dtlogin(X1)

dtlogin -- TED login service

Synopsis

dtlogin [ -config configuration_file ] [ -daemon ] [ -debug debug_level ] [ -error error_log_file ] [ -nodaemon ] [ -resources resource_file ] [ -server server_entry ] [ -session session_program ]

Description

Key supported tasks

The dtlogin client supports the following key tasks:

Launch of dtgreet(X1) login screen for explicitly managed local and remote displays and XDMCP managed remote displays.
Access to traditional terminal (character) login from GUI login screen.
System dependent user authentication and login.
Launching the selected session.

The dtlogin client provides services similar to those provided by init(1M), getty(1M), and login(1) on character terminals: prompting for login and password, authenticating the user, and running a ``session.''

A ``session'' is defined by the lifetime of a particular process; in the traditional character-based terminal world, it is the user's login shell process. In the DT context, it is the DT Session Manager.

NOTE: Each dtlogin session consumes one UnixWare 7 user license.

If the DT Session Manager is not used, the typical substitute is either a window manager with an exit option, or a terminal emulator running a shell, where the lifetime of the terminal emulator is the lifetime of the shell process that it is running; thus reducing the X session to an emulation of the character-based terminal session.

When the session is terminated, dtlogin resets the X server and (optionally) restarts the whole process.

The dtlogin client supports management of remote displays using the X Display Manager Control Protocol, Version 1.0. (XDMCP).

When dtlogin receives an Indirect query via XDMCP, it can run a chooser process to perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) on behalf of the display and offer a menu of possible hosts that offer XDMCP display management. This feature is useful with X terminals that do not offer a host menu themselves.

Because dtlogin provides the first interface that users see, it is designed to be simple to use and easy to customize to the needs of a particular site.

Login window

The dtgreet login window allows the user to enter a user ID and password, select a startup session and select a startup locale. Users may also reset the X server or temporarily suspend the X server to access the character login prompt. For a description of the login window's contents, see the dtgreet(X1) manual page.

Controlling the server

The dtlogin client controls local servers using POSIX signals. SIGHUP is expected to reset the server, closing all client connections and performing other clean up duties. SIGTERM is expected to terminate the server. If these signals do not perform the expected actions, the resources resetSignal and termSignal can specify alternate signals.

To control remote servers not using XDMCP, dtlogin searches the window hierarchy on the display and uses the KillClient X protocol request in an attempt to clean up the terminal for the next session. This may not actually kill all of the clients, since only those that have created windows are noticed. XDMCP provides a more sure mechanism; when dtlogin closes its initial connection, the session is over and the terminal is required to close all other connections.

Controlling dtlogin

The dtlogin client responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP, dtlogin rereads the configuration file and the file specified by the servers resource and determines whether entries have been added or removed. If a new entry has been added, dtlogin starts a session on the associated display. Entries that have been removed are disabled immediately, meaning that any session in progress is terminated without notice, and no new session is started.

When sent a SIGTERM, dtlogin terminates all sessions in progress and exits. This can be used when shutting down the system.

Internationalization

All labels and messages are localizable. The message catalog dtlogin.cat contains the localized representations of the default labels and messages. The dtlogin client reads the appropriate message catalog indicated by the LANG environment variable and displays the localized strings. An option on the authentication screen allows the user to override the default language for the subsequent session. If the authentication screen has been localized for the selected language, it is redisplayed in that language; otherwise, it is displayed in the default language. In either case, the LANG environment variable is set appropriately for the resulting session.

The resource language is available in the dtlogin configuration file to change the default language for a display. The resource languageList is available in the dtlogin configuration file to override the default set of languages displayed on the authentication screen. The resource languageName is available to provide a mapping from locale names to the text displayed on the Language menu.

Authentication and auditing

The dtlogin client performs traditional local UNIX login and auditing. Additional authentication or auditing function such as Kerberos or B1 may be added by individual vendors.

X server security

The X server provides both user-based and host-based access control.

By default, dtlogin uses user-based access control to the X server (MIT-MAGIC-COOKIE-1). This level of security allows access control on a per-user basis. It is based on a scheme where if a client passes authorization data which is the same as the server has, it is allowed access. When a user logs in, this authorization data is by default stored and protected in the $HOME/.Xauthority file.

However, using host-based access control mechanisms may be preferable in environments with unsecure networks as user-based access control allows any host to connect, given that it has discovered the private key. Another drawback to user-based access control is that R2 or R3 clients will be unable to connect to the server.

The authorize resource controls whether user-based or host-based access control is used by dtlogin. See also the Xserver, Xsecurity, xhost, and xauth man pages for more information.

Options

All options, except -config, specify values that can also be specified in the configuration file as resources. Typically, customization is done via the configuration file rather than command line options. The options are most useful for debugging and one-shot tests.

-config configuration_file: Specifies a resource file that specifies the remaining configuration parameters. This replaces the dtlogin default Xconfig file. See the Xconfig section for more information.
-daemon: Specifies ``true'' as the value for the daemonMode resource. This makes dtlogin close all file descriptors, disassociate the controlling terminal and put itself in the background when it first starts up (just like the host of other daemons).
-debug debug_level: Specifies the numeric value for the debugLevel resource. A non-zero value causes dtlogin to print debugging statements to the terminal; it also disables the daemonMode resource, forcing dtlogin to run synchronously.
-error error_log_file: Specifies the value for the errorLogFile resource. See the Xerrors section for more information.
-nodaemon: Specifies ``false'' as the value for the resource.
-resources resource_file: Specifies the value for the resources resource. See the Xresources section for more information.
-server server_entry: Specifies the value for the servers resource. See the Xservers section for more information.
-udpPort port_number: Specifies the value for the requestPort resource. This sets the port-number that dtlogin monitors for XDMCP requests. Since XDMCP uses the registered well-known udp port 177, this resource should probably not be changed except for debugging.
-session session_program: Specifies the value for the session resource. See the Xsession section for more information.

