Linux XDMCP HOWTO

Thomas Chao

             [email protected]

  Revision History
  Revision v1.0 1 November 2000 Revised by: tc
  Initial revision and release.

  XDMCP stands for "X Display Manager Control Protocol". It provides a
  mechanism for an Xterminal to request a session from a remote host.
  This document describes how to setup XDMCP.
    _________________________________________________________________

  Table of Contents
  1. [1]Introduction

       1.1. [2]Copyright Information
       1.2. [3]Disclaimer
       1.3. [4]Feedback

  2. [5]The Procedure

       2.1. [6]System
       2.2. [7]Client
       2.3. [8]Server Preparation
       2.4. [9]Steps to Complete the Procedure
       2.5. [10]Testing

  3. [11]Troubleshooting
  4. [12]XDMCP and GDM (Gnome Display Manager)
  5. [13]Additional References

1. Introduction

  XDMCP stands for "X Display Manager Control Protocol". It provides a
  mechanism for an Xterminal to request a session from a remote host.
  This document describes how to setup XDMCP.

  Some of us running Linux (like me) are looking for the best parts of
  Linux. Among them is the ability to re-use old systems (like 486 CPUs)
  as a client (with the Win32 client; like Hummingbird's Exceed) to run
  Linux from any PC. It is somehow very surprising that there aren't
  many documents on the internet which guide you step by step on how to
  set this up. Essentially, by using XDMCP, you can create a cheap
  solution of a client and server environment.
    _________________________________________________________________

1.1. Copyright Information

  This document is copyrighted (c) 2000 Thomas Chao and is distributed
  under the terms of the Linux Documentation Project (LDP) license,
  stated below.

  Unless otherwise stated, Linux HOWTO documents are copyrighted by
  their respective authors. Linux HOWTO documents may be reproduced and
  distributed in whole or in part, in any medium physical or electronic,
  as long as this copyright notice is retained on all copies. Commercial
  redistribution is allowed and encouraged; however, the author would
  like to be notified of any such distributions.

  All translations, derivative works, or aggregate works incorporating
  any Linux HOWTO documents must be covered under this copyright notice.
  That is, you may not produce a derivative work from a HOWTO and impose
  additional restrictions on its distribution. Exceptions to these rules
  may be granted under certain conditions; please contact the Linux
  HOWTO coordinator at the address given below.

  In short, we wish to promote dissemination of this information through
  as many channels as possible. However, we do wish to retain copyright
  on the HOWTO documents, and would like to be notified of any plans to
  redistribute the HOWTOs.

  If you have any questions, please contact
  <[14][email protected]>
    _________________________________________________________________

1.2. Disclaimer

  No liability for the contents of this documents can be accepted. Use
  the concepts, examples and other content at your own risk. As this is
  a new edition of this document, there may be errors and inaccuracies,
  that may of course be damaging to your system. Proceed with caution,
  and although this is highly unlikely, the author(s) do not take any
  responsibility for that.

  All copyrights are held by their by their respective owners, unless
  specifically noted otherwise. Use of a term in this document should
  not be regarded as affecting the validity of any trademark or service
  mark.

  Naming of particular products or brands should not be seen as
  endorsements.

  You are strongly recommended to take a backup of your system before
  major installation and backups at regular intervals.
    _________________________________________________________________

1.3. Feedback

  Feedback is most certainly welcome for this document. Without your
  submissions and input, this document wouldn't exist. Please send your
  additions, comments and criticisms to the following email address :
  <[15][email protected]>.
    _________________________________________________________________

2. The Procedure

  This section details the procedure for setting up and using XDMCP.
    _________________________________________________________________

2.1. System

  I have tested the setup running an X Server that listens to an XDMCP
  session on Red Hat 6.0, 6.2 and Red Hat 7.0. I have not had a chance
  to test it on any other Linux flavors. If you have successfully setup
  one other than Red Hat platform, please share it with us. My server
  hardware is an IBM PC clone running an Intel Pentium II 400 Mhz with
  128 MB memory and 30 MB ATA-66 Hard Drive. I use a 3COM 10/100 Fast
  Ethernet (3C509B) NIC. I setup the X Server to accept 6 session
  clients.
    _________________________________________________________________

