The dtlogin
client supports the following key tasks:
Launch of
dtgreet(X1)
login screen for explicitly managed local and
remote displays and XDMCP managed remote displays.
Access to traditional terminal (character) login from GUI login screen.
System dependent user authentication and login.
Launching the selected session.
The dtlogin client provides services similar to
those provided by
init(1M),
getty(1M),
and
login(1)
on character terminals: prompting for login and
password, authenticating the user, and running a ``session.''
A ``session'' is defined by the lifetime of a particular
process; in the traditional character-based terminal world, it
is the user's login shell process. In the DT context, it is the
DT Session Manager.
NOTE:
Each dtlogin session consumes one UnixWare 7 user license.
If the DT Session Manager is not used, the typical substitute is
either a window manager with an exit option, or a terminal emulator
running a shell, where the lifetime of the terminal emulator is the
lifetime of the shell process that it is running; thus reducing the X
session to an emulation of the character-based terminal session.
When the session is terminated,
dtlogin
resets the X server and
(optionally) restarts the whole process.
The dtlogin
client supports management of remote displays using the X Display
Manager Control Protocol, Version 1.0. (XDMCP).
When dtlogin
receives an Indirect query via XDMCP, it can run a
chooser process to perform an XDMCP BroadcastQuery (or an
XDMCP Query to specified hosts) on behalf of the display and
offer a menu of possible hosts that offer XDMCP display
management. This feature is useful with X terminals that do
not offer a host menu themselves.
Because dtlogin
provides the first interface that users see, it is
designed to be simple to use and easy to customize to the needs of a
particular site.
Login window
The dtgreet login window allows the user to enter a
user ID and password, select a startup session and select a
startup locale. Users may also
reset the X server or temporarily suspend the X server to access the
character login prompt. For a description of the login window's
contents, see the
dtgreet(X1)
manual page.
Controlling the server
The
dtlogin
client controls local servers using
POSIX
signals.
SIGHUP
is expected to reset the server, closing all client
connections and performing other clean up duties.
SIGTERM
is expected to terminate the server. If these signals do not perform the
expected actions, the resources resetSignal and termSignal can specify
alternate signals.
To control remote servers not using XDMCP,
dtlogin
searches the window
hierarchy on the display and uses the KillClient X protocol request in
an attempt to clean up the terminal for the next session. This may
not actually kill all of the clients, since only those that have
created windows are noticed. XDMCP provides a more sure mechanism;
when
dtlogin
closes its initial connection, the session is over and
the terminal is required to close all other connections.
Controlling dtlogin
The
dtlogin
client responds to two signals:
SIGHUP
and
SIGTERM.
When sent a
SIGHUP,
dtlogin rereads the configuration file
and the file specified by the servers resource and determines whether
entries have been added or removed. If a new entry has been added,
dtlogin starts a session on the associated display. Entries that have
been removed are disabled immediately, meaning that any session in
progress is terminated without notice, and no new session is started.
When sent a
SIGTERM,
dtlogin terminates all sessions in progress and exits. This can
be used when shutting down the system.
Internationalization
All labels and messages are localizable. The message catalog
dtlogin.cat contains the localized
representations of the default labels and messages.
The
dtlogin
client reads the
appropriate message catalog
indicated by the
LANG
environment variable and displays the localized strings. An
option on the authentication screen allows the user to override the
default language for the
subsequent session. If the authentication screen has been localized
for the selected language, it is
redisplayed in that language; otherwise, it is displayed in the
default language. In either case, the
LANG environment variable is set appropriately for the resulting session.
The resource
language
is available in the
dtlogin
configuration file to change the default
language for a display. The resource
languageList
is available in the
dtlogin
configuration file to override the default set of languages displayed
on the authentication screen. The resource
languageName
is available to provide a mapping from locale names to
the text displayed on the Language menu.
Authentication and auditing
The
dtlogin
client performs traditional local UNIX login and auditing. Additional
authentication or auditing
function such as Kerberos or B1 may be added by individual vendors.
X server security
The X server provides both user-based and host-based access control.
By default,
dtlogin
uses user-based access control to the X server
(MIT-MAGIC-COOKIE-1). This
level of security allows access control on a per-user basis. It is
based on a scheme where if a client
passes authorization data which is the same as the server has, it is
allowed access. When a user
logs in, this authorization data is by default stored and protected in
the
$HOME/.Xauthority
file.
However, using host-based access control mechanisms may be preferable
in environments with
unsecure networks as user-based access control allows any host to
connect, given that it has
discovered the private key. Another drawback to user-based access
control is that R2 or R3 clients
will be unable to connect to the server.
The
authorize
resource controls whether user-based or host-based access control is
used by
dtlogin.
See also the
Xserver,
Xsecurity,
xhost,
and
xauth
man pages for more information.
Options
All options, except
-config,
specify values that can also be specified
in the configuration file as
resources. Typically, customization is done via the configuration file
rather than command line
options. The options are most useful for debugging and one-shot tests.
-configconfiguration_file
Specifies a resource file that specifies the remaining configuration
parameters. This replaces the
dtlogin default Xconfig file. See the Xconfig section for more information.