Environment

The dtlogin client invokes the user's session with the following default environment:

DISPLAY: is set to the associated display name
EDITOR: is set to /usr/dt/bin/dtpad
HOME: is set to the home directory of the user
KBD_LANG: is set to the value of LANG for applicable languages
LANG: is set to the current NLS language (if any)
LC_ALL: is set to the current NLS language (if any)
LC_MESSAGES: is set to the current NLS language (if any)
LOGNAME: is set to the user name
MAIL: is set to /usr/mail/$USER (system dependent)
PATH: is set to the value of the userPath resource
USER: is set to the user name
SHELL: is set to the user's default shell (from /etc/passwd)
TERM: is set to dtterm
TZ: is set to the value of the timeZone resource or system default
XAUTHORITY: may be set to an authority file

Adding to the environment list

Four methods are available to modify or add to this list depending on the desired scope of the resulting environment variable.

The exportList resource is available to allow the export of variables provided to the dtlogin process by its parent. Variables specified by this method are available to both the display's X server process and the user's session and override any default settings. The resource accepts a string of <name> separated by at least one space or tab.

The environment resource is available in the dtlogin configuration file to allow setting of environment variables on a global or per-display basis. Variables specified by this method are available to both the display's X server process and the user's session and override any default settings. The resource accepts a string of <name>=<value> pairs separated by at least one space or tab. The values specified must be constants because no shell is used to parse the string. See the Resources section for details on setting this resource.

For example:

Dtlogin*environment:MAIL_HOST=blancoMAIL_SERVER=pablo

Note: The environment variables LANG and TZ have their own dedicated resources in the configuration file and should not be set via environment.

Environment variables that require processing by a shell or are dependent on the value of another environment variable can be specified in the startup script Xsession. These variables are loaded into the environment of all users on the display, but not to the X server process. They override any previous settings of the same variable. The Xsession script accepts ksh syntax for setting environment variables. For example:

MAIL=/usr/mail/$USER

Finally, personal environment variables can be set on a per-user basis in the script file $HOME/.dtprofile.

The dtlogin client accepts either sh, ksh, or csh syntax for the commands in this file. The commands should only be those that set environment variables, not any that perform terminal I/O, excepting tset(1) or stty(1). If the first line of .dtprofile is #!/bin/sh, #!/bin/ksh, or #!/bin/csh, dtlogin uses the appropriate shell to parse .dtprofile. Otherwise, the user's default shell ($SHELL) is used.

Files

The dtlogin client is designed to operate in a wide variety of environments and provides a suite of configuration files that can be changed to suit a particular system. The default dtlogin configuration files can be found in /usr/dt/config with the exception of Xsession which is stored in /usr/dt/bin. They are listed below:

Xconfig: specifies other dtlogin configuration files and dtlogin behavior
Xaccess: used by dtlogin to control access from displays requesting XDMCP service
Xservers: contains the list of displays to for dtlogin to explicitly manage
Xresources: contains resource definitions specifying the appearance of the login screen
Xsetup: a script executed as `root' prior to display of the login screen
Xstartup: a script executed as `root' after user has successfully authenticated
Xsession: a script executed as the authenticated `user' that starts the user's session
Xfailsafe: a script executed as the authenticated `user' that starts a failsafe session
Xreset: a script executed as `root' after the user's session has exited

The xconfig file

The Xconfig file contains the general resources for dtlogin and is the top of the dtlogin configuration file tree. Xconfig specifies the location of other dtlogin configuration and log files and specifies dtlogin behavior. The location of other dtlogin configuration and log files are specified by resource definitions. The defaults are listed below:

Dtlogin.errorLogFile:: /var/dt/Xerrors
Dtlogin.pidFile:: /var/dt/Xpid
Dtlogin.accessFile:: Xaccess
Dtlogin.servers:: Xservers
Dtlogin*resources:: %L/Xresources
Dtlogin*setup:: Xsetup
Dtlogin*startup:: Xstartup
Dtlogin*reset:: Xreset
Dtlogin*failsafeClient 2.5i: Xfailsafe
Dtlogin*session 2.5i: /usr/dt/bin/Xsession

If the path specified for accessFile, servers, resources, setup, startup, reset, failsafeClient, or session is relative, dtlogin will first look for the file in directory /etc/dt/config, then /usr/dt/config.

NOTE: Some of the resources are specified with ``*'' separating the components. These resources can be made unique for each different display, by replacing the ``*'' with the display-name. See the DISPLAY RESOURCES section for a complete discussion.

The default Xconfig file is /usr/dt/config/Xconfig. A system administrator can customize Xconfig by copying /usr/dt/config/Xconfig to /etc/dt/config/Xconfig and modifying /etc/dt/config/Xconfig.

The default Xconfig file contains the configuration and log file entries shown above as well as a few vendor specific resource definitions and examples. See the GENERAL RESOURCES and DISPLAY RESOURCES sections for the complete list of resources that can be defined in Xconfig.

