/usr/man/cat.1/dtlogin.1(/usr/man/cat.1/dtlogin.1)
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
NAME
dtlogin - TED login service
SYNOPSIS
dtlogin [ -config configuration_file ] [ -daemon ] [ -debug
debug_level ] [ -error error_log_file ]
[ -nodaemon ] [ -resources resource_file ] [ -server
server_entry ] [ -session session_program ]
DESCRIPTION
Key Supported Tasks
The dtlogin client supports the following key tasks:
- Launch of dtgreet login screen for explicitly
managed local and remote displays and XDMCP managed
remote displays.
- Access to traditional terminal (character) login
from GUI login screen.
- System dependent user authentication and login.
- Launching the selected session.
The dtlogin client provides services similar to those pro-
vided by init(1M), getty(1M) and login(1) on character ter-
minals: prompting for login and password, authenticating the
user, and running a ``session.''
A ``session'' is defined by the lifetime of a particular
process; in the traditional character-based terminal world,
it is the user's login shell process. In the DT context, it
is the DT Session Manager.
If the DT Session Manager is not used, the typical substi-
tute is either a window manager with an exit option, or a
terminal emulator running a shell, where the lifetime of the
terminal emulator is the lifetime of the shell process that
it is running; thus reducing the X session to an emulation
of the character-based terminal session.
When the session is terminated, dtlogin resets the X server
and (optionally) restarts the whole process.
The dtlogin client supports management of remote displays
using the X Display Manager Control Protocol, Version 1.0.
(XDMCP).
When dtlogin receives an Indirect query via XDMCP, it can
run a chooser process to perform an XDMCP BroadcastQuery (or
an XDMCP Query to specified hosts) on behalf of the display
and offer a menu of possible hosts that offer XDMCP display
Unix System LaboratoLast change: 1 August 1995 1
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
management. This feature is useful with X terminals that do
not offer a host menu themselves.
Because dtlogin provides the first interface that users see,
it is designed to be simple to use and easy to customize to
the needs of a particular site.
Login Window
The Login window allows the user to enter a user ID and
password, select a startup session and select a startup
locale. User may also reset the X server or temporarily
suspend the X server to access the character login prompt.
Contents of Login window:
login field Entry field to enter user ID.
password field Entry field to enter user password (no-echo).
OK Authenticate user and launches session.
Clear Clear login and password field.
Options Display menu for session, locale, reset and
no-windows.
Help Display help message.
Login Window - Options Menu
Allows user to select locale name and login session type.
Also allows user to restart the X server or switch to a
character login prompt (for local displays).
Contents of Options Menu:
Languages Show Languages menu.
No-windows Display character login prompt (local
displays only).
Reload Login Restart X Server and return to login screen.
Resources Resources to be used
Sessions Show Sessions menu.
Login Window - Sessions Menu
Allows user to select which session type should be started
upon login.
Contents of Sessions Menu:
Unix System LaboratoLast change: 1 August 1995 2
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
DT Session Start a regular desktop session (Xsession)
Fail-safe Session
Start a fail-safe session (Xfailsafe)
Login Window - Languages Menu
Selecting the language from the login screen Options menu
immediately localizes the login screen and sets LANG for the
next session. Login screen localization and LANG return to
the default value upon conclusion of the session. The con-
tents of this menu can vary depending upon the locales
installed on the system and can be overridden by using the
languageList resource. The default locale of C can be over-
ridden using the language resource.
The system or languageList locales specified are displayed
as menu items in the Languages menu. Alternate text to be
displayed may be specified for a given locale name by using
the languageName resource.
Controlling The Server
The dtlogin client controls local servers using POSIX sig-
nals. SIGHUP is expected to reset the server, closing all
client connections and performing other clean up duties.
SIGTERM is expected to terminate the server. If these sig-
nals do not perform the expected actions, the resources
resetSignal and termSignal can specify alternate signals.
To control remote servers not using XDMCP, dtlogin searches
the window hierarchy on the display and uses the KillClient
X protocol request in an attempt to clean up the terminal
for the next session. This may not actually kill all of the
clients, since only those that have created windows are
noticed. XDMCP provides a more sure mechanism; when dtlogin
closes its initial connection, the session is over and the
terminal is required to close all other connections.
Controlling Dtlogin
The dtlogin client responds to two signals: SIGHUP and
SIGTERM. When sent a SIGHUP, dtlogin rereads the configura-
tion file and the file specified by the servers resource and
determines whether entries have been added or removed. If a
new entry has been added, dtlogin starts a session on the
associated display. Entries that have been removed are dis-
abled immediately, meaning that any session in progress is
terminated without notice, and no new session is started.
When sent a SIGTERM, dtlogin terminates all sessions in pro-
gress and exits. This can be used when shutting down the
system.
Unix System LaboratoLast change: 1 August 1995 3
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
Internationalization
All labels and messages are localizable. The message catalog
dtlogin.cat contains the localized representations of the
default labels and messages. The dtlogin client reads the
appropriate message catalog indicated by the LANG environ-
ment variable and displays the localized strings. An option
on the authentication screen allows the user to override the
default language for the subsequent session. If the authen-
tication screen has been localized for the selected
language, it is redisplayed in that language; otherwise, it
is displayed in the default language. In either case, the
LANG environment variable is set appropriately for the
resulting session.
The resource language is available in the dtlogin configura-
tion file to change the default language for a display. The
resource languageList is available in the dtlogin configura-
tion file to override the default set of languages displayed
on the authentication screen. The resource languageName is
available to provide a mapping from locale names to the text
displayed on the Language menu.