-daemon
Specifies ``true'' as the value for the daemonMode
resource. This makes dtlogin close
all file descriptors, disassociate the controlling terminal and put
itself in the background when it first
starts up (just like the host of other daemons).
-debugdebug_level
Specifies the numeric value for the
debugLevel
resource. A non-zero value causes
dtlogin to print debugging statements to the terminal; it also disables the
daemonMode
resource, forcing
dtlogin
to run synchronously.
-errorerror_log_file
Specifies the value for the
errorLogFile
resource. See the Xerrors section for more
information.
-nodaemon
Specifies ``false'' as the value for the
resource.
-resourcesresource_file
Specifies the value for the
resources
resource. See the Xresources section for more information.
-serverserver_entry
Specifies the value for the
servers
resource. See the Xservers section for more
information.
-udpPortport_number
Specifies the value for the
requestPort
resource. This sets the port-number that
dtlogin monitors for XDMCP requests. Since XDMCP uses the registered
well-known udp port 177,
this resource should probably not be changed except for debugging.
-sessionsession_program
Specifies the value for the
session
resource. See the Xsession section for more information.
Environment
The dtlogin client invokes the user's session with
the following default environment:
DISPLAY
is set to the associated display name
EDITOR
is set to /usr/dt/bin/dtpad
HOME
is set to the home directory of the user
KBD_LANG
is set to the value of LANG for applicable languages
LANG
is set to the current NLS language (if any)
LC_ALL
is set to the current NLS language (if any)
LC_MESSAGES
is set to the current NLS language (if any)
LOGNAME
is set to the user name
MAIL
is set to
/usr/mail/$USER
(system dependent)
PATH
is set to the value of the userPath resource
USER
is set to the user name
SHELL
is set to the user's default shell (from
/etc/passwd)
TERM
is set to
dtterm
TZ
is set to the value of the
timeZone
resource or system default
XAUTHORITY
may be set to an authority file
Adding to the environment list
Four methods are available to modify or add to this list depending on
the desired scope of the resulting environment variable.
The
exportList
resource is available to allow the export of variables provided to
the
dtlogin
process by its parent. Variables specified by this method
are available to both the display's X server process and the user's
session and override any default settings. The resource accepts a
string of <name> separated by at least one space or tab.
The
environment
resource is available in the
dtlogin
configuration file to allow
setting of environment variables on a global or per-display basis.
Variables specified by this method are available to both the display's
X server process and the user's session and override any default
settings. The resource accepts a string of <name>=<value> pairs
separated by at least one space or tab. The values specified must be
constants because no shell is used to parse the string. See the
Resources section for details on setting this resource.
Note: The environment variables LANG and TZ have their own dedicated
resources in the configuration file and should not be set via
environment.
Environment variables that require processing by a shell or are
dependent on the value of another environment variable can be
specified in the startup script Xsession. These variables are loaded
into the environment of all users on the display, but not to the X
server process. They override any previous settings of the same
variable. The Xsession script accepts ksh syntax for setting
environment variables. For example:
MAIL=/usr/mail/$USER
Finally, personal environment variables can be set on a per-user basis
in the script file
$HOME/.dtprofile.
The
dtlogin
client accepts either sh, ksh, or csh syntax for the commands in this
file. The commands should only be those that set environment
variables, not any that perform terminal I/O, excepting
tset(1)
or
stty(1).
If the first line of
.dtprofile
is
#!/bin/sh,
#!/bin/ksh,
or
#!/bin/csh,
dtlogin
uses the appropriate shell to parse
.dtprofile.
Otherwise, the user's default shell ($SHELL)
is used.
Files
The dtlogin
client is designed to operate in a wide variety of environments and
provides a suite of configuration files that can be changed to suit a
particular system. The default
dtlogin
configuration files can be
found in
/usr/dt/config
with the exception of Xsession which is stored
in
/usr/dt/bin.
They are listed below:
Xconfig
specifies other
dtlogin
configuration files and
dtlogin
behavior
Xaccess
used by
dtlogin
to control access from displays requesting
XDMCP service
Xservers
contains the list of displays to for
dtlogin
to explicitly
manage
Xresources
contains resource definitions specifying the appearance
of the login screen
Xsetup
a script executed as `root' prior to display of the login screen
Xstartup
a script executed as `root' after user has successfully
authenticated
Xsession
a script executed as the authenticated `user' that starts the
user's session
Xfailsafe
a script executed as the authenticated `user' that starts a
failsafe session
Xreset
a script executed as `root' after the user's session has exited
The xconfig file
The Xconfig file contains the general resources for
dtlogin
and is the
top of the
dtlogin
configuration file tree. Xconfig specifies the
location of other
dtlogin
configuration and log files and specifies
dtlogin behavior. The location of other
dtlogin
configuration and log
files are specified by resource definitions. The defaults are listed
below:
Dtlogin.errorLogFile:
/var/dt/Xerrors
Dtlogin.pidFile:
/var/dt/Xpid
Dtlogin.accessFile:
Xaccess
Dtlogin.servers:
Xservers
Dtlogin*resources:
%L/Xresources
Dtlogin*setup:
Xsetup
Dtlogin*startup:
Xstartup
Dtlogin*reset:
Xreset
Dtlogin*failsafeClient 2.5i
Xfailsafe
Dtlogin*session 2.5i
/usr/dt/bin/Xsession
If the path specified for
accessFile,
servers,
resources,
setup,
startup,
reset,
failsafeClient,
or
session
is relative, dtlogin will first look for the file in directory
/etc/dt/config,
then
/usr/dt/config.