The xaccess file

The database file specified by the accessFile resource provides information which dtlogin uses to control access from displays requesting XDMCP service. This file contains three types of entries: entries which control the response to Direct and Broadcast queries, entries which control the response to Indirect queries, and macro definitions.

The format of a Direct entry is either a host name or a pattern. A pattern is distinguished from a host name by the inclusion of one or more meta characters (`*' matches any sequence of 0 or more characters, and `?' matches any single character) which are compared against the host name of the display device. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct network address may be used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Preceding either a host name or a pattern with a `!' character causes hosts which match that entry to be excluded.

An Indirect entry also contains a host name or pattern, but follows it with a list of host names or macros to which indirect queries should be sent. Indirect entries may also specify to have dtlogin run dtchooser to offer a menu of hosts to which a login screen can be displayed.

A macro definition contains a macro name and a list of host names and other macros that the macro expands to. To distinguish macros from hostnames, macro names start with a `%' character. Macros may be nested.

When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response. Direct and Broadcast entries are ignored when scanning for an Indirect entry and vice-versa.

Blank lines are ignored, `#' is treated as a comment delimiter causing the rest of that line to be ignored, and `\newline' causes the newline to be ignored, allowing indirect host lists to span multiple lines.

Here is an example Xaccess file:

# # Xaccess -- XDMCP access control file #

# # Direct/Broadcast query entries # !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra bambi.ogi.edu # allow access from this particular display *.lcs.mit.edu # allow access from any display in LCS

# # Indirect query entries #

#define %HOSTS macro %HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu \ excess.lcs.mit.edu kanga.lcs.mit.edu

#force extract to contact xenon extract.lcs.mit.edu xenon.lcs.mit.edu

#disallow indirect access by xtra !xtra.lcs.mit.edu dummy

#all others get to choose among %HOSTS *.lcs.mit.edu %HOSTS

If XDMCP access is granted, a temporary file may be created in the directory specified by authDir which contains authorization information for the X-terminal. It is deleted when the session starts.

For X terminals that do not offer a host menu for use with Broadcast or Indirect queries, the chooser program can do this for them. In the Xaccess file, specify ``CHOOSER'' as the first entry in the Indirect host list. Chooser will send a Query request to each of the remaining host names in the list and offer a menu of all the hosts that respond.

The list may consist of the word ``BROADCAST,'' in which case chooser will send a Broadcast instead, again offering a menu of all hosts that respond. Note that on some operating systems, UDP packets cannot be broadcast, so this feature will not work.

Example Xaccess file using chooser:

#offer a menu of these hosts to extract extract.lcs.mit.edu CHOOSER %HOSTS

#offer a menu of all hosts to xtra xtra.lcs.mit.edu CHOOSER BROADCAST

The program to use for chooser is specified by the chooser resource. Resources for this program can be put into the file named by resources.

The default Xaccess file is /usr/dt/config/Xaccess. A system administrator can customize Xaccess by copying /usr/dt/config/Xaccess to /etc/dt/config/Xaccess and modifying /etc/dt/config/Xaccess.

The default Xaccess file contains no entries.

The xservers file

Contains the list of displays to manage. See the servers resource description under GENERAL RESOURCES for more information.

The default Xservers file is /usr/dt/config/Xservers. A system administrator can customize Xservers by copying /usr/dt/config/Xservers to /etc/dt/config/Xservers and modifying /etc/dt/config/Xservers.

The default Xservers file contains an entry for one local display.

The xresources file

Contains the resource definitions specifying the appearance of the login screen. See the dtgreet specification for more information.

The default Xresources file is /usr/dt/config/Xresources. A system administrator can customize Xresources by copying /usr/dt/config/Xresources to /etc/dt/config/Xresources and modifying /etc/dt/config/Xresources.

The xsetup file

This file is typically a shell script. It is run as "root" and should be very careful about security. This script is run before the login screen is displayed. No arguments of any kind are passed to the script. Dtlogin waits until this script exits before displaying the login screen.

The default Xsetup file is /usr/dt/config/Xsetup. A system administrator can customize Xsetup by copying /usr/dt/config/Xsetup to /etc/dt/config/Xsetup and modifying /etc/dt/config/Xsetup.

The default Xsetup file contains vendor specific code but typically contains code that sets up the X server prior to the display of the login screen, such as setting up keyboard maps.

The xstartup file

This file is typically a shell script. It is run as "root" and should be very careful about security. This is the place to put commands that display the message of the day or do other system-level functions on behalf of the user. Various environment variables are set for the use of this script:

DISPLAY: set to the associated display name
HOME: set to the home directory of the user
PATH: set to the value of the systemPath resource
USER: set to the user name
SHELL: set to the value of the systemShell resource

No arguments of any kind are passed to the script. Dtlogin waits until this script exits before starting the user session. If the exit value of this script is non-zero, dtlogin discontinues the session immediately and starts another authentication cycle.

The default Xstartup file is /usr/dt/config/Xstartup. A system administrator can customize Xstartup by copying /usr/dt/config/Xstartup to /etc/dt/config/Xstartup and modifying /etc/dt/config/Xstartup.

The xsession file

This script initializes a user's session and invokes the desktop session manager. It is run with the permissions of the authorized user, and has several environment variables pre-set. See the Environment section for a list of the pre-set variables.

