[PATCH app-xdm 4/4] config: upgrade to util-macros 1.8 for additional man page support
Gaetan Nadon
memsize at videotron.ca
Sat Aug 21 16:31:57 PDT 2010
Use MAN_SUBST now supplied in XORG_MANPAGE_SECTIONS
The value of MAN_SUBST is the same for all X.Org packages.
Use AC_PROG_SED now supplied by XORG_DEFAULT_OPTIONS
Use the appropriate platform version of sed
The C preprocessor is no longer required.
Signed-off-by: Gaetan Nadon <memsize at videotron.ca>
---
Makefile.am | 52 +--
configure.ac | 13 +-
man/Makefile.am | 46 ++
man/xdm.man | 1455 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
man/xdmshell.man | 108 ++++
xdm.man.cpp | 1455 ------------------------------------------------------
xdmshell.man.cpp | 108 ----
7 files changed, 1622 insertions(+), 1615 deletions(-)
create mode 100644 man/Makefile.am
create mode 100644 man/xdm.man
create mode 100644 man/xdmshell.man
delete mode 100644 xdm.man.cpp
delete mode 100644 xdmshell.man.cpp
diff --git a/Makefile.am b/Makefile.am
index c8e60d8..75527b0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,20 +19,15 @@
# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-SUBDIRS = config greeter
+SUBDIRS = config greeter man
bin_PROGRAMS = xdm
noinst_PROGRAMS =
-appman_PRE = xdm.man.cpp
-noinst_man_PRE =
-
if INSTALL_XDMSHELL
bin_PROGRAMS += xdmshell
-appman_PRE += xdmshell.man.cpp
else
noinst_PROGRAMS += xdmshell
-noinst_man_PRE += xdmshell.man.cpp
endif
xdmlibdir = $(XDMLIBDIR)
@@ -109,45 +104,6 @@ endif
#
-# xdm man page
-#
-
-appmandir = $(APP_MAN_DIR)
-appman_DATA = $(appman_PRE:man.cpp=@APP_MAN_SUFFIX@)
-noinst_DATA = $(noinst_man_PRE:man.cpp=@APP_MAN_SUFFIX@)
-
-MAINTAINERCLEANFILES = ChangeLog INSTALL
-CLEANFILES = $(appman_DATA) $(noinst_DATA)
-EXTRA_DIST = $(appman_PRE) $(noinst_man_PRE)
-
-include $(top_srcdir)/cpprules.in
-
-XORGRELSTRING = @PACKAGE_STRING@
- XORGMANNAME = X Version 11
-
-MANDEFS = \
- -D__xorgversion__="\"$(XORGRELSTRING)\" \"$(XORGMANNAME)\"" \
- -DCHOOSERPATH="$(xdmlibdir)/chooser" -DXDMLOGDIR="$(XDMLOGDIR)" \
- -DXDMDIR="$(XDMCONFIGDIR)" -DBINDIR="$(bindir)" \
- -DXDMPIDDIR="$(XDMPIDDIR)" -DXDMXAUTHDIR="$(XDMXAUTHDIR)" \
- -DDEF_USER_PATH="$(DEF_USER_PATH)" \
- -DDEF_SYSTEM_PATH="$(DEF_SYSTEM_PATH)" \
- -DDEF_GREETER_LIB="$(DEF_GREETER_LIB)" \
- -D__appmansuffix__=$(APP_MAN_SUFFIX) \
- -D__filemansuffix__=$(FILE_MAN_SUFFIX) \
- -D__libmansuffix__=$(LIB_MAN_SUFFIX) \
- -D__miscmansuffix__=$(MISC_MAN_SUFFIX) \
- -D__drivermansuffix__=$(DRIVER_MAN_SUFFIX) \
- -D__adminmansuffix__=$(ADMIN_MAN_SUFFIX)
-
-CPP_FILES_FLAGS = $(MANDEFS) $(RANDOMMANDEFS) $(EXTRAMANDEFS)
-
-SUFFIXES += .$(APP_MAN_SUFFIX) .man.cpp
-
-.man.cpp.$(APP_MAN_SUFFIX):
- $(cpp_verbose)$(RAWCPP) $(RAWCPPFLAGS) $(CPP_FILES_FLAGS) < $< | $(CPP_SED_MAGIC) > $@
-
-#
# xdmshell
#
xdmshell_CFLAGS = $(XDMSHELL_CFLAGS) -DBINDIR="\"$(bindir)\""
@@ -174,7 +130,7 @@ appdefaultdir = @appdefaultdir@
