and various BSDs. + +Empty by default. + + + + + + + +Same as , only use a TCP socket on localhost. + + + + + + + + +The path to a character device which &kdm; should read random data from. +Empty means to use the system's preferred entropy device if there is one. + +This option does not exist on OpenBSD, as it uses the arc4_random +function instead. + +Empty by default. + + + + + + + +The directory in which the command FiFos should +be created; make it empty to disable them. + +The default is /var/run/xdmctl. + + + + + + + +The group to which the global command FiFo should belong; +can be either a name or a numerical ID. + + + + + + + + +The directory in which &kdm; should store persistent working data; such data +is, for example, the previous user that logged in on a particular display. + +The default is /var/lib/kdm. + + + + + + + +The directory in which &kdm; should store users' .dmrc files. This is only +needed if the home directories are not readable before actually logging in +(like with AFS). + +Empty by default. + + + + + + + + +The [Xdmcp] section of &kdmrc; + + +This section contains options that control &kdm;'s handling of +&XDMCP; requests. + + + + + + + + +Whether &kdm; should listen to incoming &XDMCP; requests. + +The default is true. + + + + + + + +This indicates the UDP port number which &kdm; uses to listen for incoming +&XDMCP; requests. Unless you need to debug the system, leave this with its +default value. + +The default is 177. + + + + + + + +XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private +key to be shared between &kdm; and the terminal. This option specifies +the file containing those values. Each entry in the file consists of a +display name and the shared key. + +Empty by default. + + + + + + + +To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP; +IndirectQuery requests, this file contains a database of hostnames which +are either allowed direct access to this machine, or have a list of hosts +to which queries should be forwarded to. The format of this file is +described in . + +The default is ${kde_confdir}/kdm/Xaccess. + + + + + + + +Number of seconds to wait for the display to respond after the user has +selected a host from the chooser. If the display sends an &XDMCP; +IndirectQuery within this time, the request is forwarded to the chosen +host; otherwise, it is assumed to be from a new session and the chooser +is offered again. + +The default is 15. + + + + + + + +When computing the display name for &XDMCP; clients, the name resolver will +typically create a fully qualified host name for the terminal. As this is +sometimes confusing, &kdm; will remove the domain name portion of the host +name if it is the same as the domain name of the local host when this option +is enabled. + +The default is true. + + + + + + + +Use the numeric IP address of the incoming connection on multihomed hosts +instead of the host name. This is to avoid trying to connect on the wrong +interface which might be down at this time. + +The default is false. + + + + + + + +This specifies a program which is run (as +root) when an &XDMCP; +DirectQuery or BroadcastQuery is received and this host is configured +to offer &XDMCP; display management. The output of this program may be +displayed in a chooser window. If no program is specified, the string +Willing to manage is sent. + +Empty by default. + + + + + + + + +The [Shutdown] section of &kdmrc; + + +This section contains global options concerning system shutdown. + + + + + + + + +The command (subject to word splitting) to run to halt/poweroff the system. + +The default is something reasonable for the system on which &kdm; was built, like +/sbin/shutdown  now. + + + + + + + + +The command (subject to word splitting) to run to reboot the system. + +The default is something reasonable for the system &kdm; on which was built, like +/sbin/shutdown  now. + + + + + + + + +Whether it is allowed to shut down the system via the global command FiFo. + +The default is false. + + + + + + + +Whether it is allowed to abort active sessions when shutting down the +system via the global command FiFo. + +This will have no effect unless is enabled. + +The default is true. + + + + + + + +The boot manager &kdm; should use for offering boot options in the +shutdown dialog. + + + +None +no boot manager + + +Grub +Grub boot manager + + +Lilo +Lilo boot manager (Linux on i386 & x86-64 only) + + +The default is None. + + + + + + + + +The [X-*-Core] section class of &kdmrc; + + +This section class contains options concerning the configuration +of the &kdm; backend (core). + + + + + + + + +See . + +The default is 15. + + + + + + + +See . + +The default is 120. + + + + + + + +These options control the behavior of &kdm; when attempting to open a +connection to an &X-Server;. is the length +of the pause (in seconds) between successive attempts, + is the number of attempts to make and + is the amount of time to spend on a +connection attempt. After attempts have been +made, or if seconds elapse in any particular +connection