1 .\" $XConsortium: dtlogin.man /main/2 1995/07/17 10:51:24 drk $
3 .\" * (c) Copyright 1993, 1994 Hewlett-Packard Company *
4 .\" * (c) Copyright 1993, 1994 International Business Machines Corp. *
5 .\" * (c) Copyright 1993, 1994 Sun Microsystems, Inc. *
6 .\" * (c) Copyright 1993, 1994 Novell, Inc. *
9 .ds ]W HP DT 3.0 (6/92)
11 \fBdtlogin \(em The HP DT Login Manager.\fP
15 [-config \fIconfiguration_file\fP]
17 [-debug \fIdebug_level\fP]
18 [-error \fIerror_log_file\fP]
20 [-resources \fIresource_file\fP]
21 [-server \fIserver_entry\fP]
22 [-session \fIsession_program\fP]
27 manages a collection of X displays, both local and possibly remote.
28 The emergence of X terminals guided the design of several parts of this system,
29 along with the development of the X Consortium standard XDMCP (
30 \fIX Display Manager Control Protocol\fP).
32 provides services similar to those provided by \fIinit\fP(1M),
33 \fIgetty\fP(1M) and \fIlogin\fP(1) on character terminals: prompting
34 for login and password, authenticating the user, and running a ``session.''
36 A ``session'' is defined by the lifetime of a particular process; in the
37 traditional character-based terminal world, it is the user's login shell
40 context, it is the HP DT Session Manager.
43 environment, a user's login shell process does not necessarily have any
44 terminal-like interface with which to connect.
46 If the HP DT Session Manager is not used, the typical
48 substitute is either a window manager with an exit option, or a
49 terminal emulator running a shell, where the lifetime of the
50 terminal emulator is the lifetime of the shell process
52 thus reducing the X session to an emulation of the
53 character-based terminal session.
55 When the session is terminated,
57 resets the X server and (optionally) restarts the whole process.
61 provides the first interface that users see, it is designed to be
62 simple to use and easy to customize to the needs of a particular site.
67 All options, except \fB-config\fP,
68 specify values that can also be specified in the configuration file
70 Typically, customization is done via the configuration file
71 rather than command line options.
72 The options are most useful for debugging and one-shot tests.
73 .IP "\fB-config\fP \fIconfiguration_file\fP"
74 Specifies a resource file that specifies the remaining configuration
75 parameters. If no file is specified and the file
76 \fI/usr/dt/config/Xconfig\fP exists,
80 Specifies ``true'' as the value for the \fBdaemonMode\fP
83 close all file descriptors, disassociate the controlling terminal and put
84 itself in the background when it first starts up (just like the host
86 .IP "\fB-debug\fP \fIdebug_level\fP"
87 Specifies the numeric value for the \fBdebugLevel\fP
88 resource. A non-zero value causes
90 to print debugging statements to the terminal; it also disables the
91 \fBdaemonMode\fP resource, forcing
94 .IP "\fB-error\fP \fIerror_log_file\fP"
95 Specifies the value for the \fBerrorLogFile\fP resource.
96 This file contains errors from
98 as well as anything written to \fIstderr\fP by the various scripts and programs
99 run during the progress of the session.
100 .IP "\fB-nodaemon\fP"
101 Specifies ``false'' as the value for the \fBdaemonMode\fP
103 .IP "\fB-resources\fP \fIresource_file\fP"
104 Specifies the value for the \fBresources\fP resource. This file
105 is loaded using \fIxrdb (1)\fP to specify configuration parameters for the
106 authentication screen.
107 .IP "\fB-server\fP \fIserver_entry\fP"
108 Specifies the value for the \fBservers\fP resource.
109 See \fBservers\fP below for more detail.
110 .IP "\fB-udpPort\fP \fIport_number\fP"
111 Specifies the value for the \fBrequestPort\fP resource. This
112 sets the port-number that \fIdtlogin\fR monitors for XDMCP requests.
114 uses the registered well-known udp port 177, this resource should probably
115 not be changed except for debugging.
116 .IP "\fB-session\fP \fIsession_program\fP"
117 Specifies the value for the \fBsession\fP resource. This
118 indicates the program to run when the user has logged in as the session.
120 .SH "CONTROLLING THE SERVER"
122 controls local servers using POSIX signals. SIGHUP is expected to reset the
123 server, closing all client connections and performing other clean up
124 duties. SIGTERM is expected to terminate the server. If these signals do
125 not perform the expected actions,
126 the resources \fBresetSignal\fP and \fBtermSignal\fP
127 can specify alternate signals.
129 To control remote servers not using XDMCP,
131 searches the window hierarchy on the display and uses the KillClient
133 in an attempt to clean up the terminal for the next session. This
134 may not actually kill all of the clients, since only those that have created
135 windows are noticed. XDMCP provides a more sure mechanism; when
137 closes its initial connection, the session is over and the terminal is
138 required to close all other connections.