NOTE:
Some of the resources are specified with ``*'' separating
the components. These resources can be made unique for each different
display, by replacing the ``*'' with the display-name. See the DISPLAY
RESOURCES section for a complete discussion.
The default Xconfig file is
/usr/dt/config/Xconfig.
A system
administrator can customize Xconfig by copying
/usr/dt/config/Xconfig
to
/etc/dt/config/Xconfig
and modifying
/etc/dt/config/Xconfig.
The default Xconfig file contains the configuration and log file
entries shown above as well as a few vendor specific resource
definitions and examples. See the GENERAL RESOURCES and DISPLAY
RESOURCES sections for the complete list of resources that can be
defined in Xconfig.
The xaccess file
The database file specified by the
accessFile
resource provides information which
dtlogin
uses to control access
from displays requesting XDMCP service. This file contains three
types of entries: entries which control the response to
Direct and Broadcast queries, entries which control the
response to Indirect queries, and macro definitions.
The format of a Direct entry is either a host name or a pattern. A pattern
is distinguished from a host name by the inclusion of one or more meta
characters (`*' matches any sequence of 0 or more characters, and `?'
matches any single character) which are compared against the host name
of the display device. If the entry is a host name, all comparisons
are done using network addresses, so any name which converts to the
correct network address may be used. For patterns, only canonical host
names are used in the comparison, so ensure that you do not attempt to
match aliases. Preceding either a host name or a pattern with a `!'
character causes hosts which match that entry to be excluded.
An Indirect entry also contains a host name or pattern, but
follows it with a list of host names or macros to which
indirect queries should be sent. Indirect entries may also
specify to have
dtlogin
run
dtchooser
to offer a menu of hosts to which
a login screen can be displayed.
A macro definition contains a macro name and a list of host
names and other macros that the macro expands to. To
distinguish macros from hostnames, macro names start with a
`%' character. Macros may be nested.
When checking access for a particular display host, each entry is
scanned in turn and the first matching entry determines the response.
Direct and Broadcast entries are ignored when scanning for an Indirect
entry and vice-versa.
Blank lines are ignored, `#' is treated as a comment delimiter causing
the rest of that line to be ignored, and `\newline' causes the newline
to be ignored, allowing indirect host lists to span multiple lines.
Here is an example Xaccess file:
#
# Xaccess -- XDMCP access control file
#
#
# Direct/Broadcast query entries
#
!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
bambi.ogi.edu # allow access from this particular display
*.lcs.mit.edu # allow access from any display in LCS
#force extract to contact xenon
extract.lcs.mit.edu xenon.lcs.mit.edu
#disallow indirect access by xtra
!xtra.lcs.mit.edu dummy
#all others get to choose among %HOSTS
*.lcs.mit.edu %HOSTS
If XDMCP access is granted, a temporary file may be created in the
directory specified by
authDir
which contains authorization information for the X-terminal. It is
deleted when the session starts.
For X terminals that do not offer a host menu for use with
Broadcast or Indirect queries, the chooser program can do
this for them. In the
Xaccess
file, specify ``CHOOSER'' as
the first entry in the Indirect host list. Chooser will
send a Query request to each of the remaining host names in
the list and offer a menu of all the hosts that respond.
The list may consist of the word ``BROADCAST,'' in which
case chooser will send a Broadcast instead, again offering a
menu of all hosts that respond. Note that on some operating
systems, UDP packets cannot be broadcast, so this feature
will not work.
Example
Xaccess
file using chooser:
#offer a menu of these hosts to extract
extract.lcs.mit.edu CHOOSER %HOSTS
#offer a menu of all hosts to xtra
xtra.lcs.mit.edu CHOOSER BROADCAST
The program to use for chooser is specified by the
chooser
resource. Resources for this
program can be put into the file named by
resources.
The default Xaccess file is
/usr/dt/config/Xaccess.
A system
administrator can customize Xaccess by copying
/usr/dt/config/Xaccess
to
/etc/dt/config/Xaccess
and modifying
/etc/dt/config/Xaccess.
The default Xaccess file contains no entries.
The xservers file
Contains the list of displays to manage. See the
servers
resource description under GENERAL RESOURCES for more information.
The default Xservers file is
/usr/dt/config/Xservers.
A system
administrator can customize Xservers by copying
/usr/dt/config/Xservers
to
/etc/dt/config/Xservers
and modifying
/etc/dt/config/Xservers.
The default Xservers file contains an entry for one local display.
The xresources file
Contains the resource definitions specifying the appearance of the
login screen. See the dtgreet specification for more information.
The default Xresources file is
/usr/dt/config/Xresources.
A system
administrator can customize Xresources by copying
/usr/dt/config/Xresources
to
/etc/dt/config/Xresources
and modifying
/etc/dt/config/Xresources.
The xsetup file
This file is typically a shell script. It is run as "root" and should
be very careful about security. This script is run before the login
screen is displayed. No arguments of any kind are passed to the
script. Dtlogin waits until this script exits before displaying the
login screen.