The default Xsession file is /usr/dt/bin/Xsession. A system administrator can customize Xsession by copying /usr/dt/bin/Xsession to /etc/dt/config/Xsession and modifying /etc/dt/config/Xsession. The session resource defined in Xconfig must also be changed to reference the customized Xsession file. See the Xconfig section for information on how to update the Xconfig file.

The default Xsession file contains session initialization code. It does contain some vendor specific code but its general function is as follows:

Sources the user's $HOME/.dtprofile
Sources any /etc/dt/config/Xsession.d/* scripts
Sources any /usr/dt/config/Xsession.d/* scripts
NOTE: A non-CDE session may source files from the /usr/dt/config/Xsession.d/cwm or the /etc/dt/config/Xsession.d/cwm directory. See the /usr/dt/config/sys.dtprofile file for more information.
Launches in the background the desktop welcome client, dthello
Sources the application search path setup script, dtsearchpath
Launches in the background the help setup client, dthelpgen
Launches in the background the application manager directory setup client, dtappgather
Execs the desktop session manager, dtsession

System administrators are discouraged from customizing the Xsession file.

The xfailsafe file

This file contains commands to invoke a simple session for repairs of a dysfunctional environment. This simple session consists of a window manager and a single terminal emulator, by default xterm(X1).

The default Xfailsafe file is /usr/dt/config/Xfailsafe. A system administrator can customize Xreset by copying /usr/dt/config/Xfailsafe to /etc/dt/config/Xfailsafe and modifying /etc/dt/config/Xfailsafe.

Xfailsafe is a standard feature of xdm(X1).

The xreset file

Symmetrical with Xstartup, this script is run after the user session has terminated. Run as root, it should probably contain commands that undo the effects of commands in Xstartup, such as unmounting directories from file servers. The collection of environment variables that were passed to Xstartup are also given to Xreset.

The default Xreset file is /usr/dt/config/Xreset. A system administrator can customize Xreset by copying /usr/dt/config/Xreset to /etc/dt/config/Xreset and modifying /etc/dt/config/Xreset.

Status files

The xerrors file

Contains error messages from dtlogin and anything output to stderr by Xsetup, Xstartup or Xreset. The system administrator can use the contents of this file for dtlogin troubleshooting. The errorLogSize resource limits the size of the Xerrors file and can prevent it from growing without bound.

A system administrator can change the pathname of the Xerrors file by setting the errorLogFile resource in the Xconfig file. See the Xconfig section for information on how to update the Xconfig file.

The xpid file

Contains the process ID of the master dtlogin process which can be used when sending signals to dtlogin. A system administrator can change the pathname of the Xpid file by setting the pidFile resource in the Xconfig file. See the Xconfig section for information on how to update the Xconfig file.

Resources

The dtlogin client is controlled via the contents of the dtlogin configuration file, the default being /usr/dt/config/Xconfig. Some resources control the behavior of dtlogin in general, some can be specified for a particular display.

GENERAL RESOURCES

The dtlogin general resources are not display-specific and apply to all displays where appropriate.

Name Class ClassType Default

accessFile AccessFile String NULL

authDir AuthDir String /var/dt

autoRescan AutoRescan Boolean True

daemonMode DaemonMode Boolean False

debugLevel DebugLevel Int 0

errorLogFile ErrorLogFile String NULL

errorLogSize ErrorLogSize Int 50

exportList ExportList String NULL

fontPathHead FontPathHead String NULL

fontPathTail FontPathTail String NULL

keyFile KeyFile String /usr/dt/config/Xkeys

lockPidFile LockPidFile Boolean True

networkDevice NetworkDevice String /dev/dtremote

pidFile PidFile String NULL

removeDomainname RemoveDomainname Boolean True

requestPort RequestPort Int 177

servers Servers String :0 Local local /system_dependent_path/X :0

sysParmsFile SysParmsFile String /system_dependent_path

timeZone TimeZone String NULL

wakeupInterval WakeupInterval Int 10

Name	Class	ClassType	Default
accessFile	AccessFile	String	NULL
authDir	AuthDir	String	/var/dt
autoRescan	AutoRescan	Boolean	True
daemonMode	DaemonMode	Boolean	False
debugLevel	DebugLevel	Int	0
errorLogFile	ErrorLogFile	String	NULL
errorLogSize	ErrorLogSize	Int	50
exportList	ExportList	String	NULL
fontPathHead	FontPathHead	String	NULL
fontPathTail	FontPathTail	String	NULL
keyFile	KeyFile	String	/usr/dt/config/Xkeys
lockPidFile	LockPidFile	Boolean	True
networkDevice	NetworkDevice	String	/dev/dtremote
pidFile	PidFile	String	NULL
removeDomainname	RemoveDomainname	Boolean	True
requestPort	RequestPort	Int	177
servers	Servers	String	:0 Local local /system_dependent_path/X :0
sysParmsFile	SysParmsFile	String	/system_dependent_path
timeZone	TimeZone	String	NULL
wakeupInterval	WakeupInterval	Int	10

accessFile

To prevent unauthorized XDMCP service and to allow forwarding of XDMCP IndirectQuery requests, this file contains a database of hostnames which are either allowed direct access to this machine, or have a list of hosts to which queries should be forwarded to. The format of this file is described in the Xaccess section. If not set, all hosts will be allowed XDMCP service.

authDir

This is a directory name that dtlogin uses to temporarily store authorization files for displays using XDMCP.

autoRescan

This boolean controls whether dtlogin rescans the configuration file and server file after a session terminates and the files have changed. You can force dtlogin to reread these files by sending a SIGHUP to the main process.

daemonMode

The dtlogin client can make itself into an unassociated daemon process. This is accomplished by forking and leaving the parent process to exit, then closing file descriptors and releasing the controlling terminal. This is inconvenient when attempting to debug dtlogin. Setting this resource to "false" disables daemonMode.