140 .SH "CONTROLLING DTLOGIN"
143 responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP,
145 rereads the configuration file and the file specified by the
146 \fBservers\fP resource and determines whether entries have been added
147 or removed. If a new entry has been added,
149 starts a session on the associated display. Entries that have been removed
150 are disabled immediately, meaning that any session in progress is
151 terminated without notice, and no new session is started.
155 terminates all sessions in progress and exits. This can be used when
156 shutting down the system.
159 .\"attempts to mark the various sub-processes for ps(1) by editing the
160 .\"command line argument list in place. Because dtlogin can't allocate additional
161 .\"space for this task, it is useful to start dtlogin with a reasonably long
162 .\"command line (15 to 20 characters should be enough). Each process that is
163 .\"servicing a display is marked "-<Display-Name>".
166 \fIDtlogin\fP invokes the user's session with the following default
171 DISPLAY is set to the associated display name
172 EDITOR is set to /usr/dt/bin/dtpad
173 HOME is set to the home directory of the user
174 KBD_LANG is set to the value of LANG for applicable languages
175 LANG is set to the current NLS language (if any)
176 LC_ALL is set to the current NLS language (if any)
177 LC_MESSAGES is set to the current NLS language (if any)
178 LOGNAME is set to the user name
179 MAIL is set to /var/mail/$USER
180 PATH is set to the value of the \fBuserPath\fP resource
181 USER is set to the user name
182 SHELL is set to the user's default shell (from /etc/passwd)
184 TZ is set to the value of the \fBtimeZone\fP resource or system default
185 XAUTHORITY may be set to an authority file
188 Three methods are available to modify or add to this list depending on the
189 desired scope of the resulting environment variable.
191 The \fBenvironment\fP resource is available in the \fIdtlogin\fR
192 configuration file to allow
193 setting of environment variables on a global or per-display basis.
194 Variables specified by this method are available to both the display's
196 and the user's session and override any default settings.
197 The resource accepts a string of <name>=<value> pairs separated by at
200 The values specified must be constants because no shell is used to parse the
202 See the \fBResources\fP section below for details on setting this resource.
208 Dtlogin*environment: SB_DISPLAY_ADDR=0xB00000 \\
212 Note: The environment variables LANG and TZ have their own
214 in the configuration file and should not be set via \fBenvironment\fR.
216 Environment variables that require processing by a shell or are
217 dependent on the value of another environment variable can be specified
218 in the startup script \fIXsession\fR. These variables are loaded into
219 the environment of all users on the display, but not to the X server process.
220 They override any previous settings of the same variable.
221 The \fIXsession\fR script accepts ksh syntax for setting environment
231 Finally, personal environment variables can be set on a per-user basis
232 in the script file $HOME/\fI.dtprofile\fP.
233 \fIDtlogin\fP accepts either sh, ksh, or csh syntax for the commands
235 The commands should only be those that set environment variables, not any
236 that perform terminal I/O, excepting \fItset(1)\fP or \fIstty(1)\fP.
237 If the first line of \fI.dtprofile\fP is #!/bin/sh, #!/bin/ksh, or
238 #!/bin/csh, \fIdtlogin\fP uses the appropriate shell to
239 parse \fI.dtprofile\fP.
240 Otherwise, the user's default shell ($SHELL) is used.
242 .\"To ease maintenance, the user may wish to replace complementary environment
243 .\"setting commands in $HOME/\fI.profile\fP ( $HOME/\fI.login\fP ) with the
244 .\"single command ". $HOME/\fI.dtprofile\fP" (source $HOME/\fI.dtprofile\fP).
246 .SH INTERNATIONALIZATION
247 All labels and messages are localizable.
248 The message catalog \fIdtlogin.cat\fP contains the localized
249 representations of the default labels and messages.
250 \fIDtlogin\fP reads the appropriate message catalog indicated by the
251 \fBLANG\fP environment variable and displays the localized strings.
252 An option on the authentication screen allows the user to override the
253 default language for the subsequent session.
254 If the authentication screen has been localized for the selected language,
255 it is redisplayed in that language;
256 otherwise, it is displayed in the default language.
257 In either case, the \fBLANG\fP environment variable is set
258 appropriately for the resulting session.
260 The resource \fBlanguage\fP is available in the \fIdtlogin\fP configuration
261 file to change the default language for a display.
263 The resource \fBlanguagelist\fP is also available in the \fIdtlogin\fP configuration
264 file to override the default set of languages displayed on the
265 authentication screen.
270 can be controlled through the use of various configuration files, which
273 Some resources control the behavior of \fIdtlogin\fR in general, some can
274 be specified for a particular display, and others control the appearance of
275 the authentication screen.