Authentication And Auditing
The dtlogin client performs traditional local UNIX login and
auditing. Additional authentication or auditing function
such as Kerberos or B1 may be added by individual vendors.
X Server Security
The X server provides both user-based and host-based access
control.
By default, dtlogin uses user-based access control to the X
server (MIT-MAGIC-COOKIE-1). This level of security allows
access control on a per-user basis. It is based on a scheme
where if a client passes authorization data which is the
same as the server has, it is allowed access. When a user
logs in, this authorization data is by default stored and
protected in the $HOME/.Xauthority file.
However, using host-based access control mechanisms may be
preferable in environments with unsecure networks as user-
based access control allows any host to connect, given that
it has discovered the private key. Another drawback to
user-based access control is that R2 or R3 clients will be
unable to connect to the server.
The authorize resource controls whether user-based or host-
based access control is used by dtlogin. See also the
Xserver, Xsecurity, xhost, and xauth man pages for more
information.
Unix System LaboratoLast change: 1 August 1995 4
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
OPTIONS
All options, except -config, specify values that can also be
specified in the configuration file as resources. Typically,
customization is done via the configuration file rather than
command line options. The options are most useful for debug-
ging and one-shot tests.
-config configuration_file
Specifies a resource file that specifies the remain-
ing configuration parameters. This replaces the
dtlogin default Xconfig file. See the Xconfig sec-
tion for more information.
-daemon Specifies ``true'' as the value for the daemonMode
resource. This makes dtlogin close all file descrip-
tors, disassociate the controlling terminal and put
itself in the background when it first starts up
(just like the host of other daemons).
-debug debug_level
Specifies the numeric value for the debugLevel
resource. A non-zero value causes dtlogin to print
debugging statements to the terminal; it also dis-
ables the daemonMode resource, forcing dtlogin to
run synchronously.
-error error_log_file
Specifies the value for the errorLogFile resource.
See the Xerrors section for more information.
-nodaemon
Specifies ``false'' as the value for the resource.
-resources resource_file
Specifies the value for the resources resource. See
the Xresources section for more information.
-server server_entry
Specifies the value for the servers resource. See
the Xservers section for more information.
-udpPort port_number
Specifies the value for the requestPort resource.
This sets the port-number that dtlogin monitors for
XDMCP requests. Since XDMCP uses the registered
well-known udp port 177, this resource should prob-
ably not be changed except for debugging.
-session session_program
Specifies the value for the session resource. See
the Xsession section for more information.
Unix System LaboratoLast change: 1 August 1995 5
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
RETURN VALUE
Exit values are:
0 Successful completion.
>0 Error condition occurred.
RESOURCES
The dtlogin client is controlled via the contents of the
dtlogin configuration file, the default being
/usr/dt/config/Xconfig. Some resources control the behavior
of dtlogin in general, some can be specified for a particu-
lar display.
GENERAL RESOURCES
The dtlogin general resources are not display-specific and
apply to all displays where appropriate.
Name Class ClassType Default
______________________________________________________________________________________________
accessFile AccessFile String NULL
authDir AuthDir String /var/dt
autoRescan AutoRescan Boolean True
daemonMode DaemonMode Boolean False
debugLevel DebugLevel Int 0
errorLogFile ErrorLogFile String NULL
errorLogSize ErrorLogSize Int 50
exportList ExportList String NULL
fontPathHead FontPathHead String NULL
fontPathTail FontPathTail String NULL
keyFile KeyFile String /usr/dt/config/Xkeys
lockPidFile LockPidFile Boolean True
networkDevice NetworkDevice String /dev/dtremote
pidFile PidFile String NULL
removeDomainname RemoveDomainname Boolean True
requestPort RequestPort Int 177
servers Servers String :0 Local local /system_dependent_path/X :0
sysParmsFile SysParmsFile String /system_dependent_path
timeZone TimeZone String NULL
wakeupInterval WakeupInterval Int 10
______________________________________________________________________________________________
accessFile
To prevent unauthorized XDMCP service and to allow forward-
ing of XDMCP IndirectQuery requests, this file contains a
database of hostnames which are either allowed direct access
to this machine, or have a list of hosts to which queries
should be forwarded to. The format of this file is
described in the Xaccess section. If not set, all hosts
will be allowed XDMCP service.
Unix System LaboratoLast change: 1 August 1995 6
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
authDir
This is a directory name that dtlogin uses to temporarily
store authorization files for displays using XDMCP.
autoRescan
This boolean controls whether dtlogin rescans the configura-
tion file and server file after a session terminates and the
files have changed. You can force dtlogin to reread these
files by sending a SIGHUP to the main process.
daemonMode
The dtlogin client can make itself into an unassociated dae-
mon process. This is accomplished by forking and leaving the
parent process to exit, then closing file descriptors and
releasing the controlling terminal. This is inconvenient
when attempting to debug dtlogin. Setting this resource to
"false" disables daemonMode.