APPDEFAULTFILES = app-defaults/Chooser
-SUFFIXES += .ad
+SUFFIXES = .ad
.ad:
[ -d app-defaults ] || mkdir app-defaults
@@ -182,9 +138,9 @@ SUFFIXES += .ad
appdefault_DATA = $(APPDEFAULTFILES)
-CLEANFILES += $(APPDEFAULTFILES)
+CLEANFILES = $(APPDEFAULTFILES)
-EXTRA_DIST += $(APPDEFAULTFILES:%=%.ad)
+EXTRA_DIST = $(APPDEFAULTFILES:%=%.ad)
if LINT
ALL_LINT_FLAGS=$(LINT_FLAGS) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
diff --git a/configure.ac b/configure.ac
index ad6ff8a..5ade304 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,10 +27,10 @@ AM_INIT_AUTOMAKE([foreign dist-bzip2])
AM_MAINTAINER_MODE
AC_CONFIG_MACRO_DIR([m4])
-# Require xorg-macros: XORG_DEFAULT_OPTIONS
+# Require X.Org macros 1.8 or later for MAN_SUBSTS set by XORG_MANPAGE_SECTIONS
m4_ifndef([XORG_MACROS_VERSION],
- [m4_fatal([must install xorg-macros 1.4 or later before running autoconf/autogen])])
-XORG_MACROS_VERSION(1.4)
+ [m4_fatal([must install xorg-macros 1.8 or later before running autoconf/autogen])])
+XORG_MACROS_VERSION(1.8)
AC_USE_SYSTEM_EXTENSIONS
XORG_DEFAULT_OPTIONS
@@ -611,4 +611,9 @@ AC_SUBST(appdefaultdir)
AC_SUBST(MKTEMP_COMMAND)
-AC_OUTPUT([Makefile config/Makefile greeter/Makefile])
+AC_CONFIG_FILES([Makefile
+ config/Makefile
+ greeter/Makefile
+ man/Makefile])
+
+AC_OUTPUT
diff --git a/man/Makefile.am b/man/Makefile.am
new file mode 100644
index 0000000..76c2b64
--- /dev/null
+++ b/man/Makefile.am
@@ -0,0 +1,46 @@
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice (including the next
+# paragraph) shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+
+appmandir = $(APP_MAN_DIR)
+appman_PRE = xdm.man xdmshell.man
+appman_DATA = xdm.$(APP_MAN_SUFFIX)
+if INSTALL_XDMSHELL
+appman_DATA += xdmshell.$(APP_MAN_SUFFIX)
+endif
+
+EXTRA_DIST = $(appman_PRE)
+CLEANFILES = $(appman_DATA)
+SUFFIXES = .$(APP_MAN_SUFFIX) .man
+MAN_SUBSTS += -e 's|CHOOSERPATH|$(xdmlibdir)/chooser|g' \
+ -e 's|XDMLOGDIR|$(XDMLOGDIR)|g' \
+ -e 's|XDMDIR|$(XDMCONFIGDIR)|g' \
+ -e 's|BINDIR|$(bindir)|g' \
+ -e 's|XDMPIDDIR|$(XDMPIDDIR)|g' \
+ -e 's|XDMXAUTHDIR|$(XDMXAUTHDIR)|g' \
+ -e 's|DEF_USER_PATH|$(DEF_USER_PATH)|g' \
+ -e 's|DEF_SYSTEM_PATH|$(DEF_SYSTEM_PATH)|g' \
+ -e 's|DEF_GREETER_LIB|$(DEF_GREETER_LIB)|g'
+
+# String replacements in MAN_SUBSTS now come from xorg-macros.m4 via configure
+.man.$(APP_MAN_SUFFIX):
+ $(AM_V_GEN)$(SED) $(MAN_SUBSTS) < $< > $@
diff --git a/man/xdm.man b/man/xdm.man
new file mode 100644
index 0000000..ba36f14
--- /dev/null
+++ b/man/xdm.man
@@ -0,0 +1,1455 @@
+.\" Copyright 1988, 1994, 1998 The Open Group
+.\"
+.\" Permission to use, copy, modify, distribute, and sell this software and its
+.\" documentation for any purpose is hereby granted without fee, provided that
+.\" the above copyright notice appear in all copies and that both that
+.\" copyright notice and this permission notice appear in supporting
+.\" documentation.