276 The general and display-specific resources are specified in the
277 configuration file named by
278 the \fB-config\fR command line option.
279 All resources should be prepended with the application name \fBDtlogin\fR.
286 Dtlogin General Resource Set
287 Name Class Type Default
289 accessFile AccessFile String NULL
290 autoRescan AutoRescan Boolean True
291 daemonMode DaemonMode Boolean False
292 debugLevel DebugLevel Int 0
293 errorLogFile ErrorLogFile String NULL
294 errorLogSize ErrorLogSize Int 50
295 keyFile KeyFile String /usr/dt/config/Xkeys
296 lockPidFile LockPidFile Boolean True
297 pidFile PidFile String NULL
298 authDir AuthDir String /usr/dt/config
299 removeDomainname RemoveDomainname Boolean True
300 requestPort RequestPort Int 177
301 servers Servers String :0 Local local /usr/bin/X11/X :0
302 sysParmsFile SysParmsFile String /etc/src.sh
303 timeZone TimeZone String MST7MDT
304 wakeupInterval WakeupInterval Int 10
307 The \fIdtlogin\fP general resources are not display-specific and
308 are applied to all displays where appropriate.
310 .IP "\fBaccessFile\fP"
311 To prevent unauthorized XDMCP service
312 this file contains a database of hostnames which are
313 allowed direct access to this machine.
314 The format of this file is described
316 .B "Xdmcp Access Control."
318 This is a directory name that
320 uses to temporarily store authorization files for displays using XDMCP.
321 .IP "\fBautoRescan\fP"
322 This boolean controls whether
324 rescans the configuration file and server file after a session terminates
325 and the files have changed. You can force
327 to reread these files by sending a SIGHUP to the main process.
328 .IP "\fBdaemonMode\fP"
330 can make itself into an unassociated daemon process. This is
331 accomplished by forking and leaving the parent process to exit, then closing
332 file descriptors and releasing the controlling terminal. This is inconvenient
333 when attempting to debug
335 Setting this resource to "false" disables \fBdaemonMode\fP.
339 is started from /etc/inittab, it should not be run in daemon mode.
340 Otherwise the \fIinit\fP process will think it has terminated and will
341 attempt to restart it.
342 .IP "\fBdebugLevel\fP"
343 A non-zero value specified for this integer resource enables
344 debugging information to be printed. It also disables daemon mode, which
345 redirects the information into the bit-bucket. Specifying a non-zero
346 debug level also allows non-root users to run
348 which is not normally useful.
349 .IP "\fBerrorLogFile\fP"
350 Error output is normally directed at the system console. To redirect it,
351 set this resource to any file name.
352 This file also contains any output directed to stderr
353 by \fIXstartup, Xsession \fPand \fIXreset\fP, so it contains descriptions
354 of problems in those scripts as well.
355 .IP "\fBerrorLogSize\fP"
356 This resource specifies the maximum size of the error log file in kilobytes.
357 When the limit is reached, \fIdtlogin\fP will delete the oldest entries in the
358 file until the file size is reduced to 75% of the maximum.
360 XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key
363 and the terminal. This resource specifies the file containing those
364 values. Each entry in the file consists of a display name and the shared
367 does not include support for XDM-AUTHENTICATION-1 because it requires DES, which
368 is not generally distributable.
369 .IP "\fBlockPidFile\fP"
370 This is the resource that controls whether
372 uses file locking to prevent multiple logins.
374 The filename specified is created to contain an ASCII
375 representation of the process-id of the main \fIdtlogin\fP process. This is
376 quite useful when reinitializing the system.
378 also uses file locking to attempt to prevent more than one daemon running on
380 .IP "\fBremoveDomainname\fP"
381 When computing the display name for XDMCP clients, the resolver
382 typically creates a fully qualified host name for the terminal. As this is
385 removes the domain name portion of the host name if it is the same as the
386 domain name for the local host when this variable is set.
387 .IP "\fBrequestPort\fP"
388 This indicates the UDP port number that
390 uses to listen for incoming XDMCP requests. Unless you need to debug the
391 system, leave this with its default value.
393 This resource either specifies a file name full of server entries, one per
394 line (if the value starts with a slash), or a single server entry. Each
395 entry indicates a display that should constantly be managed and that is
396 not using XDMCP. Each entry consists of at least three parts: a display
397 name, a display class, a display type, and (for local servers) a command
398 line to start the server. A typical entry for local display number 0 is:
401 :0 Local local@console /usr/bin/X11/X :0
404 The display types are:
408 local a local display, i.e. one that has a server program to run
409 foreign a remote display, i.e. one that has no server program to run
413 The display name must be something that can be passed in the \fB-display\fP
414 option to any X program. This string is used in the display-specific
415 resources to specify the particular display, so be careful to match the
416 names (e.g., use ":0 local /usr/bin/X11/X :0" instead of "localhost:0 local
417 /usr/bin/X11/X :0" if your other resources are specified as
418 "Dtlogin._0.session"). The display class portion is also used in the
419 display-specific resources as the class portion of the resource. This is
420 useful if you have a large collection of similar displays (a group of
421 X terminals, for example) and want to set resources for groups of them. When using
422 XDMCP, the display is required to specify the display class, so perhaps your
423 X terminal documentation describes a reasonably standard display class
424 string for your device.