The default Xsetup file is
/usr/dt/config/Xsetup.
A system
administrator can customize Xsetup by copying
/usr/dt/config/Xsetup
to
/etc/dt/config/Xsetup
and modifying
/etc/dt/config/Xsetup.
The default Xsetup file contains vendor specific code but typically
contains code that sets up the X server prior to the display of the
login screen, such as setting up keyboard maps.
The xstartup file
This file is typically a shell script. It is run as "root" and should
be very careful about security. This is the place to put commands that
display the message of the day or do other system-level functions on
behalf of the user. Various environment variables are set for the use
of this script:
DISPLAY
set to the associated display name
HOME
set to the home directory of the user
PATH
set to the value of the systemPath resource
USER
set to the user name
SHELL
set to the value of the systemShell resource
No arguments of any kind are passed to the script. Dtlogin waits until
this script exits before starting the user session. If the exit value
of this script is non-zero, dtlogin discontinues the session
immediately and starts another authentication cycle.
The default Xstartup file is /usr/dt/config/Xstartup.
A system
administrator can customize Xstartup by copying
/usr/dt/config/Xstartup
to
/etc/dt/config/Xstartup
and modifying
/etc/dt/config/Xstartup.
The xsession file
This script initializes a user's session and invokes the desktop
session manager. It is run with the permissions of the authorized
user, and has several environment variables pre-set. See the
Environment section for a list of the pre-set variables.
The default Xsession file is
/usr/dt/bin/Xsession.
A system
administrator can customize Xsession by copying
/usr/dt/bin/Xsession
to
/etc/dt/config/Xsession
and modifying
/etc/dt/config/Xsession.
The
session
resource defined in Xconfig must also be changed to reference the
customized Xsession file. See the Xconfig section for information on
how to update the Xconfig file.
The default Xsession file contains session initialization code. It
does contain some vendor specific code but its general function is as
follows:
Sources the user's
$HOME/.dtprofile
Sources any
/etc/dt/config/Xsession.d/*
scripts
Sources any
/usr/dt/config/Xsession.d/*
scripts
NOTE:
A non-CDE session may source files from the
/usr/dt/config/Xsession.d/cwm or the
/etc/dt/config/Xsession.d/cwm directory. See the
/usr/dt/config/sys.dtprofile
file for more information.
Launches in the background the desktop welcome client, dthello
Sources the application search path setup script, dtsearchpath
Launches in the background the help setup client, dthelpgen
Launches in the background the application manager directory setup
client, dtappgather
Execs the desktop session manager, dtsession
System administrators are discouraged from customizing the
Xsession file.
The xfailsafe file
This file contains commands to invoke a simple session for
repairs of a dysfunctional environment.
This simple session consists of a window manager
and a single terminal emulator, by default
xterm(X1).
The default Xfailsafe file is
/usr/dt/config/Xfailsafe.
A system administrator can customize Xreset by copying
/usr/dt/config/Xfailsafe to
/etc/dt/config/Xfailsafe and modifying
/etc/dt/config/Xfailsafe.
Symmetrical with Xstartup, this script is run after the user session
has terminated. Run as root, it should probably contain commands that
undo the effects of commands in Xstartup, such as unmounting
directories from file servers. The collection of environment variables
that were passed to Xstartup are also given to Xreset.
The default Xreset file is
/usr/dt/config/Xreset.
A system
administrator can customize Xreset by copying
/usr/dt/config/Xreset
to
/etc/dt/config/Xreset
and modifying
/etc/dt/config/Xreset.
Status files
The xerrors file
Contains error messages from
dtlogin
and anything output to stderr by
Xsetup, Xstartup or Xreset. The system administrator can use the
contents of this file for
dtlogin
troubleshooting. The
errorLogSize
resource limits the size of the Xerrors file and can
prevent it from growing without bound.
A system administrator can change the pathname of the Xerrors file by setting the
errorLogFile
resource in the Xconfig file. See the Xconfig section for
information on how to update the Xconfig file.
The xpid file
Contains the process ID of the master
dtlogin
process which can be
used when sending signals to
dtlogin.
A system administrator can change the pathname of the Xpid file by setting the
pidFile
resource in the Xconfig file. See the Xconfig section for information
on how to update the Xconfig file.
Resources
The
dtlogin
client is controlled via the contents of the
dtlogin
configuration
file, the default being
/usr/dt/config/Xconfig.
Some resources control the behavior of
dtlogin
in general, some can be specified for a particular display.
GENERAL RESOURCES
The
dtlogin
general resources are not display-specific and apply to
all displays where appropriate.