+.\"
+.\" The above copyright notice and this permission notice shall be included
+.\" in all copies or substantial portions of the Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+.\" OTHER DEALINGS IN THE SOFTWARE.
+.\"
+.\" Except as contained in this notice, the name of The Open Group shall
+.\" not be used in advertising or otherwise to promote the sale, use or
+.\" other dealings in this Software without prior written authorization
+.\" from The Open Group.
+.\"
+.\"
+.TH XDM 1 __xorgversion__
+.SH NAME
+xdm \- X Display Manager with support for XDMCP, host chooser
+.SH SYNOPSIS
+.B xdm
+[
+.B \-config
+.I configuration_file
+] [
+.B \-nodaemon
+] [
+.B \-debug
+.I debug_level
+] [
+.B \-error
+.I error_log_file
+] [
+.B \-resources
+.I resource_file
+] [
+.B \-server
+.I server_entry
+] [
+.B \-session
+.I session_program
+]
+.SH DESCRIPTION
+.I Xdm
+manages a collection of X displays, which may be on the local host
+or remote servers. The design of
+.I xdm
+was guided by the needs of X terminals as well as The Open Group standard
+XDMCP, the \fIX Display Manager Control Protocol\fP.
+.I Xdm
+provides services similar to those provided by \fIinit\fP, \fIgetty\fP
+and \fIlogin\fP on character terminals: prompting for login name and password,
+authenticating the user, and running a ``session.''
+.PP
+A ``session'' is defined by the lifetime of a particular process; in the
+traditional character-based terminal world, it is the user's login shell.
+In the
+.I xdm
+context, it is an arbitrary session manager. This is because in a windowing
+environment, a user's login shell process does not necessarily have any
+terminal-like interface with which to connect.
+When a real session manager is not available, a window manager or terminal
+emulator is typically used as the ``session manager,'' meaning that
+termination of this process terminates the user's session.
+.PP
+When the session is terminated, \fIxdm\fP
+resets the X server and (optionally) restarts the whole process.
+.PP
+When \fIxdm\fP receives an Indirect query via XDMCP, it can run a
+\fIchooser\fP process to
+perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts)
+on behalf of the display and
+offer a menu of possible hosts that offer XDMCP display management.
+This feature is useful with X terminals that do not offer a host
+menu themselves.
+.PP
+.I Xdm
+can be configured to ignore BroadcastQuery messages from selected hosts.
+This is useful when you don't want the host to appear in menus produced
+by
+.I chooser
+or X terminals themselves.
+.PP
+Because
+.I xdm
+provides the first interface that users will see, it is designed to be
+simple to use and easy to customize to the needs of a particular site.
+.I Xdm
+has many options, most of which have reasonable defaults. Browse through the
+various sections of this manual,
+picking and choosing the things you want to change.
+Pay particular attention to the
+.B "Session Program"
+section, which will describe how to
+set up the style of session desired.
+.SH "OVERVIEW"
+\fIxdm\fP is highly configurable, and most of its behavior can be
+controlled by resource files and shell scripts. The names of these
+files themselves are resources read from the file \fIxdm-config\fP or
+the file named by the \fB\-config\fP option.
+.PP
+\fIxdm\fP offers display management two different ways. It can manage
+X servers running on the local machine and specified in
+\fIXservers\fP, and it can manage remote X servers (typically X
+terminals) using XDMCP (the XDM Control Protocol)
+as specified in the \fIXaccess\fP file.
+.PP
+The resources of the X clients run by \fIxdm\fP outside the user's
+session, including \fIxdm\fP's own login window, can be
+affected by setting resources in the \fIXresources\fP file.
+.PP
+For X terminals that do not offer a menu of hosts to get display
+management from, \fIxdm\fP can collect willing hosts and run the
+\fIchooser\fP program to offer the user a menu.
+For X displays attached to a host, this step is typically not used, as
+the local host does the display management.
+.PP
+After resetting the X server, \fIxdm\fP runs the \fIXsetup\fP script
+to assist in setting up the screen the user sees along with the
+\fIxlogin\fP widget.
+.PP
+The \fIxlogin\fP widget, which \fIxdm\fP presents,
+offers the familiar login and password prompts.
+.PP
+After the user logs in, \fIxdm\fP runs the \fIXstartup\fP script as
+root.