If dtlogin is started from /etc/inittab, it should not be run in daemon mode. Otherwise the init process will think it has terminated and will attempt to restart it.

debugLevel

A non-zero value specified for this integer resource enables debugging information to be printed. It also disables daemon mode, which redirects the information into the bit-bucket. dtlogin, which is not normally useful.

errorLogFile

Error output is normally directed at the system console. To redirect it, set this resource to any file name. This file contains any output directed to stderr by Xsetup, Xstartup and Xreset.

errorLogSize

This resource specifies the maximum size of the error log file in kilobytes. When the limit is reached dtlogin will delete the oldest entries in the file until the file size is reduced to 75% of the maximum.

exportList

This resource can contain a set of variable names separated by a space or tab. Each variable named is obtained from the dtlogin environment and loaded into the environment of the server and session. See the Environment section for details.

fontPathHead

This resource value is prepended to the default X server font path.

fontPathTail

This resource value is appended to the default X server font path.

keyFile

XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between dtlogin and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, dtlogin does not include support for XDM-AUTHENTICATION-1 because it requires DES, which is not generally distributable.

lockPidFile

This resource controls whether dtlogin uses file locking to prevent multiple instances of dtlogin from executing concurrently.

networkDevice

For remote connections, the value for 'line' in /etc/utmp must also exist as a device in the /dev directory for commands such as finger to operate properly. This resource specifies the pathname of the /dev file dtlogin will create when a remote display connects. For most platforms, the file will be created as a symbolic link to /dev/null. The specified value must start with "/dev/", otherwise the value is discarded and no file is created.

pidFile

The filename specified is created to contain an ASCII representation of the process-ID of the main dtlogin process. This can be used when sending signals to dtlogin. The dtlogin client also uses file locking to attempt to prevent more than one dtlogin from running on the same machine. See the lockPidFile resource for more information.

removeDomainname

When computing the display name for XDMCP clients, dtlogin typically creates a fully qualified host name for the terminal. As this is sometimes confusing, dtlogin removes the domain name portion of the host name if it is the same as the domain name for the local host when this variable is set.

requestPort

This indicates the UDP port number that dtlogin uses to listen for incoming XDMCP requests. Unless you need to debug the system, leave this with its default value.

servers

This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. Each entry indicates a display that should constantly be managed and that is not using XDMCP.

The general syntax for each entry is:

   DisplayName DisplayClass DisplayType[@ite] [Command [options]]

A typical entry for local display number 0 is:

   :0 Local local@console /usr/bin/X11/X :0

DisplayName: The display name must be something that can be passed in the -display option to any X program. This string is used in the display-specific resources to specify the particular display, so be careful to match the names (e.g., use ":0 local /usr/bin/X11/X :0" instead of "localhost:0 local /usr/bin/X11/X :0" if your other resources are specified as "Dtlogin._0.session"). A `*' in this field will be expanded to "<hostname>:0" by dtlogin.
DisplayClass: The display class portion is also used in the display-specific resources as the class portion of the resource. This is useful if you have a large collection of similar displays (a group of X terminals, for example) and want to set resources for groups of them. When using XDMCP, the display is required to specify the display class, so perhaps your X terminal documentation describes a reasonably standard display class string for your device.
DisplayType: A DisplayType of "local" indicates that an X server should be started for this entry. A value of "remote" indicates to attach to an existing X server.
@ite: On local bitmaps, the user may choose a "Command Line Login" option via the login screen, which temporarily suspends the X-server and presents the traditional character "login:" prompt. The user can then log in and perform non-X related tasks. When the user finishes and logs out, the X-server is restarted, and the login screen is redisplayed.
In order to support "Command Line Login" mode, the display must have an associated Internal Terminal Emulator (ITE) device. By default, dtlogin associates the ITE device "console" (/dev/console) with display :0. If your configuration does not match this default, specify @device for the display(s) with an associated ITE and @none for all other displays listed in the servers file.
Command [options]: This is the string used to start the X server. The dtlogin client will always connect to the X server using the DisplayName specified, so you might need to specify an explicit connection number as an option to your X server (:0 in the above example).

sysParmsFile

This resource specifies a file containing shell commands, one of which sets the timezone environment variable (TZ) for the system. If the timezone is set via the shell syntax, "TZ=", dtlogin can use this information to set the timezone for the user session.

timeZone

This resource specifies the local time zone for dtlogin. It is loaded into the environment of dtlogin as the value of the variable TZ and inherited by all subsequent sessions.

Some systems maintain a configuration file that contains the timezone setting (ex. /etc/src.sh). See the sysParmsFile resource.

wakeupInterval

If the user selects "Command Line Login" mode from the login screen, dtlogin terminates the X-server and allows the traditional character-based login prompt, "login:" to become visible. If the user does not log in within 2 * wakeupInterval seconds, the X-server is restarted. Once the user has logged in, dtlogin checks every wakeupInterval seconds to see if the user has logged out. If so, the X-server is restarted and the login screen is redisplayed.