Name
Class
ClassType
Default
accessFile
AccessFile
String
NULL
authDir
AuthDir
String
/var/dt
autoRescan
AutoRescan
Boolean
True
daemonMode
DaemonMode
Boolean
False
debugLevel
DebugLevel
Int
0
errorLogFile
ErrorLogFile
String
NULL
errorLogSize
ErrorLogSize
Int
50
exportList
ExportList
String
NULL
fontPathHead
FontPathHead
String
NULL
fontPathTail
FontPathTail
String
NULL
keyFile
KeyFile
String
/usr/dt/config/Xkeys
lockPidFile
LockPidFile
Boolean
True
networkDevice
NetworkDevice
String
/dev/dtremote
pidFile
PidFile
String
NULL
removeDomainname
RemoveDomainname
Boolean
True
requestPort
RequestPort
Int
177
servers
Servers
String
:0 Local local /system_dependent_path/X :0
sysParmsFile
SysParmsFile
String
/system_dependent_path
timeZone
TimeZone
String
NULL
wakeupInterval
WakeupInterval
Int
10
accessFile
To prevent unauthorized XDMCP service and to allow
forwarding of XDMCP IndirectQuery requests, this file
contains a database of hostnames which are either
allowed direct access to this machine, or have a list
of hosts to which queries should be forwarded to. The
format of this file is described in the Xaccess section.
If not set, all hosts will be allowed XDMCP service.
authDir
This is a directory name that
dtlogin
uses to temporarily store
authorization files for
displays using XDMCP.
autoRescan
This boolean controls whether
dtlogin
rescans the configuration file
and server file after a session terminates and the files have changed.
You can force
dtlogin
to reread these files by sending a
SIGHUP
to the main process.
daemonMode
The
dtlogin
client can make itself into an unassociated daemon process. This is
accomplished by forking and leaving the parent process to exit, then
closing file descriptors and releasing the controlling terminal. This
is inconvenient when attempting to debug
dtlogin.
Setting this
resource to "false" disables daemonMode.
If
dtlogin
is started from
/etc/inittab,
it should not be run in
daemon mode. Otherwise the init process will think it has terminated
and will attempt to restart it.
debugLevel
A non-zero value specified for this integer resource enables debugging
information to be printed. It also disables daemon mode, which
redirects the information into the bit-bucket.
dtlogin,
which is not
normally useful.
errorLogFile
Error output is normally directed at the system console. To redirect
it, set this resource to any file name. This file contains any output
directed to stderr by Xsetup, Xstartup and Xreset.
errorLogSize
This resource specifies the maximum size of the error log file in
kilobytes. When the limit is reached
dtlogin
will delete the oldest
entries in the file until the file size is reduced to 75% of the
maximum.
exportList
This resource can contain a set of variable names
separated by a space or tab. Each variable named is
obtained from the
dtlogin
environment and loaded into the environment
of the server and session. See the Environment section for details.
fontPathHead
This resource value is prepended to the default X server font path.
fontPathTail
This resource value is appended to the default X server font path.
keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication requires that a
private key be shared between
dtlogin
and the terminal. This resource
specifies the file containing those values. Each entry in the file
consists of a display name and the shared key. By default,
dtlogin
does not include support for XDM-AUTHENTICATION-1 because it requires
DES, which is not generally distributable.
lockPidFile
This resource controls whether
dtlogin
uses file locking to prevent
multiple instances of
dtlogin
from executing concurrently.
networkDevice
For remote connections, the value for 'line' in
/etc/utmp
must also
exist as a device in the
/dev
directory for commands such as
finger
to operate properly. This resource specifies the pathname of the
/dev
file
dtlogin
will create when a remote display connects. For most
platforms, the file will be created as a symbolic link to
/dev/null.
The specified value must start with "/dev/", otherwise the value is
discarded and no file is created.
pidFile
The filename specified is created to contain an ASCII representation
of the process-ID of the main
dtlogin
process. This can be used when
sending signals to
dtlogin.
The
dtlogin
client also uses file locking to attempt
to prevent more than one
dtlogin
from running on the same machine. See
the
lockPidFile
resource for more information.
removeDomainname
When computing the display name for XDMCP clients,
dtlogin
typically
creates a fully qualified host name for the terminal. As this is
sometimes confusing,
dtlogin
removes the domain name portion of the
host name if it is the same as the domain name for the local host when
this variable is set.
requestPort
This indicates the UDP port number that
dtlogin
uses to listen for
incoming XDMCP requests. Unless you need to debug the system, leave
this with its default value.
servers
This resource either specifies a file name full of server entries, one
per line (if the value starts with a slash), or a single server entry.
Each entry indicates a display that should constantly be managed and
that is not using XDMCP.
The display name must be something that can be passed in the
-display
option to any X program. This string is used in the display-specific
resources to specify the particular display, so be careful to match
the names (e.g., use ":0 local /usr/bin/X11/X :0"
instead of "localhost:0 local /usr/bin/X11/X :0"
if your other resources are specified as "Dtlogin._0.session").
A `*' in this field will be expanded to "<hostname>:0" by
dtlogin.
DisplayClass
The display class portion is also used in the display-specific
resources as the class portion of the resource. This is useful if you
have a large collection of similar displays (a group of X terminals,
for example) and want to set resources for groups of them. When using
XDMCP, the display is required to specify the display class, so
perhaps your X terminal documentation describes a reasonably standard
display class string for your
device.
DisplayType
A DisplayType of "local" indicates that an X server should be started
for this entry. A value of "remote" indicates to attach to an existing
X server.
@ite
On local bitmaps, the user may choose a "Command Line Login" option
via the login screen, which temporarily suspends the X-server and
presents the traditional character "login:" prompt. The user can then
log in and perform non-X related tasks. When the user finishes and
logs out, the X-server is restarted, and the login screen is
redisplayed.