426 On local bitmaps, the user may choose a "No Windows" option via the login
427 screen, which temporarily suspends the X-server and presents
428 the traditional character "login:" prompt.
429 The user can then log in and perform non-X related tasks.
430 When the user finishes and logs out, the X-server is restarted, and
431 the login screen is redisplayed.
433 In order to support "No Windows" mode, the display must have an associated
434 Internal Terminal Emulator (\fBITE\fP) device.
437 associates the \fBITE\fP device "console" (/dev/console) with display ":0".
438 If your configuration does not match this default, specify "@<device>" for
439 the display(s) with an associated \fBITE\fP and "@none" for all other displays
440 listed in the \fBservers\fP file.
441 .IP "\fBsysParmsFile\fP"
442 This resource specifies a file containing shell commands, one of which sets
443 the timezone environment variable (TZ) for the system.
444 If the timezone is set via the shell syntax, "TZ=", \fIdtlogin\fP can
445 use this information to set the timezone for the user session.
447 This resource specifies the local time zone for \fIdtlogin\fR.
448 It is loaded into the environment of \fIdtlogin\fR as the value of
449 the variable \fBTZ\fR and inherited by all subsequent sessions.
451 Some systems maintain a configuration file that contains the timezone
452 setting (ex. /etc/src.sh).
453 See the resource \fBsysParmsFile\fP.
454 .IP "\fBwakeupInterval\fP"
455 If the user selects "No Windows" mode from the login screen, \fIdtlogin\fP
456 terminates the X-server and allows the traditional character-based login
457 prompt, "login:" to become visible.
458 If the user does not log in within 2 * \fBwakeupInterval\fP seconds, the
459 X-server is restarted. Once the user has logged in, \fIdtlogin\fP checks
460 every \fBwakeupInterval\fP seconds to see if the user has logged out. If
461 so, the X-server is restarted and the login screen is redisplayed.
468 Dtlogin Display Resource Set
469 Name Class Type Default
471 authorize Authorize Boolean False
472 authName AuthName String MIT-MAGIC-COOKIE-1
473 authFile AuthFile String /usr/dt/config/auth-server
474 cpp Cpp String /lib/cpp
475 environment Environment String NULL
476 failsafeClient FailsafeClient String /usr/bin/X11/xterm
477 grabServer GrabServer Boolean True
478 grabTimeout GrabTimeout Int 3 sec.
479 language Language String NULL
480 languageList LanguageList String NULL
481 openDelay OpenDelay Int 5 sec.
482 openRepeat OpenRepeat Int 5 sec.
483 openTimeout OpenTimeout Int 30 sec.
484 pingInterval PingInterval Int 5 min.
485 pingTimeout PingTimeout Int 5 min.
486 reset Reset String NULL
487 resetForAuth ResetForAuth Boolean False
488 resetSignal Signal Int 1 (SIGHUP)
489 resources Resources String NULL
490 session Session String NULL
491 startAttempts StartAttempts Int 4
492 startup Startup String NULL
493 systemPath SystemPath String /usr/bin/X11:/bin:/usr/bin:/etc
494 systemShell SystemShell String /bin/sh
495 terminateServer TerminateServer Boolean False
496 termSignal Signal Int 15 (SIGTERM)
497 userAuthDir UserAuthDir String /tmp
498 userPath UserPath String /usr/bin/X11:/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin
499 dtlite Dtlite Boolean False
500 xrdb Xrdb String /usr/bin/X11/xrdb
504 \fIDtlogin\fR display resources can be specified for all displays or for
505 a particular display.
506 To specify a particular display,
507 the display name is inserted into the resource name between
508 ``Dtlogin'' and the final resource name segment.
509 For example, \fBDtlogin.expo_0.startup\fP is the name of the
510 resource defining the startup shell file on the ``expo:0'' display.
512 manager separates the name of the resource from its value with colons, and
513 separates resource name parts with dots, so
515 uses underscores for the dots and colons when generating the resource
518 Resources can also be specified for a class of displays by inserting the
519 class name instead of a display name.
520 A display that is not managed by XDMCP can have its class affiliation
521 specified in the file referenced by the \fBservers\fR resource.
522 A display using XDMCP supplies its class affiliation as part of the
525 .IP "\fBauthorize\fP"
526 \fBauthorize\fP is a boolean resource that controls whether
528 generates and uses authorization for the server connections. (See
531 If \fBauthorize\fP is used, \fBauthName\fP specifies the type of
532 authorization to be used.