Display resources

The dtlogin client display resources can be specified for all displays or for a particular display. To specify a particular display, the display name is inserted into the resource name between ``Dtlogin'' and the final resource name segment. For example, Dtlogin.expo_0.startup is the name of the resource defining the startup shell file on the ``expo:0'' display. The resource manager separates the name of the resource from its value with colons, and separates resource name parts with dots, so dtlogin uses underscores for the dots and colons when generating the resource name.

Resources can also be specified for a class of displays by inserting the class name instead of a display name. A display that is not managed by XDMCP can have its class affiliation specified in the file referenced by the servers resource. A display using XDMCP supplies its class affiliation as part of the XDMCP packet.

Name ClassClass Type Default

authorize Authorize Boolean False

authName AuthName String MIT-MAGIC-COOKIE-1

authFile AuthFile String NULL

chooser Chooser

String /usr/dt/bin/dtchooser

cpp Cpp String system dep.

environment Environment String system dep.

failsafeClient FailsafeClient String /system_dep./xterm

grabServer GrabServer Boolean True

grabTimeout GrabTimeout Int 3 seconds

language Language String system dep.

languageList LanguageList String NULL

languageName LanguageName String NULL

openDelay OpenDelay Int 5 seconds

openRepeat OpenRepeat Int 5 seconds

openTimeout OpenTimeout Int 30 seconds

pingInterval PingInterval Int 5 minutes

pingTimeout PingTimeout Int 5 minutes

reset Reset String NULL

resetForAuth ResetForAuth Boolean False

resetSignal Signal Int 1 SIGHUP

resources Resource String NULL

session Session String /usr/dt/bin/Xsession

setup Setup String NULL

startAttempts StartAttempts Int 4

startup Startup String NULL

systemPath SystemPath String system_dep._path

systemShell SystemShell String /bin/sh

terminateServer TerminateServer Boolean False

termSignal Signal Int 15 (SIGTERM)

userAuthDir UserAuthDir String /var/dt

userPath UserPath String system_dep._path

xdmMode XdmMode Boolean False

xrdb Xrdb String /system_dep./xrdb

Name	ClassClass	Type	Default
authorize	Authorize	Boolean	False
authName	AuthName	String	MIT-MAGIC-COOKIE-1
authFile	AuthFile	String	NULL
chooser		Chooser
String	/usr/dt/bin/dtchooser
cpp	Cpp	String	system dep.
environment	Environment	String	system dep.
failsafeClient	FailsafeClient	String	/system_dep./xterm
grabServer	GrabServer	Boolean	True
grabTimeout	GrabTimeout	Int	3 seconds
language	Language	String	system dep.
languageList	LanguageList	String	NULL
languageName	LanguageName	String	NULL
openDelay	OpenDelay	Int	5 seconds
openRepeat	OpenRepeat	Int	5 seconds
openTimeout	OpenTimeout	Int	30 seconds
pingInterval	PingInterval	Int	5 minutes
pingTimeout	PingTimeout	Int	5 minutes
reset	Reset	String	NULL
resetForAuth	ResetForAuth	Boolean	False
resetSignal	Signal	Int	1 SIGHUP
resources	Resource	String	NULL
session	Session	String	/usr/dt/bin/Xsession
setup	Setup	String	NULL
startAttempts	StartAttempts	Int	4
startup	Startup	String	NULL
systemPath	SystemPath	String	system_dep._path
systemShell	SystemShell	String	/bin/sh
terminateServer	TerminateServer	Boolean	False
termSignal	Signal	Int	15 (SIGTERM)
userAuthDir	UserAuthDir	String	/var/dt
userPath	UserPath	String	system_dep._path
xdmMode	XdmMode	Boolean	False
xrdb	Xrdb	String	/system_dep./xrdb

authorize

Authorize is a boolean resource that controls whether dtlogin generates and uses authorization for the server connections. (See authName.)

authName

If authorize is used, authName specifies the type of authorization to be used. Currently, dtlogin supports only MIT-MAGIC-COOKIE-1 authorization, XDM-AUTHORIZATION-1 could be supported, but DES is not generally distributable. XDMCP connections state which authorization types are supported dynamically, so authName is ignored in this case. (See authorize.)

authFile

This file is used to communicate the authorization data from dtlogin to the server, using the -auth server command line option. It should be kept in a write- protected directory to prevent its erasure, which would disable the authorization mechanism in the server. If NULL, dtlogin will generate a file name.

chooser

Specifies the program run to offer a host menu for indirect queries redirected to the special host name CHOOSER. /usr/dt/bin/dtchooser is the default. See the Xaccess section.

cpp

This specifies the path of the C preprocessor that is used by xrdb.

environment

This resource can contain a set of <name>=<value> pairs separated by a space or tab. Each item is loaded into the environment of the server and session. See the Environment section for details.

failsafeClient

If the default session fails to execute, dtlogin falls back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had. (See The Xfailsafe File.)

grabServer

See grabTimeout.

grabTimeout

To improve security, dtlogin grabs the server and keyboard while reading the name and password. The grabServer resource specifies if the server should be held while the name and password is read. When FALSE, the server is ungrabbed after the keyboard grab succeeds; otherwise, the server is grabbed until just before the session begins. The grabTimeout resource specifies the maximum time dtlogin will wait for the grab to succeed. The grab may fail if some other client has the server grabbed, or possibly if the network latencies are very high. The grabTimeout resource has a default of 3 seconds; be cautious when using this resource, since a user can be deceived by a look-alike window on the display. If the grab fails, dtlogin kills and restarts the server (if possible) and session.