attempt, the start attempt is considered failed. + +The default is 5. + + + + + + + +How many times &kdm; should attempt to start a foreign +display listed in before giving up +and disabling it. +Local displays are attempted only once, and &XDMCP; displays are retried +indefinitely by the client (unless the option +was given to the &X-Server;). + +The default is 4. + + + + + + + +How many times &kdm; should attempt to start up a local &X-Server;. +Starting up includes executing it and waiting for it to come up. + +The default is 1. + + + + + + + +How many seconds &kdm; should wait for a local &X-Server; to come up. + +The default is 15. + + + + + + + +The command line to start the &X-Server;, without display number and VT spec. +This string is subject to word splitting. + +The default is something reasonable for the system on which &kdm; was built, +like /usr/X11R6/bin/X. + + + + + + + + +Additional arguments for the &X-Server;s for local sessions. +This string is subject to word splitting. + +Empty by default. + + + + + + + +Additional arguments for the &X-Server;s for remote sessions. +This string is subject to word splitting. + +Empty by default. + + + + + + + +The VT the &X-Server; should run on. + should be used instead of this option. +Leave it zero to let &kdm; assign a VT automatically. +Set it to -1 to avoid assigning a VT +alltogether - this is required for setups with multiple physical consoles. +Currently Linux only. + + + + + + + + +This option is for OSs without support for +VTs, either by &kdm; or the OS itself. +Currently this applies to all OSs but Linux. + +When &kdm; switches to console mode, it starts monitoring this +TTY line (specified without the leading +/dev/) for activity. If the line is not used for some time, +&kdm; switches back to the X login. + +Empty by default. + + + + + + + +See . + +The default is 5. + + + + + + + +To discover when remote displays disappear, &kdm; +regularly pings them. + specifies the time (in minutes) between the +pings and specifies the maximum amount of +time (in minutes) to wait for the terminal to respond to the request. If +the terminal does not respond, the session is declared dead and terminated. + +If you frequently use X terminals which can become isolated from +the managing host, you may wish to increase the timeout. The only worry +is that sessions will continue to exist after the terminal has been +accidentally disabled. + +The default is 5. + + + + + + + +Whether &kdm; should restart the local &X-Server; after session exit instead +of resetting it. Use this if the &X-Server; leaks memory or crashes the system +on reset attempts. + +The default is false. + + + + + + + +The signal number to use to reset the local &X-Server;. + +The default is 1 (SIGHUP). + + + + + + + +The signal number to use to terminate the local &X-Server;. + +The default is 15 (SIGTERM). + + + + + + + +Controls whether &kdm; generates and uses authorization for +local &X-Server; connections. +For &XDMCP; displays the authorization requested by the display is used; +foreign non-&XDMCP; displays do not support authorization at all. + +The default is true. + + + + + + + +If is true, use the authorization mechanisms +listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available; +XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well, +depending on the build configuration. + +The default is DEF_AUTH_NAME. + + + + + + + +Some old &X-Server;s re-read the authorization file +at &X-Server; reset time, instead of when checking the initial connection. +As &kdm; generates the authorization information just before connecting to +the display, an old &X-Server; would not get up-to-date authorization +information. This option causes &kdm; to send SIGHUP to the &X-Server; +after setting up the file, causing an additional &X-Server; reset to occur, +during which time the new authorization information will be read. + +The default is false. + + + + + + + +This file is used to communicate the authorization data from &kdm; to +the &X-Server;, using the &X-Server; command line +option. It should be kept in a directory which is not world-writable +as it could easily be removed, disabling the authorization mechanism in +the &X-Server;. If not specified, a random name is generated from + and the name of the display. + +Empty by default. + + + + + + + +This option specifies the name of the file to be loaded by +xrdb as the resource database onto the root window +of screen 0 of the display. KDE programs generally do not use +X-resources, so this option is only needed if the +program needs some X-resources. + +Empty by default. + + + + + + + +The xrdb program to use to read the X-resources file +specified in . +The command is subject to word splitting. + +The default is ${x_bindir}/xrdb. + + + + + + + +This string is subject to word splitting. +It specifies a program which is run (as +root) before offering the +greeter window. This may be used to change the appearance of the screen +around the greeter window or to put up other windows (e.g., you may want +to run xconsole here). +The conventional name for a program used here is Xsetup. +See . + +Empty by default. + + + + + + + +This string is subject to word splitting. +It specifies a program which is run (as +root) after the user +authentication process succeeds. +The conventional name for a program used here is Xstartup. +See . + +Empty by default. + + + + + + + +This string is subject to word splitting. +It specifies a program which is run (as +root) after the session +terminates. +The conventional name for a program used here is Xreset. +See . + +Empty by default. + + + + + + + +This string is subject to word splitting. +It specifies the session program to be executed (as the user owning +the session). +The conventional name for a program used here is Xsession. +See . + +The default is ${x_bindir}/xterm -ls -T. + + + + + + + +If the program fails to execute, &kdm; will +fall back to this program. This program is executed with no arguments, +but executes using the same environment variables as the session would +have had (see ). + +The default is ${x_bindir}/xterm. + + + + + + + +The PATH environment variable for +non-root s. + +The default depends on the system &kdm; was built on. + + + + + + + + +The PATH environment variable for all programs but +non-root +s. Note that it is good practice not to include +. (the current directory) into this entry. + +The default depends on the system &kdm; was built on. + + + + + + + + +The SHELL environment variable for all programs but the +. + +The default is /bin/sh. + + + + + + + +When &kdm; is unable to write to the usual user authorization file +($HOME/.Xauthority), it creates a unique file name in this +directory and points the environment variable XAUTHORITY +at the created file. + +The default is /tmp. + + + + + + + +If enabled, &kdm; will automatically restart a session after an &X-Server; +crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this +feature opens a security hole: a secured display lock can be circumvented +(unless &kde;'s built-in screen locker is used). + +The default is false. + + + + + + + +If disabled, do not allow root +(and any other user with UID = 0) to log in directly. + +The default is true. + + + + + + + +If disabled, only users that have passwords assigned can log in. + +The default is true. + + + + + + + +Who is allowed to shut down the system. This applies both to the +greeter and to the command FiFo. + + + +None +no Shutdown... menu entry is shown at all + + +Root +the root password must be entered to shut down + + +All +everybody can shut down the machine + + +The default is All. + + + + + + + +Who is allowed to abort active sessions when shutting down. + + + +None +no forced shutdown is allowed at all + + +Root +the root password must be entered to shut down forcibly + + +All +everybody can shut down the machine forcibly + + +The default is All. + + + + + + + +The default choice for the shutdown condition/timing. + + + +Schedule +shut down after all active sessions exit (possibly at once) + + +TryNow +shut down, if no active sessions are open; otherwise, do nothing + + +ForceNow +shut down unconditionally + + +The default is Schedule. + + + + + + + +How to offer shutdown scheduling options: + + + +Never +not at all + + +Optional +as a button in the simple shutdown dialogs + + +Always +instead of the simple shutdown dialogs + + +The default is Never. + + + + + + + +Enable password-less logins on this display. Use with extreme care! + +The default is false. + + + + + + + +The users that do not need to provide a password to log in. +Items which are prefixed with @ represent all users in the +user group named by that item. +* means all users but +root +(and any other user with UID = 0). +Never list root. + +Empty by default. + + + + + + + +Enable automatic login. Use with extreme care! + +The default is false. + + + + + + + +If true, auto-login after logout. If false, auto-login is performed only +when a display session starts up. + +The default is false. + + + + + + + +The delay in seconds before automatic login kicks in. This is also known as +Timed Login. + + + + + + + + +The user to log in automatically. Never specify root! + +Empty by default. + + + + + + + +The password for the user to log in automatically. This is not required +unless the user is logged into a NIS or Kerberos domain. If you use this +option, you should chmod  kdmrc for obvious reasons. + +Empty by default. + + + + + + + +Immediately lock the automatically started session. This works only with +KDE sessions. + +The default is false. + + + + + + + +A list of directories containing session type definitions. + +The default is ${kde_datadir}/kdm/sessions. + + + + + + + +The file (relative to the user's home directory) to redirect the session +output to. One occurrence of %s in this string will be +substituted with the display name. Use %% to obtain a +literal %. + +The default is .xsession-errors. + + + + + + + +Specify whether &kdm;'s built-in utmp/wtmp/lastlog registration should +be used. If