If dtlogin is started from /etc/inittab, it should not be
run in daemon mode. Otherwise the init process will think it
has terminated and will attempt to restart it.
debugLevel
A non-zero value specified for this integer resource enables
debugging information to be printed. It also disables daemon
mode, which redirects the information into the bit-bucket.
dtlogin, which is not normally useful.
errorLogFile
Error output is normally directed at the system console. To
redirect it, set this resource to any file name. This file
contains any output directed to stderr by Xsetup, Xstartup
and Xreset.
errorLogSize
This resource specifies the maximum size of the error log
file in kilobytes. When the limit is reached dtlogin will
delete the oldest entries in the file until the file size is
reduced to 75% of the maximum.
exportList
This resource can contain a set of variable names separated
by a space or tab. Each variable named is obtained from the
dtlogin environment and loaded into the environment of the
server and session. See the Environment section for details.
fontPathHead
This resource value is prepended to the default X server
font path.
fontPathHead
This resource value is appended to the default X server font
Unix System LaboratoLast change: 1 August 1995 7
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
path.
keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication requires
that a private key be shared between dtlogin and the termi-
nal. This resource specifies the file containing those
values. Each entry in the file consists of a display name
and the shared key. By default, dtlogin does not include
support for XDM-AUTHENTICATION-1 because it requires DES,
which is not generally distributable.
lockPidFile
This resource controls whether dtlogin uses file locking to
prevent multiple instances of dtlogin from executing con-
currently.
networkDevice
For remote connections, the value for 'line' in /etc/utmp
must also exist as a device in the /dev directory for com-
mands such as finger to operate properly. This resource
specifies the pathname of the /dev file dtlogin will create
when a remote display connects. For most platforms, the file
will be created as a symbolic link to /dev/null. The speci-
fied value must start with "/dev/", otherwise the value is
discarded and no file is created.
pidFile
The filename specified is created to contain an ASCII
representation of the process-ID of the main dtlogin pro-
cess. This can be used when seding signals to dtlogin. The
dtlogin client also uses file locking to attempt to prevent
more than one dtlogin from running on the same machine. See
the lockPidFile resource for more information.
removeDomainname
When computing the display name for XDMCP clients, dtlogin
typically creates a fully qualified host name for the termi-
nal. As this is sometimes confusing, dtlogin removes the
domain name portion of the host name if it is the same as
the domain name for the local host when this variable is
set.
requestPort
This indicates the UDP port number that dtlogin uses to
listen for incoming XDMCP requests. Unless you need to debug
the system, leave this with its default value.
servers
This resource either specifies a file name full of server
entries, one per line (if the value starts with a slash), or
a single server entry. Each entry indicates a display that
should constantly be managed and that is not using XDMCP.
Unix System LaboratoLast change: 1 August 1995 8
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
The general syntax for each entry is:
DisplayName DisplayClass DisplayType[@ite] [Command [options]]
A typical entry for local display number 0 is:
:0 Local local@console /usr/bin/X11/X :0
DisplayName
The display name must be something that can be
passed in the -display option to any X program.
This string is used in the display-specific
resources to specify the particular display, so
be careful to match the names (e.g., use ":0
local /usr/bin/X11/X :0" instead of
"localhost:0 local /usr/bin/X11/X :0" if your
other resources are specified as
"Dtlogin._0.session"). A `*' in this field
will be expanded to "<hostname>:0" by dtlogin.
DisplayClass
The display class portion is also used in the
display-specific resources as the class portion
of the resource. This is useful if you have a
large collection of similar displays (a group
of X terminals, for example) and want to set
resources for groups of them. When using XDMCP,
the display is required to specify the display
class, so perhaps your X terminal documentation
describes a reasonably standard display class
string for your device.
DisplayType
A DisplayType of "local" indicates that an X
server should be started for this entry. A
value of "remote" indicates to attach to an
existing X server.
@ite On local bitmaps, the user may choose a "Com-
mand Line Login" option via the login screen,
which temporarily suspends the X-server and
presents the traditional character "login:"
prompt. The user can then log in and perform
non-X related tasks. When the user finishes and
logs out, the X-server is restarted, and the
login screen is redisplayed.
In order to support "Command Line Login" mode, the
display must have an associated Internal Terminal Emu-
lator (ITE) device. By default, dtlogin associates the
ITE device "console" (/dev/console) with display ":0".
If your configuration does not match this default,
Unix System LaboratoLast change: 1 August 1995 9
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
specify "@<device>" for the display(s) with an associ-
ated ITE and "@none for all other displays listed in
the servers file.
Command [options]
This is the string used to start the X server.
The dtlogin client will always connect to the X
server using the DisplayName specified, so you
might need to specify an explicit connection
number as an option to your X server (:0 in the
above example).
sysParmsFile
This resource specifies a file containing shell commands,
one of which sets the timezone environment variable (TZ) for
the system. If the timezone is set via the shell syntax,
"TZ=", dtlogin can use this information to set the timezone
for the user session.
timeZone
This resource specifies the local time zone for dtlogin. It
is loaded into the environment of dtlogin as the value of
the variable TZ and inherited by all subsequent sessions.
Some systems maintain a configuration file that contains the
timezone setting (ex. /etc/src.sh). See the sysParmsFile
resource.
wakeupInterval
If the user selects "Command Line Login" mode from the login
screen, dtlogin terminates the X-server and allows the trad-
itional character-based login prompt, "login:" to become
visible. If the user does not log in within 2 * wakeupInter-
val seconds, the X-server is restarted. Once the user has
logged in, dtlogin checks every wakeupInterval seconds to
see if the user has logged out. If so, the X-server is res-
tarted and the login screen is redisplayed.
DISPLAY RESOURCES
The dtlogin client display resources can be specified for
all displays or for a particular display. To specify a par-
ticular display, the display name is inserted into the
resource name between ``Dtlogin'' and the final resource
name segment. For example, Dtlogin.expo_0.startup is the
name of the resource defining the startup shell file on the
``expo:0'' display. The resource manager separates the name
of the resource from its value with colons, and separates
resource name parts with dots, so dtlogin uses underscores
for the dots and colons when generating the resource name.