2.2. Client

  I am using Hummingbird Exceed 6.1 with Service Pack 1 on Windows 98
  SE, Windows NT 4.0 and Windows 2000 Pro.
    _________________________________________________________________

2.3. Server Preparation

  To prepare your X Server for XDMCP session, you need to make sure the
  following are properly installed:

   1. Install your Linux OS. In my case, I installed Red Hat 6.2 (Custom
      Installation).
   2. Setup your Networking. To test it out, ping and telnet are good
      comamnds to use to determine if your network works.
   3. Setup X. Do not setup with a resolution higher than what the
      clients are able to use for their display. Test the X Server by
      typing either startx or telinit 5. Make sure X is running
      properly.
   4. Creates the necessary user accounts (and associated groups) you
      will need for client access via the XDMCP client.
    _________________________________________________________________

2.4. Steps to Complete the Procedure

  These are steps I used to setup the Server for accepting XDMCP
  requests:

   1. Modify /etc/rc.d/init.d/xfs and make the following changes. Change
      all (this is where the Font Server port):

daemon xfs -droppriv -daemon -port -1

      to:

daemon xfs -droppriv -daemon -port 7100

   2. In /etc/X11/xdm/Xaccess, change (this allow all hosts to connect):

#*    # any host can get a login window

      to:

*     # any host can get a login window

   3. Edit /etc/X11/gdm/gdm.conf. This activates XDMCP, causing it to
      listen to the request. Change this:

        [xdmcp]
        Enable=0

      to:

Enable=1

      Make sure "Port=177" is at the end of this block.
   4. Now edit /etc/inittab and change the following line:

id:3:initdefault:

      to:

id:5:initdefault:

      Before changing this line, you can use the telinit command to test
      prior to modifying the line. Use either telinit 3 to set to level
      3, or telinit 5 to set to level 5, graphics mode (you can issue
      this command on the second machine that telnets into this server).
   5. Change the XServers file located at /etc/X11/XServers by adding
      these lines to get 4 xdm (or gdm) sessions running so that 4
      different users can log in (you can add more depending on how
      powerful your server is).

        :0  A  local  /usr/X11R6/bin/X  :0
        :1  B  local  /usr/X11R6/bin/X  :1
        :2  C  local  /usr/X11R6/bin/X  :2
        :3  D  local  /usr/X11R6/bin/X  :3

   6. Locate /etc/X11/xdm/Xsetup_0 and chmod 755 this file.
   7. Edit the XF86Config file in /etc/X11 and change the line:

FontPath    "unix:-1"

      to:

FontPath    "unix:7100"

   8. Add this line to the end of /etc/inittab:

x:5:respawn:/usr/bin/gdm

  You are now ready to run a test.
    _________________________________________________________________

2.5. Testing

  To test if your XDMCP X Server is now ready to accept connections, do
  these steps. I find it easier using the X Server and another machine
  to test:

   1. (Though you don't need to; it doesn't hurt...) Reboot the machine
      (I am assuming you are running level 5).
   2. Make sure the Graphical login page comes up. Make sure the display
      resolution and mouse work. Log in from the console to see if the
      local access is OK. If OK, do not log off.
   3. Setup Hummingbird Exceed to either query this machine (using the
      IP address or fully qualified DNS name) and try to connect to the
      X server. You should see the X Session come up and the login
      screen appear.
   4. If possible, test the maximum number of allowed login sessions.
      This will ensure access is open to only this number.
    _________________________________________________________________

3. Troubleshooting

    * If X cannot come up and is broken:
      If X is broken and the connection fails, most of the time it has
      this error messages:

      _ FontTransSocketUNIXConnect: Can't connect: errno = 111
      failed to set dafault font path 'unix:-1'
      Fatal server error:
      could not open default font 'fixed'