Some X-terminals cannot display their login screens while the server is grabbed. Setting grabServer to false will allow the screen to be displayed, but opens the possibility that a user's login name can be stolen by copying the contents of the login screen. Since the keyboard is still grabbed and the password is not echoed, the password cannot be stolen.

language

This resource specifies the default setting for the LANG environment variable. If the dtlogin screen is localized for that language, it is displayed appropriately; otherwise, it is displayed in the language "C". The user may temporarily override this setting via an option on the login screen. When the subsequent session terminates, the LANG variable reverts to this setting.

languageList

This resource allows the user to override the default set of languages displayed in the "Language" menu of the login screen. It is useful if the set of languages actually used on a particular display is smaller than the set installed on the system. The resource value is a list of valid values for the LANG environment variable. Language values should be separated by one or more spaces or tabs.

languageName

This resource allows the user to override the default locale name displayed in the "Language" menu of the login screen with alternate text. This way, instead of users seeing a "En_US" item, they could see a "English (United States)" item instead. This resource is specified as Dtlogin *<locale name>. languageName: text as follows:

Dtlogin*En_US.languageName: English (United States)
Dtlogin*Fr_CA.languageName: French (Canadian)

openDelay

See startAttempts

openRepeat

See startAttempts

openTimeout

See startAttempts

pingInterval

See pingTimeout

pingTimeout

To discover when remote displays disappear, dtlogin occasionally "pings" them, using an X connection and sending XSync requests. The pingInterval resource specifies the time (in minutes) between successive ping attempts, and pingTimeout specifies the maximum wait time (in minutes) for the terminal to respond to the request. If the terminal does not respond, the session is terminated. The dtlogin client does not ping local displays. Although it may seem harmless, it is undesirable when a local session is terminated as a result of the server waiting (for remote filesystem service, for example) and not responding to the ping.

reset

This specifies a program that is run (as root) after the session terminates. If not set, no program is run. The conventional name is Xreset. See The Xreset File.

resetForAuth

The original implementation of authorization in the sample server reread the authorization file at server reset time, instead of when checking the initial connection. Since dtlogin generates the authorization information just before connecting to the display, an old server does not get current authorization information. This resource causes dtlogin to send SIGHUP to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information is read.

resetSignal

This resource specifies the signal dtlogin sends to reset the server. See the section Controlling The Server

resources

This resource specifies the name of the file to be loaded by xrdb(1) as the resource data-base onto the root window of screen 0 of the display. This resource data base is loaded just before the authentication procedure is started, so it can control the appearance of the "login" window. See the section on the authentication screen, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but the conventional name is Xresources. See the Resource section.

session

This specifies the session to be executed for the authenticated user. By default, the /usr/dt/bin/Xsession file is run. The conventional name is Xsession. See The Xsession File.

setup

This specifies a program that is run (as root) prior to the display of the authentication screen. By default, no program is run. The conventional name for a file used here is Xsetup. See the Xsetup section.

startAttempts

Four numeric resources control the behavior of dtlogin when attempting to open reluctant servers: openDelay, openRepeat, openTimeout, and startAttempts. openDelay is the duration (in seconds) between successive attempts; openRepeat is the number of attempts to make; openTimeout is the amount of time to wait while actually attempting the opening (i.e., the maximum time spent in the connect (2) syscall); and startAttempts is the number of times the entire process occurs before giving up on the server. After openRepeat attempts have been made, or if openTimeout seconds elapse in any particular attempt, dtlogin terminates and restarts the server, attempting to connect again. This process is repeated startAttempts time, at which point the display is declared dead and disabled. (See openDelay, openRepeat, and openTimeout.)

startup

This specifies a program that is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is Xstartup. See the Xstartup section.

systemPath

The dtlogin client sets the PATH environment variable for the startup and reset scripts to the value of this resource. Note the conspicuous absence of "." from this entry. This is a good practice to follow for root; it avoids many system penetration schemes.

systemShell

The dtlogin client sets the SHELL environment variable for the startup and reset scripts to the value of this resource.

terminateServer

This boolean resource specifies whether the X server should be terminated when a session terminates (instead of resetting it). This option can be used if the server tends to grow without bound over time in order to limit the amount of time the server is run continuously.

termSignal

This resource specifies the signal dtlogin sends to terminate the server. See the section Controlling The Server

userAuthDir

When dtlogin cannot write to the usual user authorization file ( $HOME/.Xauthority), it creates a unique file name in this directory and points the environment variable XAUTHORITY at the created file.

userPath

The dtlogin client sets the PATH environment variable for the session to this value. It should be a colon-separated list of directories; see sh(1) for a full description.

xdmMode

If True, the $HOME/.xsession file will be executed from Xsession upon user authentication, rather than dtsession.

xrdb

Specifies the program used to load the resources. The authentication screen reads a name-password pair from the keyboard. As this is a Motif toolkit client, colors, fonts and some layout options can be controlled with resources. General resources for this screen should be put into the file named by the dtlogin resources resource, the default being Xresources. Language specific values such as text or fonts should be specified in the Dtlogin app-defaults file.