+.PP
+Then \fIxdm\fP runs the \fIXsession\fP script as the user. This
+system session file may do some additional startup and typically runs
+the \fI.xsession\fP script in the user's home directory.
+When the \fIXsession\fP script exits, the session is over.
+.PP
+At the end of the session, the \fIXreset\fP script is run to clean up,
+the X server is reset, and the cycle starts over.
+.PP
+The file \fI XDMLOGDIR/xdm.log\fP will contain error
+messages from
+.I xdm
+and anything output to stderr by \fIXsetup, Xstartup, Xsession\fP
+or \fIXreset\fP.
+When you have trouble getting
+.I xdm
+working, check this file to see if
+.I xdm
+has any clues to the trouble.
+.SH OPTIONS
+.PP
+All of these options, except \fB\-config\fP itself,
+specify values that can also be specified in the configuration file
+as resources.
+.IP "\fB\-config\fP \fIconfiguration_file\fP"
+Names the configuration file, which specifies resources to control
+the behavior of
+.I xdm.
+.I XDMDIR/xdm-config
+is the default.
+See the section \fBConfiguration File\fP.
+.IP "\fB\-nodaemon\fP"
+Specifies ``false'' as the value for the \fBDisplayManager.daemonMode\fP
+resource.
+This suppresses the normal daemon behavior, which is for
+.I xdm
+to close all file descriptors, disassociate itself from
+the controlling terminal, and put
+itself in the background when it first starts up.
+.IP "\fB\-debug\fP \fIdebug_level\fP"
+Specifies the numeric value for the \fBDisplayManager.debugLevel\fP
+resource. A non-zero value causes
+.I xdm
+to print lots of debugging statements to the terminal; it also disables the
+\fBDisplayManager.daemonMode\fP resource, forcing
+.I xdm
+to run synchronously. To interpret these debugging messages, a copy
+of the source code for
+.I xdm
+is almost a necessity. No attempt has been
+made to rationalize or standardize the output.
+.IP "\fB\-error\fP \fIerror_log_file\fP"
+Specifies the value for the \fBDisplayManager.errorLogFile\fP resource.
+This file contains errors from
+.I xdm
+as well as anything written to stderr by the various scripts and programs
+run during the progress of the session.
+.IP "\fB\-resources\fP \fIresource_file\fP"
+Specifies the value for the \fBDisplayManager*resources\fP resource. This file
+is loaded using
+.IR xrdb (__appmansuffix__)
+to specify configuration parameters for the
+authentication widget.
+.IP "\fB\-server\fP \fIserver_entry\fP"
+Specifies the value for the \fBDisplayManager.servers\fP resource.
+See the section
+.B "Local Server Specification"
+for a description of this resource.
+.IP "\fB\-udpPort\fP \fIport_number\fP"
+Specifies the value for the \fBDisplayManager.requestPort\fP resource. This
+sets the port-number which
+.I xdm
+will monitor for XDMCP requests. If set to 0, xdm will not listen
+for XDMCP or Chooser requests. As XDMCP uses the registered well-known
+UDP port 177, this resource should not be changed to a value other than 0,
+except for debugging.
+.IP "\fB\-session\fP \fIsession_program\fP"
+Specifies the value for the \fBDisplayManager*session\fP resource. This
+indicates the program to run as the session after the user has logged in.
+.IP "\fB\-xrm\fP \fIresource_specification\fP"
+Allows an arbitrary resource to be specified, as in most
+X Toolkit applications.
+.SH RESOURCES
+At many stages the actions of
+.I xdm
+can be controlled through the use of its configuration file, which is in the
+X resource format.
+Some resources modify the behavior of
+.I xdm
+on all displays,
+while others modify its behavior on a single display. Where actions relate
+to a specific display,
+the display name is inserted into the resource name between
+``DisplayManager'' and the final resource name segment.
+.PP
+For local displays, the resource name and class are as read from the
+\fIXservers\fP file.
+.PP
+For remote displays, the resource name is what the network address of
+the display resolves to. See the \fBremoveDomain\fP resource. The
+name must match exactly; \fIxdm\fP is not aware of
+all the network aliases that might reach a given display.
+If the name resolve fails, the address is
+used. The resource class is as sent by the display in the XDMCP
+Manage request.
+.PP
+Because the resource
+manager uses colons to separate the name of the resource from its value and
+dots to separate resource name parts,
+.I xdm
+substitutes underscores for both dots and colons when generating the resource
+name.