Resources can also be specified for a class of displays by
inserting the class name instead of a display name. A
Unix System LaboratoLast change: 1 August 1995 10
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
display that is not managed by XDMCP can have its class
affiliation specified in the file referenced by the servers
resource. A display using XDMCP supplies its class affilia-
tion as part of the XDMCP packet.
Name ClassClass Type Default
__________________________________________________________________
authorize Authorize Boolean False
authName AuthName String MIT-MAGIC-COOKIE-1
authFile AuthFile String NULL
chooser Chooser
cpp Cpp String system dep.
environment Environment String system dep.
failsafeClient FailsafeClient String /system_dep./xterm
grabServer GrabServer Boolean True
grabTimeout GrabTimeout Int 3 seconds
language Language String system dep.
languageList LanguageList String NULL
languageName LanguageName String NULL
openDelay OpenDelay Int 5 seconds
openRepeat OpenRepeat Int 5 seconds
openTimeout OpenTimeout Int 30 seconds
pingInterval PingInterval Int 5 minutes
pingTimeout PingTimeout Int 5 minutes
reset Reset String NULL
resetForAuth ResetForAuth Boolean False
resetSignal Signal Int 1 SIGHUP
resources Resource String NULL
session Session String /usr/dt/bin/Xsession
setup Setup String NULL
startAttempts StartAttempts Int 4
startup Startup String NULL
systemPath SystemPath String system_dep._path
systemShell SystemShell String /bin/sh
terminateServer TerminateServer Boolean False
termSignal Signal Int 15 (SIGTERM)
userAuthDir UserAuthDir String /var/dt
userPath UserPath String system_dep._path
xdmMode XdmMode Boolean False
xrdb Xrdb String /system_dep./xrdb
__________________________________________________________________
authorize
Authorize is a boolean resource that controls whether dtlo-
gin generates and uses authorization for the server connec-
tions. (See authName.)
authName
If authorize is used, authName specifies the type of author-
ization to be used. Currently, dtlogin supports only MIT-
MAGIC-COOKIE-1 authorization, XDM-AUTHORIZATION-1 could be
supported, but DES is not generally distributable. XDMCP
Unix System LaboratoLast change: 1 August 1995 11
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
connections state which authorization types are supported
dynamically, so authName is ignored in this case. (See
authorize.)
authFile
This file is used to communicate the authorization data from
dtlogin to the server, using the -auth server command line
option. It should be kept in a write- protected directory to
prevent its erasure, which would disable the authorization
mechanism in the server. If NULL, dtlogin will generate a
file name.
chooser
Specifies the program run to offer a host menu for indirect
queries redirected to the special host name CHOOSER.
/usr/dt/bin/dtchooser is the default. See the Xaccess sec-
tion.
cpp
This specifies the path of the C preprocessor that is used
by xrdb.
environment
This resource can contain a set of <name>=<value> pairs
separated by a space or tab. Each item is loaded into the
environment of the server and session. See the Environment
section for details.
failsafeClient
If the default session fails to execute, dtlogin falls back
to this program. This program is executed with no arguments,
but executes using the same environment variables as the
session would have had. (See The Xfailsafe File.)
grabServer
See grabTimeout.
grabTimeout
To improve security, dtlogin grabs the server and keyboard
while reading the name and password. The grabServer resource
specifies if the server should be held while the name and
password is read. When FALSE, the server is ungrabbed after
the keyboard grab succeeds; otherwise, the server is grabbed
until just before the session begins. The grabTimeout
resource specifies the maximum time dtlogin will wait for
the grab to succeed. The grab may fail if some other client
has the server grabbed, or possibly if the network latencies
are very high. The grabTimeout resource has a default of 3
seconds; be cautious when using this resource, since a user
can be deceived by a look-alike window on the display. If
the grab fails, dtlogin kills and restarts the server (if
possible) and session.
Unix System LaboratoLast change: 1 August 1995 12
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
Some X-terminals cannot display their login screens while
the server is grabbed. Setting grabServer to false will
allow the screen to be displayed, but opens the possibility
that a user's login name can be stolen by copying the con-
tents of the login screen. Since the keyboard is still
grabbed and the password is not echoed, the password cannot
be stolen.
language
This resource specifies the default setting for the LANG
environment variable. If the dtlogin screen is localized
for that language, it is displayed appropriately; otherwise,
it is displayed in the language "C". The user may tem-
porarily override this setting via an option on the login
screen. When the subsequent session terminates, the LANG
variable reverts to this setting.
languageList
This resource allows the user to override the default set of
languages displayed in the "Language" menu of the login
screen. It is useful if the set of languages actually used
on a particular display is smaller than the set installed on
the system. The resource value is a list of valid values for
the LANG environment variable. Language values should be
separated by one or more spaces or tabs.
languageName
This resource allows the user to override the default locale
name displayed in the "Language" menu of the login screen
with alternate text. This way, instead of users seeing a
"En_US" item, they could see a "English (United States)"
item instead. This resource is specified as "Dtlogin
*<locale name>. languageName: text" as follows:
Dtlogin*En_US.languageName: English (United States)
Dtlogin*Fr_CA.languageName: French (Canadian)
openDelay
See startAttempts
openRepeat
See startAttempts
openTimeout
See startAttempts
pingInterval
See pingTimeout
pingTimeout
To discover when remote displays disappear, dtlogin occa-
sionally "pings" them, using an X connection and sending
Unix System LaboratoLast change: 1 August 1995 13
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
XSync requests. The pingInterval resource specifies the time
(in minutes) between successive ping attempts, and
pingTimeout specifies the maximum wait time (in minutes) for
the terminal to respond to the request. If the terminal does
not respond, the session is terminated. The dtlogin client
does not ping local displays. Although it may seem harmless,
it is undesirable when a local session is terminated as a
result of the server waiting (for remote filesystem service,
for example) and not responding to the ping.