In order to support "Command Line Login" mode, the display must have
an associated Internal Terminal Emulator (ITE) device. By default,
dtlogin associates the ITE device "console" (/dev/console)
with display :0. If your configuration does not match this
default, specify @device for the display(s) with
an associated ITE and @none
for all other displays listed in the servers file.
Command [options]
This is the string used to start the X server.
The dtlogin client will always
connect to the X server using the DisplayName specified, so you might
need to specify an explicit connection number as an option to your X
server (:0 in the above example).
sysParmsFile
This resource specifies a file containing shell commands, one of which
sets the timezone environment variable (TZ) for the system. If the
timezone is set via the shell syntax, "TZ=",
dtlogin can use this
information to set the timezone for the user session.
timeZone
This resource specifies the local time zone for
dtlogin.
It is loaded
into the environment of
dtlogin
as the value of the variable TZ and
inherited by all subsequent sessions.
Some systems maintain a configuration file that contains the timezone
setting (ex.
/etc/src.sh).
See the
sysParmsFile
resource.
wakeupInterval
If the user selects "Command Line Login" mode from the login screen,
dtlogin terminates the X-server and allows the traditional
character-based login prompt, "login:" to become visible. If the user
does not log in within 2 * wakeupInterval seconds, the X-server is
restarted. Once the user has logged in,
dtlogin
checks every
wakeupInterval seconds to see if the user has logged out. If so, the
X-server is restarted and the login screen is redisplayed.
Display resources
The
dtlogin
client display resources can be specified for all displays or for a
particular display. To specify a particular display, the display name
is inserted into the resource name between ``Dtlogin'' and the final
resource name segment. For example,
Dtlogin.expo_0.startup
is the name
of the resource defining the startup shell file on the ``expo:0''
display. The resource manager separates the name of the resource from
its value with colons, and separates resource name parts with dots, so
dtlogin uses underscores for the dots and colons when generating the
resource name.
Resources can also be specified for a class of displays by inserting
the class name instead of a display name. A display that is not
managed by XDMCP can have its class affiliation specified in the file
referenced by the servers resource. A display using XDMCP supplies its
class affiliation as part of the XDMCP packet.
Name
ClassClass
Type
Default
authorize
Authorize
Boolean
False
authName
AuthName
String
MIT-MAGIC-COOKIE-1
authFile
AuthFile
String
NULL
chooser
Chooser
String
/usr/dt/bin/dtchooser
cpp
Cpp
String
system dep.
environment
Environment
String
system dep.
failsafeClient
FailsafeClient
String
/system_dep./xterm
grabServer
GrabServer
Boolean
True
grabTimeout
GrabTimeout
Int
3 seconds
language
Language
String
system dep.
languageList
LanguageList
String
NULL
languageName
LanguageName
String
NULL
openDelay
OpenDelay
Int
5 seconds
openRepeat
OpenRepeat
Int
5 seconds
openTimeout
OpenTimeout
Int
30 seconds
pingInterval
PingInterval
Int
5 minutes
pingTimeout
PingTimeout
Int
5 minutes
reset
Reset
String
NULL
resetForAuth
ResetForAuth
Boolean
False
resetSignal
Signal
Int
1 SIGHUP
resources
Resource
String
NULL
session
Session
String
/usr/dt/bin/Xsession
setup
Setup
String
NULL
startAttempts
StartAttempts
Int
4
startup
Startup
String
NULL
systemPath
SystemPath
String
system_dep._path
systemShell
SystemShell
String
/bin/sh
terminateServer
TerminateServer
Boolean
False
termSignal
Signal
Int
15 (SIGTERM)
userAuthDir
UserAuthDir
String
/var/dt
userPath
UserPath
String
system_dep._path
xdmMode
XdmMode
Boolean
False
xrdb
Xrdb
String
/system_dep./xrdb
authorize
Authorize is a boolean resource that controls whether
dtlogin
generates and uses authorization for the server connections. (See
authName.)
authName
If authorize is used, authName specifies the type of authorization to
be used. Currently,
dtlogin
supports only MIT-MAGIC-COOKIE-1
authorization, XDM-AUTHORIZATION-1 could be supported, but DES is not
generally distributable. XDMCP connections state which authorization
types are supported dynamically, so authName is ignored in this case.
(See authorize.)
authFile
This file is used to communicate the authorization data from
dtlogin
to the server, using the -auth server command line option. It should
be kept in a write- protected directory to prevent its erasure, which
would disable the authorization mechanism in the server. If NULL,
dtlogin will generate a file name.
chooser
Specifies the program run to offer a host menu for
indirect queries redirected to the special host name
CHOOSER. /usr/dt/bin/dtchooser is the default. See the
Xaccess section.
cpp
This specifies the path of the C preprocessor that is used by xrdb.
environment
This resource can contain a set of
<name>=<value>
pairs separated by a space or tab. Each item is loaded into the
environment of the server and session. See the Environment section for
details.
failsafeClient
If the default session fails to execute,
dtlogin
falls back to this
program. This program is executed with no arguments, but executes
using the same environment variables as the session would have had.