535 supports only MIT-MAGIC-COOKIE-1 authorization,
537 could be supported, but DES is not generally distributable. XDMCP
538 connections state which authorization types are supported dynamically, so
539 \fBauthName\fP is ignored in this case.
540 .\"When \fBauthorize\fP is set for a
541 .\"display and authorization is not available, the user is informed by having a
542 .\"different message displayed in the login widget.
543 (See \fBauthorize\fP.)
545 This file is used to communicate the authorization data from \fIdtlogin\fP to
546 the server, using the \fI-auth\fP server command line option. It should be
547 kept in a write-protected directory to prevent its erasure, which would
548 disable the authorization mechanism in the server.
550 This specifies the name of the C preprocessor that is used by xrdb.
551 .IP "\fBenvironment\fP"
552 This resource can contain a set of <name>=<value> pairs separated by a space
554 Each item is loaded into the environment of the server and session.
555 See the \fBEnvironment\fR section for details.
556 .IP "\fBfailsafeClient\fP"
557 If the default session fails to execute,
559 falls back to this program. This program is executed with no
560 arguments, but executes using the same environment variables as
561 the session would have had. (See \fBThe Xsession File\fP below.)
562 .IP "\fBgrabServer\fP (See \fBgrabTimeout\fP.)"
563 .IP "\fBgrabTimeout\fP"
566 grabs the server and keyboard while reading the name and password. The
567 \fBgrabServer\fP resource specifies if the server should be held while
568 the name and password is read. When FALSE, the server is ungrabbed
569 after the keyboard grab succeeds; otherwise, the server is grabbed until just
570 before the session begins. The \fBgrabTimeout\fP resource specifies
573 will wait for the grab to succeed. The grab may fail if some other
574 client has the server grabbed, or possibly if the network latencies
575 are very high. The \fBgrabTimeout\fP resource has a default of
576 3 seconds; be cautious when using this resource, since a user
577 can be deceived by a look-alike window on the display. If the grab fails,
579 kills and restarts the server (if possible) and session.
581 Some X-terminals cannot display their configuration screens while the server
583 Setting \fBgrabServer\fP to false will allow the screens to be displayed,
584 but opens the possibility that a user's login name can be stolen by copying
585 the contents of the login screen.
586 Since the keyboard is still grabbed and the password is not echoed, the
587 password cannot be stolen.
589 This resource specifies the default setting for the \fBLANG\fR environment
591 If the \fIdtlogin\fR screen is localized for that
592 language, it is displayed appropriately; otherwise, it is displayed
594 The user may temporarily override this setting via an option on the login
596 When the subsequent session terminates, the \fBLANG\fR variable
597 reverts to this setting.
598 .IP "\fBlanguageList\fP"
599 This resource allows the user to override the default set of languages
600 displayed in the "Language" menu of the login screen.
601 It is useful if the set of languages actually used on a particular display
602 is smaller than the set installed on the system.
603 The resource value is a list of valid values for the \fBLANG\fP environment
605 Language values should be separated by one or more spaces or tabs.
606 .IP "\fBopenDelay\fP (See \fBstartAttempts\fP.)"
607 .IP "\fBopenRepeat\fP (See \fBstartAttempts\fP.)"
608 .IP "\fBopenTimeout\fP (See \fBstartAttempts\fP.)"
609 .IP "\fBpingInterval\fP (See \fBpingTimeout\fP.)"
610 .IP "\fBpingTimeout\fP"
611 To discover when remote displays disappear,
613 occasionally "pings" them, using an X connection and sending XSync
614 requests. \fBpingInterval\fP specifies the time (in minutes) between
615 successive ping attempts, and \fBpingTimeout\fP specifies the maximum
617 minutes) for the terminal to respond to the request. If the
618 terminal does not respond, the session is terminated.
620 does not ping local displays. Although it may seem harmless, it is
621 undesirable when the workstation session is terminated as a result of the
622 server hanging for NFS service and not responding to the ping.
624 This specifies a program that is run (as root) after the session terminates.
625 By default no program is run.
626 The conventional name is \fIXreset\fP. See
627 \fBThe Xreset File\fP below.
628 .IP "\fBresetForAuth\fP"
629 The original implementation of authorization in the sample server reread the
630 authorization file at server reset time, instead of when checking the
631 initial connection. Since
633 generates the authorization information just before connecting to the
634 display, an old server does not get current authorization information.
637 to send SIGHUP to the server after setting up the file, causing an
638 additional server reset to occur, during which time the new authorization
640 .IP "\fBresetSignal\fP"
641 This resource specifies the signal
643 sends to reset the server.