it is not, the tool sessreg should be used +in the and scripts, or, +alternatively, the pam_lastlog module should be used on +PAM-enabled systems. + +The default is true. + + + + + + + + +The [X-*-Greeter] section class of &kdmrc; + + +This section class contains options concerning the configuration +of the &kdm; frontend (greeter). + + + + + + + + +Specify the widget style for the greeter. Empty means to use the +built-in default which currently is Plastik. + +Empty by default. + + + + + + + +Specify the widget color scheme for the greeter. Empty means to use +the built-in default which currently is yellowish grey with some light +blue and yellow elements. + +Empty by default. + + + + + + + +What should be shown in the greeter righthand of the input lines (if + is disabled) or above them (if + is enabled): + + + +None +nothing + + +Logo +the image specified by + + +Clock +a neat analog clock + + +The default is Clock. + + + + + + + +The image to show in the greeter if is +Logo. + +Empty by default. + + + + + + + +The relative coordinates (percentages of the screen size; X,Y) at which +the center of the greeter is put. &kdm; aligns the greeter to the edges +of the screen it would cross otherwise. + +The default is 50,50. + + + + + + + +The screen the greeter should be displayed on in multi-headed and Xinerama +setups. The numbering starts with 0. For Xinerama, it corresponds to the +listing order in the active ServerLayout section of XF86Config; -1 means +to use the upper-left screen, -2 means to use the upper-right screen. + + + + + + + + +The headline in the greeter. An empty greeting means none at all. + +The following character pairs are replaced by their value: + + +%d +name of the current display + + +%h +local host name, possibly with the + domain name + + +%n +local node name, most probably the host name without the + domain name + + +%s +operating system + + +%r +operating system version + + +%m +machine (hardware) type + + +%% +a single % + + + +The default is Welcome to %s at %n. + + + + + + + +Whether the fonts used in the greeter should be antialiased. + +The default is false. + + + + + + + +The font for the greeter headline. + +The default is Serif,20,bold. + + + + + + + +The normal font used in the greeter. + +The default is Sans Serif,10. + + + + + + + +The font used for the Login Failed message. + +The default is Sans Serif,10,bold. + + + + + + + +What to do with the Num Lock modifier for the time the greeter is running: + + + +Off +turn off + + +On +turn on + + +Keep +do not change the state + + +The default is Keep. + + + + + + + +Language and locale to use in the greeter, encoded like $LC_LANG. + +The default is en_US. + + + + + + + +Enable autocompletion in the username line edit. + +The default is false. + + + + + + + +Show a user list with unix login names, real names, and images in the greeter. + +The default is true. + + + + + + + +This option controls which users will be shown in the user view +() and/or offered for autocompletion +(). +If it is Selected, contains +the final list of users. +If it is NotHidden, the initial user list contains all users +found on the system. Users contained in are +removed from the list, just like all users with a UID greater than specified +in and users with a non-zero UID less than +specified in . +Items in and +which are prefixed with @ represent all users in the +user group named by that item. +Finally, the user list will be sorted alphabetically, if + is enabled. + +The default is NotHidden. + + + + + + + +See . + +Empty by default. + + + + + + + +See . + +Empty by default. + + + + + + + +See . + + + + + + + + +See . + +The default is 65535. + + + + + + + +See . + +The default is true. + + + + + + + +If is enabled, this specifies where &kdm; gets the +images from: + + + +AdminOnly +from <>/$USER.face[.icon] + + +PreferAdmin +prefer <>, fallback on $HOME + + +PreferUser +... and the other way round + + +UserOnly +from the user's $HOME/.face[.icon] + + + + +The images can be in any format Qt recognizes, but the filename +must match &kdm;'s expectations: .face.icon should be a +48x48 icon, while .face should be a 300x300 image. +Currently the big image is used only as a fallback and is scaled down, +but in the future it might be displayed full-size in the logo area or a +tooltip. + +The default is AdminOnly. + + + + + + + +See . + +The default is ${kde_datadir}/kdm/faces. + + + + + + + +Specify, if/which user should be preselected for log in: + + + +None +do not preselect any user + + +Previous +the user which successfully logged in last time + + +Default +the user specified in the option + + + + +If is enabled and a user was preselected, +the cursor is placed in the password input field automatically. + +Enabling user preselection can be considered a security hole, +as it presents a valid login name to a potential attacker, so he +only needs to guess the password. On the other hand, +one could set to a fake login name. + + +The default is None. + + + + + + + +See . + +Empty by default. + + + + + + + +See . + +The default is false. + + + + + + + +The password input fields cloak the typed in text. Specify, how to do it: + + + +OneStar +* is shown for every typed +character + + +ThreeStars +*** is shown for every typed +character + + +NoEcho +nothing is shown at all, the cursor does not move + + +The default is OneStar. + + + + + + + +If enabled, &kdm; will automatically start the krootimage +program to set up the background; otherwise, the +program is responsible for the background. + +The default is true. + + + + + + + +The configuration file to be used by krootimage. +It contains a section named [Desktop0] like +kdesktoprc does. Its options are not described +herein; guess their meanings or use the control center. + +The default is ${kde_confdir}/kdm/backgroundrc. + + + + + + + +To improve security, the greeter grabs the &X-Server; and then the keyboard +when it starts up. This option specifies if the &X-Server; grab should be held +for the duration of the name/password reading. When disabled, the &X-Server; +is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is +grabbed until just before the session begins. + +Enabling this option disables and +. + + +The default is false. + + + + + + + +This option specifies the maximum time &kdm; will wait for the grabs to +succeed. A grab may fail if some other X-client has the &X-Server; or the +keyboard grabbed, or possibly if the network latencies are very high. You +should be cautious when raising the timeout, as a user can be spoofed by +a look-alike window on the display. If a grab fails, &kdm; kills and +restarts the &X-Server; (if possible) and the session. + +The default is 3. + + + + + + + +Warn, if a display has no X-authorization. This will be the case if + + + the authorization file for a local &X-Server; could not be created, + + + a remote display from &XDMCP; did not request any authorization or + + + the display is a foreign display specified in + . + + + +The default is true. + + + + + + + +Specify whether the greeter of local displays should start up in host chooser +(remote) or login (local) mode and whether it is allowed to switch to the +other mode. + + + +LocalOnly +only local login possible + + +DefaultLocal +start up in local mode, but allow switching to remote mode + + +DefaultRemote +... and the other way round + + +RemoteOnly +only choice of remote host possible + + +The default is LocalOnly. + + + + + + + +A list of hosts to be automatically added to the remote login menu. +The special name * means broadcast. +Has no effect if is LocalOnly. + +The default is *. + + + + + + + +Use this number as a random seed when forging saved session types, etc. of +unknown users. This is used to avoid telling an attacker about existing users +by reverse conclusion. This value should be random but constant across the +login domain. + + + + + + + + +Enable &kdm;'s built-in xconsole. +Note that this can be enabled for only one display at a time. +This option is available only if &kdm; was configured +with . + +The default is false. + + + + + + + +The data source for &kdm;'s built-in xconsole. +If empty, a console log redirection is requested from +/dev/console. +Has no effect if is disabled. + +Empty by default. + + + + + + + +Specify conversation plugins for the login dialog; the first in the list +is selected initially. +Each plugin can be specified as a base name (which expands to +$kde_modulesdir/kgreet_base) +or as a full pathname. + +Conversation plugins are modules for the greeter which obtain authentication +data from the user. Currently only the classic plugin is +shipped with &kde;; it presents the well-known username and password form. + +The default is classic. + + + + + + + +Same as , but for the shutdown dialog. + +The default is classic. + + + + + + + +A list of options of the form +Key=Value. +The conversation plugins can query these settings; it is up to them what +possible keys are. + +Empty by default. + + + + + + + +Show the Console Login action in the greeter (if / +is configured). + +The default is true. + + + + + + + +Show the Restart X Server/Close Connection action in the greeter. + +The default is true. + + + + + + + +A program to run while the greeter is visible. It is supposed to preload +as much as possible of the session that is going to be started (most +probably). + +Empty by default. + + + + + + + +Whether the greeter should be themed. + +The default is false. + + + + + + + +The theme to use for the greeter. Can point to either a directory or an XML +file. + +Empty by default. + + + + + + + + + + + +Specifying permanent &X-Server;s + +Each entry in the list indicates a +display which should constantly be +managed and which is not using &XDMCP;. This method is typically used only for +local &X-Server;s that are started by &kdm;, but &kdm; can manage externally +started (foreign) &X-Server;s as well, may they run on the +local machine or rather remotely. + +The formal syntax of a specification is + +display name [_display class] + +for all &X-Server;s. Foreign displays differ in having +a host name in the display name, may it be localhost. + +The display name must be something that can +be passed in the option to an X program. This string +is used to generate the display-specific section names, so be careful to match +the names. +The display name of &XDMCP; displays is derived from the display's address by +reverse host name resolution. For configuration purposes, the +localhost prefix from locally running &XDMCP; displays is +not stripped to make them distinguishable from local +&X-Server;s started by &kdm;. + +The display class portion is also used in the +display-specific sections. This is useful if you have a large collection of +similar displays (such as a corral of X terminals) and would like to set +options for groups of them. +When using &XDMCP;, the display is required to specify the display class, +so the manual for your particular X terminal should document the display +class string for your device. If it does not, you can run &kdm; in debug +mode and grep the log for class. + +The displays specified in will not be +started when &kdm; starts up, but when it is explicitly requested via +the command socket (or FiFo). +If reserve displays are specified, the &kde; menu will have a +Start New Session item near the bottom; use that to +activate a reserve display with a new login session. The monitor will switch +to the new display, and you will have a minute to login. If there are no more +reserve displays available, the menu item will be disabled. + +When &kdm; starts a session, it sets up authorization data for the +&X-Server;. For local servers, &kdm; passes + filename +on the &X-Server;'s command line to point it at its authorization data. +For &XDMCP; displays, &kdm; passes the authorization data to the &X-Server; +via the Accept &XDMCP; message. + + + + +&XDMCP; access control + +The file specified by the option provides +information which &kdm; uses to control access from displays requesting service +via &XDMCP;. +The file contains four types of entries: entries which control the response +to Direct and Broadcast queries, entries which +control the response to Indirect queries, macro definitions for +Indirect entries, and entries which control on which network +interfaces &kdm; listens for &XDMCP; queries. +Blank lines are ignored, # is treated as a comment +delimiter causing the rest of that line to be ignored, and \ +causes an immediately following newline to be ignored, allowing indirect host +lists to span multiple lines. + + +The format of the Direct entries is simple, either a +host name or a pattern, which is compared against the host name of the display +device. +Patterns are distinguished from host names by the inclusion of one or more +meta characters; * matches any sequence of 0 or more +characters, and ? matches any single character. +If the entry is a host name, all comparisons are done using network addresses, +so any name which converts to the correct network address may be used. Note +that only the first network address returned for a host name is used. +For patterns, only canonical host names are used in the comparison, so ensure +that you do not attempt to match aliases. +Host names from &XDMCP; queries always contain the local domain name +even if the reverse lookup returns a short name, so you can use +patterns for the local domain. +Preceding the entry with a ! character causes hosts which +match that entry to be excluded. +To only respond to Direct queries for a host or pattern, +it can be followed by the optional NOBROADCAST keyword. +This can be used to prevent a &kdm; server from appearing on menus based on +Broadcast queries. + +An Indirect entry also contains a host name or pattern, +but follows it with a list of host names or macros to which the queries +should be forwarded. Indirect entries can be excluding as well, +in which case a (valid) dummy host name must be supplied to make the entry +distinguishable from a Direct entry. +If compiled with IPv6 support, multicast address groups may also be included +in the list of addresses the queries are forwarded to. + +If the indirect host list contains the keyword CHOOSER, +Indirect queries are not forwarded, but instead a host chooser +dialog is displayed by &kdm;. The chooser will send a Direct +query to each of the remaining host names in the list and offer a menu of +all the hosts that respond. The host list may contain the keyword +BROADCAST, to make the chooser send a +Broadcast query as well; note that on some operating systems, +UDP packets cannot be broadcast, so this feature will not work. + + +When checking access for a particular display host, each entry is scanned +in turn and the first matching entry determines the response. +Direct and Broadcast entries are ignored when +scanning for an Indirect entry and vice-versa. + +A macro definition contains a macro name and a list of host names and +other macros that the macro expands to. To distinguish macros from hostnames, +macro names start with a % character. + +The last entry type is