(See The Xfailsafe File.)
grabServer
See grabTimeout.
grabTimeout
To improve security,
dtlogin
grabs the server and keyboard while
reading the name and password. The grabServer resource specifies if
the server should be held while the name and password is read. When
FALSE, the server is ungrabbed after the keyboard grab succeeds;
otherwise, the server is grabbed until just before the session begins.
The grabTimeout resource specifies the maximum time
dtlogin
will wait
for the grab to succeed. The grab may fail if some other client has
the server grabbed, or possibly if the network latencies are very
high. The grabTimeout resource has a default of 3 seconds; be cautious
when using this resource, since a user can be deceived by a look-alike
window on the display. If the grab fails,
dtlogin
kills and restarts
the server (if possible) and session.
Some X-terminals cannot display their login screens while the server
is grabbed. Setting grabServer to false will allow the screen to be
displayed, but opens the possibility that a user's login name can be
stolen by copying the contents of the login screen. Since the keyboard
is still grabbed and the password is not echoed, the password cannot
be stolen.
language
This resource specifies the default setting for the
LANG
environment variable. If the
dtlogin
screen is localized for that
language, it is displayed appropriately; otherwise, it is displayed in
the language "C". The user may temporarily override this setting via
an option on the login screen. When the subsequent session terminates,
the
LANG
variable reverts to this setting.
languageList
This resource allows the user to override the default set of languages
displayed in the "Language" menu of the login screen. It is useful if
the set of languages actually used on a particular display is smaller
than the set installed on the system. The resource value is a list of
valid values for the LANG environment variable. Language values should
be separated by one or more spaces or tabs.
languageName
This resource allows the user to override the default locale name
displayed in the "Language" menu of the login screen with alternate
text. This way, instead of users seeing a "En_US" item, they could see
a "English (United States)" item instead. This
resource is specified as
Dtlogin *<locale name>. languageName: text
as follows:
Dtlogin*En_US.languageName: English (United States) Dtlogin*Fr_CA.languageName: French (Canadian)
openDelay
See
startAttempts
openRepeat
See
startAttempts
openTimeout
See
startAttempts
pingInterval
See
pingTimeout
pingTimeout
To discover when remote displays disappear, dtlogin
occasionally "pings" them, using an X connection and sending
XSync requests. The pingInterval
resource specifies the time (in minutes) between successive ping
attempts, and pingTimeout
specifies the maximum wait time (in minutes) for the terminal to
respond to the request. If the terminal does not respond, the session
is terminated. The dtlogin
client does not ping local displays. Although it may
seem harmless, it is undesirable when a local session is terminated as
a result of the server waiting (for remote filesystem service, for
example) and not responding to the ping.
reset
This specifies a program that is run (as root) after the session
terminates. If not set, no program is run. The conventional name is
Xreset. See The Xreset File.
resetForAuth
The original implementation of authorization in the sample server
reread the authorization file at server reset time, instead of when
checking the initial connection. Since
dtlogin
generates the
authorization information just before connecting to the display, an
old server does not get current authorization information. This
resource causes
dtlogin
to send
SIGHUP
to the server after setting up the file, causing an additional server
reset to occur, during which time the new authorization information is
read.
resetSignal
This resource specifies the signal
dtlogin
sends to reset the server.
See the section Controlling The Server
resources
This resource specifies the name of the file to be loaded by
xrdb(1)
as the resource data-base onto the root window of screen 0 of the
display. This resource data base is loaded just before the
authentication procedure is started, so it can control the appearance
of the "login" window. See the section on the authentication screen,
which describes the various resources that are appropriate to place in
this file. There is no default value for this resource, but the
conventional name is Xresources. See the Resource section.
session
This specifies the session to be executed for the authenticated user.
By default, the
/usr/dt/bin/Xsession
file is run. The conventional
name is Xsession. See The Xsession File.
setup
This specifies a program that is run (as root) prior to the display of
the authentication screen. By default, no program is run. The
conventional name for a file used here is Xsetup. See the Xsetup
section.
startAttempts
Four numeric resources control the behavior of
dtlogin
when attempting
to open reluctant servers: openDelay, openRepeat, openTimeout, and
startAttempts. openDelay is the duration (in seconds) between
successive attempts; openRepeat is the number of attempts to make;
openTimeout is the amount of time to wait while actually attempting
the opening (i.e., the maximum time spent in the connect (2) syscall);
and startAttempts is the number of times the entire process occurs
before giving up on the server. After openRepeat attempts have been
made, or if openTimeout seconds elapse in any particular attempt,
dtlogin terminates and restarts the server, attempting to connect
again. This process is repeated startAttempts time, at which point the
display is declared dead and disabled. (See openDelay, openRepeat, and
openTimeout.)
startup
This specifies a program that is run (as root) after the
authentication process succeeds. By default, no program is run. The
conventional name for a file used here is Xstartup. See the Xstartup
section.
systemPath
The
dtlogin
client sets the
PATH
environment variable for the startup and reset scripts to the value
of this resource. Note the conspicuous absence of "." from this entry.