644 See the section \fBControlling The Server\fP
645 .IP "\fBresources\fP"
646 This resource specifies the name of the file to be loaded by \fIxrdb (1)\fP
647 as the resource data-base onto the root window of screen 0 of the display.
648 This resource data base is loaded just before the authentication procedure
649 is started, so it can control the appearance of the "login" window. See the
650 section below on the authentication screen, which describes the various
651 resources that are appropriate to place in this file. There is no
652 default value for this resource, but the conventional name is \fIXresources\fP.
653 See \fBAuthentication Screen Resources\fP below.
655 This specifies the session to be executed (not running as root).
656 By default, \fI/usr/bin/X11/xterm\fP is
657 run. The conventional name is \fIXsession\fP. See \fBThe Xsession File\fP
659 .IP "\fBstartAttempts\fP"
660 Four numeric resources control the behavior of
662 when attempting to open reluctant servers: \fBopenDelay\fP,
663 \fBopenRepeat\fP, \fBopenTimeout\fP, and \fBstartAttempts\fP.
664 \fBopenDelay\fP is the duration (in seconds) between successive attempts;
665 \fBopenRepeat\fP is the number of attempts to make; \fBopenTimeout\fP is
666 the amount of time to wait while actually attempting the opening (i.e.,
667 the maximum time spent in the \fIconnect\fP (2) syscall); and
668 \fBstartAttempts\fP is the number of times the entire process occurs before
669 giving up on the server. After \fBopenRepeat\fP attempts have been made,
670 or if \fBopenTimeout\fP seconds elapse in any particular attempt,
672 terminates and restarts the server, attempting to connect again. This
673 process is repeated \fBstartAttempts\fP time, at which point the display is
674 declared dead and disabled. (See \fBopenDelay\fP, \fBopenRepeat\fP,
675 and \fBopenTimeout\fP.)
677 This specifies a program that is run (as root) after the authentication
678 process succeeds. By default, no program is run. The conventional name for a
679 file used here is \fIXstartup\fP. See the \fBXstartup\fP section below.
680 .IP "\fBsystemPath\fP"
682 sets the PATH environment variable for the startup and reset scripts to the
683 value of this resource. Note the
684 conspicuous absence of "." from this entry. This is a good practice to
685 follow for root; it avoids many system penetration
687 .IP "\fBsystemShell\fP"
689 sets the SHELL environment variable for the startup and reset scripts to the
690 value of this resource.
691 .IP "\fBterminateServer\fP"
692 This boolean resource specifies whether the X server should be terminated
693 when a session terminates (instead of resetting it).
695 used if the server tends to grow without bound over
696 time in order to limit
697 the amount of time the server is run continuously.
698 .IP "\fBtermSignal\fP"
699 This resource specifies the signal
701 sends to terminate the server.
702 See the section \fBControlling The Server\fP
703 .IP "\fBuserAuthDir\fP"
706 cannot write to the usual user authorization file ($HOME/.Xauthority),
707 it creates a unique file name in this directory and points the environment
708 variable XAUTHORITY at the created file.
711 sets the PATH environment variable for the session to this value. It should
712 be a colon-separated list of directories; see \fIsh(1)\fP for a full
715 Setting this resource to "True" restricts the display to only allowing
716 fail-safe or DT Lite sessions.
717 The "HP DT Session" selection is disabled.
719 Specifies the program used to load the resources.
721 .SH "AUTHENTICATION SCREEN RESOURCES"
722 The authentication screen reads a name-password pair
724 As this is a Motif toolkit client, colors, fonts and
725 some layout options can be controlled with resources.
726 Resources for this screen
727 should be put into the file named by the
728 \fBresources\fP resource.
730 The default logo on the authentication screen may be replaced
733 The following resources are available in addition to the standard Motif set
734 in order to control positioning of the logo and the drop shadow.
735 The resources should be prefaced with the string \fBDtlogin*logo*\fR
744 Name Class Type Default
746 bitmapFile BitmapFile String NULL
747 dropShadowBackground DropShadowBackground Pixel dynamic
748 dropShadowForeground DropShadowForeground Pixel dynamic
749 dropShadowBackgroundPixmap DropShadowBackgroundPixmap String dynamic
750 dropShadowThickness DropShadowThickness Int dynamic
751 verticalOffset VerticalOffset Int dynamic
757 .IP "\fBbitmapFile\fP"
758 Specifies the absolute path name to the bitmap file to be used for the logo.
759 .IP "\fBdropShadowBackground\fP"
760 Specifes the background color for the drop shadow.
761 .IP "\fBdropShadowForeground\fP"
762 Specifes the foreground color for the drop shadow.
763 .IP "\fBdropShadowBackgroundPixmap\fP"
764 Specifes the pixmap to be used for the drop shadow.
765 This can either be a built-in Motif pixmap or the absolute path name to
766 a bitmap to be used as the tile for the drop shadow.
767 .IP "\fBdropShadowThickness\fP"
768 Specifes the thickness of the drop shadow in units of pixels.
769 .IP "\fBverticalOffset\fP"
770 Specifes the percentage of the logo to be positioned vertically off the main
772 By default the logo is centered horizontally and positioned vertically by
773 this amount above the matte.
774 This resource is ignored if \fBy\fR is specified.
776 Specifes the \fIx\fR origin for the logo in units of pixels.
777 This resource overrides the default horizontal centering of the logo.
779 Specifes the \fIy\fR origin for the logo in units of pixels.
780 This resource overrides the default vertical positioning of the logo.
783 The default welcome message on the authentication screen may also be replaced
784 with a message of the user's choice.
785 The following resources are available
786 to control content and positioning of the welcome message.
787 The resources should be prefaced with the string \fBDtlogin*greeting*\fR
795 Greeting Resource Set
796 Name Class Type Default
798 alignment Alignment char ALIGNMENT_CENTER
799 background Background Pixel dynamic
800 foreground Foreground Pixel dynamic
801 fontList FontList FontList dynamic
802 labelString String String Welcome to %LocalHost%
808 .IP "\fBalignment\fP"
809 Specifies the alignment of text in the welcome message. Possible values
810 are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER, and ALIGNMENT_END.
811 .IP "\fBbackground\fP"
812 Specifes the background color for the welcome message.
813 .IP "\fBforeground\fP"
814 Specifes the foreground color for the welcome message.
816 Specifes the font to use for the welcome message.
817 .IP "\fBlabelString\fP"
818 Specifes the text to use in the welcome message.
819 Multiple lines can be specified by including newline characters, "\\n",
820 in the text. If the token %LocalHost% is included in the text, it will
821 be replaced with the name of the host providing login service.
823 Specifes the \fIx\fR origin for the welcome message in units of pixels.
824 By default the welcome message is centered horizontally in the login matte.
825 While in the matte it is clipped to the matte boundaries. If it is
826 positioned outside the matte, it may extend to the screen boundaries.
828 Specifes the \fIy\fR origin for the welcome message in units of pixels.
829 By default the message is positioned slightly above the login area of the
833 .SH "XDMCP ACCESS CONTROL"
835 The database file specified by the \fBDtlogin.accessFile\fP resource
836 provides information which
838 uses to control access from displays requesting XDMCP service. This file
839 contains entries which control the response to
840 Direct and Broadcast queries.
842 The format of an entry is either a host name or a
844 A pattern is distinguished from a host name by the inclusion of
845 one or more meta characters (`*' matches any sequence of 0 or more
846 characters, and `?' matches any single character) which are compared against
847 the host name of the display device.
848 If the entry is a host name, all comparisons are done using
849 network addresses, so any name which converts to the correct network address
851 For patterns, only canonical host names are used
852 in the comparison, so ensure that you do not attempt to match
854 Preceding either a host name or a pattern with a `!' character
856 match that entry to be excluded.
858 When checking access for a particular display host, each entry is scanned in
859 turn and the first matching entry determines the response.
861 Blank lines are ignored, `#' is treated as a comment
862 delimiter causing the rest of that line to be ignored,
863 and `\e\fInewline\fP'
864 causes the newline to be ignored, allowing indirect host lists to span
867 Here is an example Xaccess file:
872 # Xaccess \- XDMCP access control file
875 !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
876 bambi.ogi.edu # allow access from this particular display
877 *.lcs.mit.edu # allow access from any display in LCS
880 If XDMCP access is granted, a temporary file may be created in the
881 \fBauthDir\fR directory which contains authorization information for the
883 It is deleted when the session starts.
885 .SH "SESSION STARTUP"
887 Three files are provided to assist in session startup.
888 They can be replaced by other mechanisms via \fIdtlogin\fP resources.
889 .SH "The Xstartup File"
891 This file is typically a shell script. It is run as "root" and should be
892 very careful about security. This is the place to put commands that
893 display the message of the day or do other system-level functions on
895 Various environment variables are set for the use of this script:
899 DISPLAY is set to the associated display name
900 HOME is set to the home directory of the user
901 PATH is set to the value of the \fBsystemPath\fP resource
902 USER is set to the user name
903 SHELL is set to the value of the \fBsystemShell\fP resource
904 .\" XAUTHORITY may be set to an authority file
908 No arguments of any kind are passed to the script.
910 waits until this script exits before starting the user session. If the
911 exit value of this script is non-zero,
913 discontinues the session immediately and starts another authentication
915 .SH "The Xsession File"
917 This script reads in the user's personal environment from
918 $HOME/\fI.dtprofile\fP
919 and then invokes the desired session manager.
921 the permissions of the authorized user, and has several environment variables
923 See the \fBEnvironment\fP section for a list of the pre-set variables.
925 .\"\fIXsession\fP tries three types of startup mechanisms.