Logo resources

Name ClassClass Type Default

bitmapFile BitmapFile String NULL

background Background Pixel #a8a8a8

topShadowPixmap TopShadowPixmap String 25_foreground

Name	ClassClass	Type	Default
bitmapFile	BitmapFile	String	NULL
background	Background	Pixel	#a8a8a8
topShadowPixmap	TopShadowPixmap	String	25_foreground

The default logo on the authentication screen may be replaced with a bitmap or pixmap of the user's choice. The resources should be prefaced with the string Dtlogin*logo* when specified.

bitmapFile: Specifies the absolute path name to the bitmap or pixmap file to be used for the logo.
background: Specifies the background color for the logo.
topShadowPixmap: Specifies the pixmap to use for the logo border shadow.

Greeting Resources

The following resources describe the greeting string used on the login screen. The resources should be prefaced with the string Dtlogin*greeting* when specified.

Name ClassClass Type Default

foreground Foreground Pixel black

background Background Pixel dynamic

fontList FontList FontList -*-*schoolbook-medium-i-normal--18-*

labelString LabelString String Welcome to %LocalHost%

persLabelString LabelString String Welcome %s

alignment Alignment String ALIGNMENT_CENTER

Name	ClassClass	Type	Default
foreground	Foreground	Pixel	black
background	Background	Pixel	dynamic
fontList	FontList	FontList	--schoolbook-medium-i-normal--18-*
labelString	LabelString	String	Welcome to %LocalHost%
persLabelString	LabelString	String	Welcome %s
alignment	Alignment	String	ALIGNMENT_CENTER

foreground: Specifies the foreground color for the welcome message.
background: Specifies the background color for the welcome message. The default is light-gray for color systems or white for monochrome systems.
fontList: Specifies the font to use for the welcome message.
labelString: Specifies the string to use for the welcome message. Multiple lines can be specified by including newline characters (\n) in the text. If the token %LocalHost" is included in the text, it will be replaced with the name of the host providing login service. If the token %DisplayName% is included in the text, it will be replaced with the display name.
persLabelString: Specifies the string to use for the personalized welcome message. This is the message displayed after the use name has been entered. The %s will be replaced with the user name entered.
alignment: Specifies the string to use for the alignment of the Welcome message. Valid values are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER and ALIGNMENT_END.

Matte resources

The following resources describe the matte layout used on the login screen. The resources should be prefaced with the string Dtlogin*matte. when specified.

Name ClassClass Type Default

width Width Int 806 for Highres displays

755 for Mediumres displays

585 for lowres displays

height Height Int 412 for Highres displays

385 for Mediumres displays

300 for Lowres displays

Name	ClassClass	Type	Default
width	Width	Int	806 for Highres displays
			755 for Mediumres displays
			585 for lowres displays
height	Height	Int	412 for Highres displays
			385 for Mediumres displays
			300 for Lowres displays

width: Specifies the width to use for the login_matte.
height: Specifies the height to use for the login_matte. The following resources describe the fonts layout used on the login screen. The resources should be prefaced with the string Dtlogin*. when specified.

Label resources

Name ClassClass Type Default

labelFont LabelFont String -*-swiss 742-bold-r-normal-*-140-*-p-100-* for lowres displays

-*-swiss 742-medium-r-normal-*-140-*-p-110-* for high res displays.

textFont TextFont String -*-prestige-medium-r-normal-*-128-72-* for highres displays.

-*-helvetica-bold-r-normal-*-100-* for lowres displays

Name	ClassClass	Type	Default
labelFont	LabelFont	String	--swiss 742-bold-r-normal--140--p-100- for lowres displays
			--swiss 742-medium-r-normal--140--p-110- for high res displays.
textFont	TextFont	String	--prestige-medium-r-normal--128-72-* for highres displays.
			--helvetica-bold-r-normal--100-* for lowres displays

labelFont: Specifies the labelFont to use for the pushButtons and labels.
textFont: Specifies the textFont to use for the pushButtons and labels.

Localization

dtlogin(X1) does not support dead keys or compose keys. In general, users should not select passwords that contain non-alphanumeric (8-bit) characters.

On the German keyboard, the following ASCII characters are unavailable to dtlogin:

~ [ ] { } | \ @

On the Spanish keyboard, the following ASCII characters are unavailable to dtlogin:

\ | @ # [ ] { }

On the French keyboard, the following ASCII characters are unavailable to dtlogin:

~ # { } [ ] | ` \ ^ @

Please refer to your own keyboard for details on other characters.

Exit codes

Exit values are:

0: Successful completion.
>0: Error condition occurred.

Diagnostics

Login incorrect; please try again.
Unable to change to home directory.
Sorry. Maximum number of users already logged in.
Login error, invalid user ID.
Login error, invalid group ID.
Login error, invalid audit ID.
Login error, invalid audit flag.
Logins are currently disabled.
Your current password has expired.

Warnings

A rare race condition may occur on reboot that causes the following dtlogin error message to be displayed on the console:

   The X Server cannot be started on display machine_name:0

The message incorrectly tells you to log in to the console and log out again to start dtlogin. You must instead log in to the console, use ps(1) to identify the dtlogin process, then send a kill -9 signal to it. You can then run scologin start from the console.

Standards conformance

dtlogin is not part of any currently supported standard; it was developed by TriTeal Corporation as part of the TriTeal Enterprise Desktop (TED) and is used by permission.