reset
This specifies a program that is run (as root) after the
session terminates. If not set, no program is run. The con-
ventional name is Xreset. See The Xreset File.
resetForAuth
The original implementation of authorization in the sample
server reread the authorization file at server reset time,
instead of when checking the initial connection. Since
dtlogin generates the authorization information just before
connecting to the display, an old server does not get
current authorization information. This resource causes
dtlogin to send SIGHUP to the server after setting up the
file, causing an additional server reset to occur, during
which time the new authorization information is read.
resetSignal
This resource specifies the signal dtlogin sends to reset
the server. See the section Controlling The Server
resources
This resource specifies the name of the file to be loaded by
xrdb (1) as the resource data-base onto the root window of
screen 0 of the display. This resource data base is loaded
just before the authentication procedure is started, so it
can control the appearance of the "login" window. See the
section on the authentication screen, which describes the
various resources that are appropriate to place in this
file. There is no default value for this resource, but the
conventional name is Xresources. See the Resource section.
session
This specifies the session to be executed for the authenti-
cated user. By default, the /usr/dt/bin/Xsession file is
run. The conventional name is Xsession. See The Xsession
File.
setup
This specifies a program that is run (as root) prior to the
display of the authentication screen. By default, no program
is run. The conventional name for a file used here is
Xsetup. See the Xsetup section.
Unix System LaboratoLast change: 1 August 1995 14
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
startAttempts
Four numeric resources control the behavior of dtlogin when
attempting to open reluctant servers: openDelay, openRepeat,
openTimeout, and startAttempts. openDelay is the duration
(in seconds) between successive attempts; openRepeat is the
number of attempts to make; openTimeout is the amount of
time to wait while actually attempting the opening (i.e.,
the maximum time spent in the connect (2) syscall); and
startAttempts is the number of times the entire process
occurs before giving up on the server. After openRepeat
attempts have been made, or if openTimeout seconds elapse in
any particular attempt, dtlogin terminates and restarts the
server, attempting to connect again. This process is
repeated startAttempts time, at which point the display is
declared dead and disabled. (See openDelay, openRepeat, and
openTimeout.)
startup
This specifies a program that is run (as root) after the
authentication process succeeds. By default, no program is
run. The conventional name for a file used here is Xstartup.
See the Xstartup section.
systemPath
The dtlogin client sets the PATH environment variable for
the startup and reset scripts to the value of this resource.
Note the conspicuous absence of "." from this entry. This
is a good practice to follow for root; it avoids many system
penetration schemes.
systemShell
The dtlogin client sets the SHELL environment variable for
the startup and reset scripts to the value of this resource.
terminateServer
This boolean resource specifies whether the X server should
be terminated when a session terminates (instead of reset-
ting it). This option can be used if the server tends to
grow without bound over time in order to limit the amount of
time the server is run continuously.
termSignal
This resource specifies the signal dtlogin sends to ter-
minate the server. See the section Controlling The Server
userAuthDir
When dtlogin cannot write to the usual user authorization
file ( $HOME/.Xauthority), it creates a unique file name in
this directory and points the environment variable XAUTHOR-
ITY at the created file.
Unix System LaboratoLast change: 1 August 1995 15
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
userPath
The dtlogin client sets the PATH environment variable for
the session to this value. It should be a colon-separated
list of directories; see sh(1) for a full description.
xdmMode
If True, the $HOME/.xsession file will be executed from
Xsession upon user authentication, rather than dtsession.
xrdb
Specifies the program used to load the resources. The
authentication screen reads a name-password pair from the
keyboard. As this is a Motif toolkit client, colors, fonts
and some layout options can be controlled with resources.
General resources for this screen should be put into the
file named by the dtlogin resources resource, the default
being Xresources. Language specific values such as text or
fonts should be specified in the Dtlogin app-defaults file.
Logo Resources
Name ClassClass Type Default
__________________________________________________________
bitmapFile BitmapFile String NULL
background Background Pixel #a8a8a8
topShadowPixmap TopShadowPixmap String 25_foreground
__________________________________________________________
The default logo on the authentication screen may be
replaced with a bitmap or pixmap of the user's choice. The
resources should be prefaced with the string Dtlogin*logo*
when specified.
bitmapFile
Specifies the absolute path name to the bitmap
or pixmap file to be used for the logo.
background
Specifies the background color for the logo.
topShadowPixmap
Specifies the pixmap to use for the logo border
shadow.
The following resources describe the greeting string used on
the login screen. The resources should be prefaced with the
string Dtlogin*greeting* when specified.