926 .\"By default, the HP DT Session Manager \fIdtsession\fP, is invoked
927 .\"if it is installed and executable.
928 .\"Otherwise, \fIXsession\fP looks for
929 .\"the file $HOME/\fI.xsession\fP.
930 .\"This is the startup mechanism used by the MIT client \fIXDM\fP and
931 .\"contains commands to invoke clients for the user's session.
932 .\"If \fI.xsession\fP does not exist, \fIXsession\fP looks for the file
933 .\"$HOME/\fI.x11start\fP.
934 .\"If found, \fIXsession\fP runs the program \fIxinit\fP and pass this file
937 .\"Failing to find any of these files, \fIXsession\fP starts the Motif
938 .\"window manager and a single hpterm client.
939 .SH "The Xreset File"
941 Symmetrical with \fIXstartup\fP, this script is run after the user session has
942 terminated. Run as root, it should probably contain commands that undo
943 the effects of commands in \fIXstartup\fP, such as
944 unmounting directories from file servers. The collection of environment
945 variables that were passed to \fIXstartup\fP are also
946 given to \fIXreset\fP.
951 is designed to operate in a wide variety of environments.
952 The following setup is a good place to start, but may not be "typical"
953 in many environments.
957 configuration file should be set up. A good thing to do is to
958 make a directory (ex. \fI/usr/dt/config\fP)
959 that contains all of the relevant
960 files. Here is a typical configuration file, which could be
961 named \fIXconfig\fP :
966 Dtlogin.errorLogFile: /usr/dt/config/Xerrors
967 Dtlogin.pidFile: /usr/dt/config/Xpid
968 Dtlogin.accessFile: /usr/dt/config/Xaccess
969 Dtlogin.servers: /usr/dt/config/Xservers
971 Dtlogin*resources: /usr/dt/config/Xresources
972 Dtlogin*startup: /usr/dt/config/Xstartup
973 Dtlogin*session: /usr/dt/config/Xsession
974 Dtlogin*reset: /usr/dt/config/Xreset
977 As you can see, this file simply contains references to other files. Note
978 that some of the resources are specified with ``*'' separating the
979 components. These resources can be made unique for each different display,
980 by replacing the ``*'' with the display-name.
981 See the \fBResources\fP section for a complete discussion.
983 The first file \fI/usr/dt/config/Xservers\fP contains the list of displays to
984 manage. Most workstations have only one display, numbered 0, so the file
989 :0 Local local /usr/bin/X11/X :0
993 This keeps \fI/usr/bin/X11/X\fP running on this display and
994 manage a continuous cycle of sessions.
996 The file \fI/usr/dt/config/Xerrors\fP contains error messages from
998 and anything output to stderr by \fIXstartup, Xsession or Xreset\fP. When
999 you have trouble getting
1001 working, check this file to see if
1003 has any clues to the trouble.
1005 can become quite large and should be trimmed periodically.
1007 The next configuration entry, \fI/usr/dt/config/Xresources\fP, is loaded onto
1008 the display as a resource database using \fIxrdb (1)\fP. As the authentication
1009 screen reads this database before starting up, it usually contains
1010 parameters for that screen.
1012 .SH "SOME OTHER POSSIBILITIES"
1016 to run a single session at a time
1017 by specifying the server on the command
1022 dtlogin -server ":0 HP-TVRX local /usr/bin/X11/X :0"
1026 If you have an X terminal that supports the XDMCP protocol, an
1027 entry for that terminal in \fIXservers\fR is not required.
1028 If you have a file server and all X terminals support XDMCP, then
1029 \fIXservers\fR would contain no entries.
1031 Configurations may contain combinations of
1032 local servers, X terminals without XDMCP, and X terminals
1036 Copyright 1988, Massachusetts Institute of Technology
1038 (c) Copyright 1993, 1994 Hewlett-Packard Company
1040 (c) Copyright 1993, 1994 International Business Machines Corp.
1042 (c) Copyright 1993, 1994 Sun Microsystems, Inc.
1044 (c) Copyright 1993, 1994 Novell, Inc.
1046 See \fIX(1)\fP for a full statement of rights and permissions.
1050 is based on the MIT client \fIXDM\fR, authored by Keith Packard.
1053 Massachusetts Institute of Technology
1055 Hewlett-Packard Company
1057 International Business Machines Corp.
1059 Sun Microsystems, Inc.
1064 \fBconnect(2)\fP, \fBlogin(1)\fP, \fBgetty(1M)\fP, \fBsh(1)\fP,
1065 \fBstty(1)\fP, \fBtset(1)\fP, \fBX(1)\fP,
1066 \fBxinit(1M)\fP, \fBxrdb(1)\fP, and \fBXDMCP\fP.