This is a good practice to follow for root; it avoids many system
penetration schemes.
systemShell
The
dtlogin
client sets the
SHELL
environment variable for the startup and reset scripts
to the value of this resource.
terminateServer
This boolean resource specifies whether the X server should be
terminated when a session terminates (instead of resetting it). This
option can be used if the server tends to grow without bound over time
in order to limit the amount of time the server is run continuously.
termSignal
This resource specifies the signal
dtlogin
sends to terminate the
server. See the section Controlling The Server
userAuthDir
When
dtlogin
cannot write to the usual user authorization file (
$HOME/.Xauthority),
it creates a unique file name in this directory and points the
environment variable
XAUTHORITY
at the created file.
userPath
The
dtlogin
client sets the
PATH
environment variable for the session to this value. It
should be a colon-separated list of directories; see
sh(1)
for a full
description.
xdmMode
If True, the
$HOME/.xsession
file will be executed from Xsession upon user
authentication, rather than dtsession.
xrdb
Specifies the program used to load the resources.
The authentication screen reads a name-password pair from the
keyboard. As this is a Motif toolkit client, colors, fonts and some
layout options can be controlled with resources. General resources for
this screen should be put into the file named by the dtloginresources resource, the default being Xresources.
Language specific values such as text or fonts should be specified
in the Dtlogin app-defaults file.
Logo resources
Name
ClassClass
Type
Default
bitmapFile
BitmapFile
String
NULL
background
Background
Pixel
#a8a8a8
topShadowPixmap
TopShadowPixmap
String
25_foreground
The default logo on the authentication screen may be replaced with a
bitmap or pixmap of the user's choice. The resources should be
prefaced with the string Dtlogin*logo* when specified.
bitmapFile
Specifies the absolute path name to the bitmap or pixmap file to be
used for the logo.
background
Specifies the background color for the logo.
topShadowPixmap
Specifies the pixmap to use for the logo border shadow.
Greeting Resources
The following resources describe the greeting string used on the login
screen. The resources should be prefaced with the string
Dtlogin*greeting* when specified.
Name
ClassClass
Type
Default
foreground
Foreground
Pixel
black
background
Background
Pixel
dynamic
fontList
FontList
FontList
-*-*schoolbook-medium-i-normal--18-*
labelString
LabelString
String
Welcome to %LocalHost%
persLabelString
LabelString
String
Welcome %s
alignment
Alignment
String
ALIGNMENT_CENTER
foreground
Specifies the foreground color for the welcome message.
background
Specifies the background color for the welcome message. The default is
light-gray for color systems or white for monochrome systems.
fontList
Specifies the font to use for the welcome message.
labelString
Specifies the string to use for the welcome message. Multiple lines
can be specified by including newline characters (\n) in the text. If
the token %LocalHost" is included in the text, it will be replaced
with the name of the host providing login service. If the token
%DisplayName% is included in the text, it will be replaced with the
display name.
persLabelString
Specifies the string to use for the personalized welcome message. This is
the message displayed after the use name has been entered. The %s will be
replaced with the user name entered.
alignment
Specifies the string to use for the alignment of the Welcome message. Valid
values are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER and ALIGNMENT_END.
Matte resources
The following resources describe the matte layout used on the login
screen. The resources should be prefaced with the string
Dtlogin*matte. when specified.
Name
ClassClass
Type
Default
width
Width
Int
806 for Highres displays
755 for Mediumres displays
585 for lowres displays
height
Height
Int
412 for Highres displays
385 for Mediumres displays
300 for Lowres displays
width
Specifies the width to use for the login_matte.
height
Specifies the height to use for the login_matte.
The following resources describe the fonts layout used on the login
screen. The resources should be prefaced with the string
Dtlogin*. when specified.
Label resources
Name
ClassClass
Type
Default
labelFont
LabelFont
String
-*-swiss 742-bold-r-normal-*-140-*-p-100-* for lowres displays
-*-swiss 742-medium-r-normal-*-140-*-p-110-* for high res displays.
textFont
TextFont
String
-*-prestige-medium-r-normal-*-128-72-* for highres displays.
-*-helvetica-bold-r-normal-*-100-* for lowres displays
labelFont
Specifies the labelFont to use for the pushButtons and labels.
textFont
Specifies the textFont to use for the pushButtons and labels.
Localization
dtlogin(X1)
does not support dead keys or compose keys. In general, users should
not select
passwords that contain non-alphanumeric (8-bit) characters.
On the German keyboard, the following ASCII characters are
unavailable to dtlogin:
~ [ ] { } | \ @
On the Spanish keyboard, the following ASCII characters are
unavailable to dtlogin:
\ | @ # [ ] { }
On the French keyboard, the following ASCII characters are
unavailable to dtlogin:
~ # { } [ ] | ` \ ^ @
Please refer to your own keyboard for details on other characters.
Exit codes
Exit values are:
0
Successful completion.
>0
Error condition occurred.
Diagnostics
Login incorrect; please try again.
Unable to change to home directory.
Sorry. Maximum number of users already logged in.
Login error, invalid user ID.
Login error, invalid group ID.
Login error, invalid audit ID.
Login error, invalid audit flag.
Logins are currently disabled.
Your current password has expired.
Warnings
A rare race condition may occur on reboot that causes the following
dtlogin error message to be displayed on the console:
The X Server cannot be started on display machine_name:0
The message incorrectly tells you to log in to the console and
log out again to start dtlogin.
You must instead log in to the console, use
ps(1)
to identify the dtlogin process,
then send a kill -9 signal to it.
You can then run scologin start from the console.