the LISTEN directive. +The formal syntax is + + LISTEN [interface [multicast list]] + +If one or more LISTEN lines are specified, &kdm; listens +for &XDMCP; requests only on the specified interfaces. +interface may be a hostname or IP address +representing a network interface on this machine, or the wildcard +* to represent all available network interfaces. +If multicast group addresses are listed on a LISTEN line, +&kdm; joins the multicast groups on the given interface. For IPv6 multicasts, +the IANA has assigned ff0X:0:0:0:0:0:0:12b as the +permanently assigned range of multicast addresses for &XDMCP;. The +X in the prefix may be replaced by any valid scope +identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and +so on (see IETF RFC 2373 or its replacement for further details and scope +definitions). &kdm; defaults to listening on the Link-Local scope address +ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior. +If no LISTEN lines are given, &kdm; listens on all +interfaces and joins the default &XDMCP; IPv6 multicast group (when +compiled with IPv6 support). +To disable listening for &XDMCP; requests altogether, a +LISTEN line with no addresses may be specified, but using +the [Xdmcp] option is preferred. + + + + + +Supplementary programs + + +The following programs are run by &kdm; at various stages of a session. +They typically are shell scripts. + + + +The Setup, Startup and Reset programs are run as +root, so they should be careful +about security. +Their first argument is auto if the session results +from an automatic login; otherwise, no arguments are passed to them. + + + +Setup program + + +The Xsetup program is run after the &X-Server; is +started or reset, but before the greeter is offered. +This is the place to change the root background (if + is disabled) or bring up other windows that +should appear on the screen along with the greeter. + + + +In addition to any specified by , +the following environment variables are passed: + + + DISPLAY + the associated display name + + + PATH + the value of + + + SHELL + the value of + + + XAUTHORITY + may be set to an authority file + + + DM_CONTROL + the value of + + + + Note that since &kdm; grabs the keyboard, any other windows will not be +able to receive keyboard input. They will be able to interact with the mouse, +however; beware of potential security holes here. If +is set, Xsetup will not be able to connect to the display +at all. Resources for this program can be put into the file named by +. + + + + + +Startup program + +The Xstartup program is run as +root when the user logs in. +This is the place to put commands which add entries to +utmp (the sessreg program +may be useful here), mount users' home directories from file servers, +or abort the session if some requirements are not met (but note that on +modern systems, many of these tasks are already taken care of by +PAM modules). + +In addition to any specified by , +the following environment variables are passed: + + + DISPLAY + the associated display name + + + HOME + the initial working directory of the user + + + LOGNAME + the username + + + USER + the username + + + PATH + the value of + + + SHELL + the value of + + + XAUTHORITY + may be set to an authority file + + + DM_CONTROL + the value of + + + +&kdm; waits until this program exits before starting the user session. +If the exit value of this program is non-zero, &kdm; discontinues the session +and starts another authentication cycle. + + + + +Session program + +The Xsession program is the command which is run +as the user's session. It is run with the permissions of the authorized user. +One of the keywords failsafe, default +or custom, or a string to eval by a +Bourne-compatible shell is passed as the first argument. + +In addition to any specified by , +the following environment variables are passed: + + + DISPLAY + the associated display name + + + HOME + the initial working directory of the user + + + LOGNAME + the username + + + USER + the username + + + PATH + the value of + (or for + root user sessions) + + + + SHELL + the user's default shell + + + XAUTHORITY + may be set to a non-standard authority file + + + KRBTKFILE + may be set to a Kerberos4 credentials cache name + + + + KRB5CCNAME + may be set to a Kerberos5 credentials cache name + + + + DM_CONTROL + the value of + + + XDM_MANAGED + will contain a comma-separated list of parameters the + session might find interesting, like the location of the command + FiFo and its capabilities, and which conversation + plugin was used for the login + + + + DESKTOP_SESSION + the name of the session the user has chosen to run + + + + + + + +Reset program + +Symmetrical with Xstartup, the +Xreset program is run after the user session has +terminated. Run as root, it should +contain commands that undo the effects of commands in +Xstartup, removing entries from utmp +or unmounting directories from file servers. + +The environment variables that were passed to +Xstartup are also passed to Xreset. + + + + + + + -- cgit v1.2.1