Name ClassClass Type Default
_______________________________________________________________________________
foreground Foreground Pixel black
background Background Pixel dynamic
fontList FontList FontList -*-*schoolbook-medium-i-normal--18-*
Unix System LaboratoLast change: 1 August 1995 16
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
labelString LabelString String Welcome to %LocalHost%
persLabelString LabelString String Welcome %s
alignment Alignment String ALIGNMENT_CENTER
_______________________________________________________________________________
foreground
Specifies the foreground color for the welcome
message.
background
Specifies the background color for the welcome
message. The default is light-gray for color
systems or white for monochrome systems.
fontList
Specifies the font to use for the welcome mes-
sage.
labelString
Specifies the string to use for the welcome
message. Multiple lines can be specified by
including newline characters (0 in the text. If
the token %LocalHost" is included in the text,
it will be replaced with the name of the host
providing login service. If the token %Display-
Name% is included in the text, it will be
replaced with the display name.
persLabelString
Specifies the string to use for the personal-
ized welcome message. This is the message
displayed after the use name has been entered.
The %s will be replaced with the user name
entered.
alignment
Specifies the string to use for the alignment
of the Welcome message. Valid values are
ALIGNMENT_BEGINNING, ALIGNMENT_CENTER and
ALIGNMENT_END.
Matte Resources
The following resources describe the matte layout used on
the login screen. The resources should be prefaced with the
string Dtlogin*matte. when specified.
Name ClassClass Type Default
________________________________________________________
width Width Int 806 for Highres displays
755 for Mediumres displays
585 for lowres displays
height Height Int 412 for Highres displays
Unix System LaboratoLast change: 1 August 1995 17
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
385 for Mediumres displays
300 for Lowres displays
________________________________________________________
width Specifies the width to use for the login_matte.
height Specifies the height to use for the
login_matte. The following resources describe
the fonts layout used on the login screen. The
resources should be prefaced with the string
Dtlogin*. when specified.
Label Resources
Name ClassClass Type Default
_____________________________________________________________________________________________________
labelFont LabelFont String -*-swiss 742-bold-r-normal-*-140-*-p-100-* for lowres displays
-*-swiss 742-medium-r-normal-*-140-*-p-110-* for high res displays.
textFont TextFont String -*-prestige-medium-r-normal-*-128-72-* for highres diqsplays.
-*-helvetica-bold-r-normal-*-100-* for lowres displays
_____________________________________________________________________________________________________
labelFont
Specifies the labelFont to use for the pushBut-
tons and labels.
textFont
Specifies the textFont to use for the pushBut-
tons and labels.
ENVIRONMENT
The dtlogin client invokes the user's session with the fol-
lowing default environment:
DISPLAY
is set to the associated display name
EDITOR
is set to /usr/dt/bin/dtpad
HOME
is set to the home directory of the user
KBD_LANG
is set to the value of LANG for applicable languages
LANG
is set to the current NLS language (if any)
LC_ALL
is set to the current NLS language (if any)
Unix System LaboratoLast change: 1 August 1995 18
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
LC_MESSAGES
is set to the current NLS language (if any)
LOGNAME
is set to the user name
MAIL
is set to /usr/mail/$USER (system dependent)
PATH
is set to the value of the userPath resource
USER
is set to the user name
SHELL
is set to the user's default shell (from /etc/passwd)
TERM
is set to dtterm
TZ
is set to the value of the timeZone resource or system
default
XAUTHORITY
may be set to an authority file
Adding to the Environment List
Four methods are available to modify or add to this list
depending on the desired scope of the resulting environment
variable.
The exportList resource is available to allow the export of
variables provided to the dtlogin process by its parent.
Variables specified by this method are available to both the
display's X server process and the user's session and over-
ride any default settings. The resource accepts a string of
<name> separated by at least one space or tab.
The environment resource is available in the dtlogin confi-
guration file to allow setting of environment variables on a
global or per-display basis. Variables specified by this
method are available to both the display's X server process
and the user's session and override any default settings.
The resource accepts a string of <name>=<value> pairs
separated by at least one space or tab. The values specified
must be constants because no shell is used to parse the
string. See the Resources section for details on setting
this resource.
Unix System LaboratoLast change: 1 August 1995 19
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
For example:
Dtlogin*environment:MAIL_HOST=blanco MAIL_SERVER=pablo
Note: The environment variables LANG and TZ have their own
dedicated resources in the configuration file and should not
be set via environment.
Environment variables that require processing by a shell or
are dependent on the value of another environment variable
can be specified in the startup script Xsession. These vari-
ables are loaded into the environment of all users on the
display, but not to the X server process. They override any
previous settings of the same variable. The Xsession script
accepts ksh syntax for setting environment variables. For
example:
MAIL=/usr/mail/$USER
Finally, personal environment variables can be set on a
per-user basis in the script file $HOME/.dtprofile.
The dtlogin client accepts either sh, ksh, or csh syntax for
the commands in this file. The commands should only be those
that set environment variables, not any that perform termi-
nal I/O, excepting tset(1) or stty(1). If the first line of
.dtprofile is #!/bin/sh, #!/bin/ksh, or #!/bin/csh, dtlogin
uses the appropriate shell to parse .dtprofile. Otherwise,
the user's default shell ($SHELL) is used.