      This is likely due to xfs not finding the correct port for the
      Font Server. To resolve this, check steps 1 and 7 above. Make sure
      all the ports are pointing to (port) 7100 and make sure you have
      the following fonts installed (if not re-install the XFree86 font
      packages):

        FontPath  "/usr/lib/X11/fonts/75dpi/"
        FontPath  "/usr/lib/X11/fonts/misc/"
        FontPath  "/usr/lib/X11/fonts/CID"
        FontPath  "/usr/lib/X11/fonts/Speedo"
        FontPath  "/usr/lib/X11/fonts/100dpi"

      Use the command startx (on local) to restart the X server (or use
      telinit 5).
    * If Exceed has no respond:
      In this case, most likely your xdm (or gdm, depending upon which
      is used in /etc/inittab) is not starting correctly. Issue the
      command: ps -ef | grep gdm (or ps -ef | grep xdm if xdm is used).
      If the process is not running, check step 8 on the setup above
      (make sure there are no typo's and that the correct path is
      given). Restart X using the command telinit 5.
    _________________________________________________________________

4. XDMCP and GDM (Gnome Display Manager)

  The following is taken from the [16]Gnome Display Manager Reference
  Manual:

  GDM also supports the X Display Manager Protocol (XDMCP) for managing
  remote displays.

  GDM listens to UDP port 177 and will repond to QUERY and
  BROADCAST_QUERY requests by sending a WILLING packet to the
  originator.

  GDM can also be configured to honor INDIRECT queries and present a
  host chooser to the remote display. GDM will remember the user's
  choice and forward subsequent requests to the chosen manager.

  GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Little
  is gained from the other schemes, and no effort has been made to
  implement them so far.

  Since it is fairly easy to do denial of service attacks on the XDMCP
  service, GDM incorporates a few features to guard against attacks.
  Please read the XDMCP reference section below for more information.

  Even though GDM tries to outsmart potential attackers, it is still
  adviced that you block UDP port 177 on your firewall unless you really
  need it. GDM guards against DoS attacks, but the X protocol is still
  inherently insecure and should only be used in controlled
  environments.

  Even though your display is protected by cookies the XEvents and thus
  the keystrokes typed when entering passwords will still go over the
  wire in clear text. It is trivial to capture these. You should also be
  aware that cookies, if placed on an NFS mounted directory, are prone
  to eavesdropping too.
    _________________________________________________________________

5. Additional References

  Some additional references on this subject include:

    * [17]xdmcp/udp
    * [18]XDMCP Documentation
    * [19]Should you be running XDMCP?
    * [20]X Window System Terminals
    * [21]A second way of using XDM

References

  1. XDMCP.html#INTRO
  2. XDMCP.html#COPYRIGHT
  3. XDMCP.html#DISCLAIMER
  4. XDMCP.html#FEEDBACK
  5. XDMCP.html#PROCEDURE
  6. XDMCP.html#SYSTEM
  7. XDMCP.html#CLIENT
  8. XDMCP.html#PREP
  9. XDMCP.html#STEPS
 10. XDMCP.html#TESTING
 11. XDMCP.html#TS
 12. XDMCP.html#GDM
 13. XDMCP.html#REFS
 14. mailto:[email protected]
 15. mailto:[email protected]
 16. http://www.oswg.org/oswg-nightly/oswg/en_US.ISO_8859-1/articles/gdm-reference/gdm-reference/index.html
 17. http://www.con.wesleyan.edu/~triemer/network/xdmcp/xdmcp_udp.html
 18. ftp://ftp.x.org/pub/R6.4/xc/doc/hardcopy/XDMCP/xdmcp.PS.gz
 19. http://www-uxsup.csx.cam.ac.uk/security/probing/about/xdmcp.html
 20. http://www.linuxgazette.com/issue27/kaszeta.html
 21. http://www.tcu-inc.com/mark/projects/xdm/index2.html

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.