FILES
The dtlogin client is designed to operate in a wide variety
of environments and provides a suite of configuration files
that can be changed to suit a particular system. The default
dtlogin configuration files can be found in /usr/dt/config
with the exception of Xsession which is stored in
/usr/dt/bin. They are listed below:
Xconfig specifies other dtlogin configuration files
and dtlogin behavior
Xaccess used by dtlogin to control access from
displays requesting XDMCP service
Xservers contains the list of displays to for dtlogin
to explicitly manage
Xresources contains resource definitions specifying the
appearance of the login screen
Xsetup a script executed as `root' prior to display
of the login screen
Unix System LaboratoLast change: 1 August 1995 20
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
Xstartup a script executed as `root' after user has
successfully authenticated
Xsession a script executed as the authenticated `user'
that starts the user's session
Xfailsafe a script executed as the authenticated `user'
that starts a failsafe session
Xreset a script executed as `root' after the user's
session has exited
The Xconfig File
The Xconfig file contains the general resources for dtlogin
and is the top of the dtlogin configuration file tree. Xcon-
fig specifies the location of other dtlogin configuration
and log files and specifies dtlogin behavior. The location
of other dtlogin configuration and log files are specified
by resource definitions. The defaults are listed below:
Dtlogin.errorLogFile: /var/dt/Xerrors
Dtlogin.pidFile: /var/dt/Xpid
Dtlogin.accessFile: Xaccess
Dtlogin.servers: Xservers
Dtlogin*resources: %L/Xresources
Dtlogin*setup: Xsetup
Dtlogin*startup: Xstartup
Dtlogin*reset: Xreset
Dtlogin*failsafeClient Xfailsafe
Dtlogin*session /usr/dt/bin/Xsession
If the path specified for accessFile, servers, resources,
setup, startup, reset, failsafeClient, or session is rela-
tive, dtlogin will first look for the file in directory
/etc/dt/config, then /usr/dt/config.
Note that some of the resources are specified with ``*''
separating the components. These resources can be made
unique for each different display, by replacing the ``*''
with the display-name. See the DISPLAY RESOURCES section for
a complete discussion.
Unix System LaboratoLast change: 1 August 1995 21
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
The default Xconfig file is /usr/dt/config/Xconfig. A sys-
tem administrator can customize Xconfig by copying
/usr/dt/config/Xconfig to /etc/dt/config/Xconfig and modify-
ing /etc/dt/config/Xconfig.
The default Xconfig file contains the configuration and log
file entries shown above as well as a few vendor specific
resource definitions and examples. See the GENERAL RESOURCES
and DISPLAY RESOURCES sections for the complete list of
resources that can be defined in Xconfig.
The Xaccess File
The database file specified by the accessFile resource pro-
vides information which dtlogin uses to control access from
displays requesting XDMCP service. This file contains three
types of entries: entries which control the response to
Direct and Broadcast queries, entries which control the
response to Indirect queries, and macro definitions.
The format of a Direct entry is either a host name or a pat-
tern. A pattern is distinguished from a host name by the
inclusion of one or more meta characters (`*' matches any
sequence of 0 or more characters, and `?' matches any sin-
gle character) which are compared against the host name of
the display device. If the entry is a host name, all com-
parisons are done using network addresses, so any name which
converts to the correct network address may be used. For
patterns, only canonical host names are used in the com-
parison, so ensure that you do not attempt to match aliases.
Preceding either a host name or a pattern with a `!' char-
acter causes hosts which match that entry to be excluded.
An Indirect entry also contains a host name or pattern, but
follows it with a list of host names or macros to which
indirect queries should be sent. Indirect entries may also
specify to have dtlogin run dtchooser to offer a menu of
hosts to which a login screen can be displayed.
A macro definition contains a macro name and a list of host
names and other macros that the macro expands to. To dis-
tinguish macros from hostnames, macro names start with a `%'
character. Macros may be nested.
When checking access for a particular display host, each
entry is scanned in turn and the first matching entry deter-
mines the response. Direct and Broadcast entries are
ignored when scanning for an Indirect entry and vice-versa.
Blank lines are ignored, `#' is treated as a comment delim-
iter causing the rest of that line to be ignored, and `\new-
line' causes the newline to be ignored, allowing indirect
host lists to span multiple lines.
Unix System LaboratoLast change: 1 August 1995 22
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
Here is an example Xaccess file: DJB
#
# Xaccess - XDMCP access control file
#
#
# Direct/Broadcast query entries
#
!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
bambi.ogi.edu # allow access from this particular display
*.lcs.mit.edu # allow access from any display in LCS
#
# Indirect query entries
#
#define %HOSTS macro
%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \
excess.lcs.mit.edu kanga.lcs.mit.edu
#force extract to contact xenon
extract.lcs.mit.edu xenon.lcs.mit.edu
#disallow indirect access by xtra
!xtra.lcs.mit.edu dummy
#all others get to choose among %HOSTS
*.lcs.mit.edu %HOSTS
If XDMCP access is granted, a temporary file may be created
in the directory specified by authDir which contains author-
ization information for the X-terminal. It is deleted when
the session starts.
For X terminals that do not offer a host menu for use with
Broadcast or Indirect queries, the chooser program can do
this for them. In the Xaccess file, specify ``CHOOSER'' as
the first entry in the Indirect host list. Chooser will
send a Query request to each of the remaining host names in
the list and offer a menu of all the hosts that respond.
The list may consist of the word ``BROADCAST,'' in which
case chooser will send a Broadcast instead, again offering a
menu of all hosts that respond. Note that on some operating
systems, UDP packets cannot be broadcast, so this feature
will not work.
Example Xaccess file using chooser:
#offer a menu of these hosts to extract
extract.lcs.mit.edu CHOOSER %HOSTS
Unix System LaboratoLast change: 1 August 1995 23
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
#offer a menu of all hosts to xtra
xtra.lcs.mit.edu CHOOSER BROADCAST
The program to use for chooser is specified by the chooser
resource. Resources for this program can be put into the
file named by resources.
The default Xaccess file is /usr/dt/config/Xaccess. A sys-
tem administrator can customize Xaccess by copying
/usr/dt/config/Xaccess to /etc/dt/config/Xaccess and modify-
ing /etc/dt/config/Xaccess.
The default Xaccess file contains no entries.
The Xservers File
Contains the list of displays to manage. See the servers
resource description under GENERAL RESOURCES for more infor-
mation.
The default Xservers file is /usr/dt/config/Xservers. A
system administrator can customize Xservers by copying
/usr/dt/config/Xservers to /etc/dt/config/Xservers and modi-
fying /etc/dt/config/Xservers.
The default Xservers file contains an entry for one local
display.
The Xresources File
Contains the resource definitions specifying the appearance
of the login screen. See the dtgreet specification for more
information.
The default Xresources file is /usr/dt/config/Xresources. A
system administrator can customize Xresources by copying
/usr/dt/config/Xresources to /etc/dt/config/Xresources and
modifying /etc/dt/config/Xresources.
The Xsetup File
This file is typically a shell script. It is run as "root"
and should be very careful about security. This script is
run before the login screen is displayed. No arguments of
any kind are passed to the script. Dtlogin waits until this
script exits before displaying the login screen.
The default Xsetup file is /usr/dt/config/Xsetup. A system
administrator can customize Xsetup by copying
/usr/dt/config/Xsetup to /etc/dt/config/Xsetup and modifying
/etc/dt/config/Xsetup.
The default Xsetup file contains vendor specific code but
typically contains code that sets up the X server prior to
the display of the login screen, such as setting up keyboard
Unix System LaboratoLast change: 1 August 1995 24
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
maps.
The Xstartup File
This file is typically a shell script. It is run as "root"
and should be very careful about security. This is the place
to put commands that display the message of the day or do
other system-level functions on behalf of the user. Various
environment variables are set for the use of this script:
DISPLAY set to the associated display name
HOME set to the home directory of the user
PATH set to the value of the systemPath resource
USER set to the user name
SHELL set to the value of the systemShell resource
No arguments of any kind are passed to the script. Dtlogin
waits until this script exits before starting the user ses-
sion. If the exit value of this script is non-zero, dtlogin
discontinues the session immediately and starts another
authentication cycle.
The default Xstartup file is /usr/dt/config/Xstartup. A
system administrator can customize Xstartup by copying
/usr/dt/config/Xstartup to /etc/dt/config/Xstartup and modi-
fying /etc/dt/config/Xstartup.
The default Xstartup file contains code to change ownership
of /dev/console to the user whose session is running on the
console.
The Xsession File
This script initializes a user's session and invokes the
desktop session manager. It is run with the permissions of
the authorized user, and has several environment variables
pre-set. See the Environment section for a list of the pre-
set variables.
The default Xsession file is /usr/dt/bin/Xsession. A system
administrator can customize Xsession by copying
/usr/dt/bin/Xsession to /etc/dt/config/Xsession and modify-
ing /etc/dt/config/Xsession. The session resource defined
in Xconfig must also be changed to reference the customized
Xsession file. See the Xconfig section for information on
how to update the Xconfig file.
The default Xsession file contains session initialization
code. It does contain some vendor specific code but its gen-
eral function is as follows:
Unix System LaboratoLast change: 1 August 1995 25
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
- Sources the user's $HOME/.dtprofile
- Sources any /etc/dt/config/Xsession.d/* scripts
- Sources any /usr/dt/config/Xsession.d/* scripts
- Launches in the background the desktop welcome
client, dthello
- Sources the application search path setup script,
dtsearchpath
- Launches in the background the help setup client,
dthelpgen
- Launches in the background the application manager
directory setup client, dtappgather
- Execs the desktop session manager, dtsession
System administrators are discouraged from customizing the
Xsession file.
The Xreset File
Symmetrical with Xstartup, this script is run after the user
session has terminated. Run as root, it should probably con-
tain commands that undo the effects of commands in Xstartup,
such as unmounting directories from file servers. The col-
lection of environment variables that were passed to
Xstartup are also given to Xreset.
The default Xreset file is /usr/dt/config/Xreset. A system
administrator can customize Xreset by copying
/usr/dt/config/Xreset to /etc/dt/config/Xreset and modifying
/etc/dt/config/Xreset.
The default Xreset file contains code change ownership of
/dev/console back to root.
STATUS FILES
The Xerrors File
Contains error messages from dtlogin and anything output to
stderr by Xsetup, Xstartup or Xreset. The system adminis-
trator can use the contents of this file for dtlogin troub-
leshooting. The errorLogSize resource limits the size of the
Xerrors file and can prevent it from growing without bound.
A system administrator can change the pathname of the Xer-
rors file by setting the errorLogFile resource in the Xcon-
fig file. See the Xconfig section for information on how to
update the Xconfig file.
Unix System LaboratoLast change: 1 August 1995 26
dtlogin(1X) MISC. REFERENCE MANUAL PAGES dtlogin(1X)
The Xpid File
Contains the process ID of the master dtlogin process which
can be used when sending signals to dtlogin. A system
administrator can change the pathname of the Xpid file by
setting the pidFile resource in the Xconfig file. See the
Xconfig section for information on how to update the Xconfig
file.
ERROR MESSAGES
- Login incorrect; please try again.
- Unable to change to home directory.
- Sorry. Maximum number of users already logged in.
- Login error, invalid user ID.
- Login error, invalid group ID.
- Login error, invalid audit ID.
- Login error, invalid audit flag.
- Logins are currently disabled.
- Your current password has expired.
Unix System LaboratoLast change: 1 August 1995 27
See also dtlogin(1)
Man(1) output converted with
man2html