+For example, \fBDisplayManager.expo_x_org_0.startup\fP is the name of the
+resource which defines the startup shell file for the ``expo.x.org:0'' display.
+.\"
+.IP "\fBDisplayManager.servers\fP"
+This resource either specifies a file name full of server entries, one per
+line (if the value starts with a slash), or a single server entry.
+See the section \fBLocal Server Specification\fP for the details.
+.IP "\fBDisplayManager.requestPort\fP"
+This indicates the UDP port number which
+.I xdm
+uses to listen for incoming XDMCP requests. Unless you need to debug the
+system, leave this with its default value of 177.
+.IP "\fBDisplayManager.errorLogFile\fP"
+Error output is normally directed at the system console. To redirect it,
+set this resource to a file name. A method to send these messages to
+.I syslog
+should be developed for systems which support it; however, the
+wide variety of interfaces precludes any system-independent
+implementation. This file also contains any output directed to stderr
+by the \fIXsetup, Xstartup, Xsession\fP and \fIXreset\fP files,
+so it will contain descriptions
+of problems in those scripts as well.
+.IP "\fBDisplayManager.debugLevel\fP"
+If the integer value of this resource is greater than zero,
+reams of
+debugging information will be printed. It also disables daemon mode, which
+would redirect the information into the bit-bucket, and
+allows non-root users to run
+.I xdm,
+which would normally not be useful.
+.IP "\fBDisplayManager.daemonMode\fP"
+Normally,
+.I xdm
+attempts to make itself into a daemon process unassociated with any terminal.
+This is
+accomplished by forking and leaving the parent process to exit, then closing
+file descriptors and releasing the controlling terminal. In some
+environments this is not desired (in particular, when debugging). Setting
+this resource to ``false'' will disable this feature.
+.IP "\fBDisplayManager.pidFile\fP"
+The filename specified will be created to contain an ASCII
+representation of the process-id of the main
+.I xdm
+process.
+.I Xdm
+also uses file locking on this file
+to attempt to eliminate multiple daemons running on
+the same machine, which would cause quite a bit of havoc.
+.IP "\fBDisplayManager.lockPidFile\fP"
+This is the resource which controls whether
+.I xdm
+uses file locking to keep multiple display managers from running amok.
+On System V, this
+uses the \fIlockf\fP library call, while on BSD it uses \fIflock.\fP
+.IP "\fBDisplayManager.authDir\fP"
+This names a directory under which
+.I xdm
+stores authorization files while initializing the session. The
+default value is \fI XDMXAUTHDIR.\fP
+Can be overridden for specific displays by
+DisplayManager.\fIDISPLAY\fP.authFile.
+.IP \fBDisplayManager.autoRescan\fP
+This boolean controls whether
+.I xdm
+rescans the configuration, servers, access control and authentication keys
+files after a session terminates and the files have changed. By default it
+is ``true.'' You can force
+.I xdm
+to reread these files by sending a SIGHUP to the main process.
+.IP "\fBDisplayManager.removeDomainname\fP"
+When computing the display name for XDMCP clients, the name resolver will
+typically create a fully qualified host name for the terminal. As this is
+sometimes confusing,
+.I xdm
+will remove the domain name portion of the host name if it is the same as the
+domain name of the local host when this variable is set. By default the
+value is ``true.''
+.IP "\fBDisplayManager.keyFile\fP"
+XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key
+be shared between
+.I xdm
+and the terminal. This resource specifies the file containing those
+values. Each entry in the file consists of a display name and the shared
+key. By default,
+.I xdm
+does not include support for XDM-AUTHENTICATION-1, as it requires DES which
+is not generally distributable because of United States export restrictions.
+.IP \fBDisplayManager.accessFile\fP
+To prevent unauthorized XDMCP service and to allow forwarding of XDMCP
+IndirectQuery requests, this file contains a database of hostnames which are
+either allowed direct access to this machine, or have a list of hosts to
+which queries should be forwarded to. The format of this file is described
+in the section
+.B "XDMCP Access Control."
+.IP \fBDisplayManager.exportList\fP
+A list of additional environment variables, separated by white space,
+to pass on to the \fIXsetup\fP,
+\fIXstartup\fP, \fIXsession\fP, and \fIXreset\fP programs.
+.IP \fBDisplayManager.randomFile\fP
+A file to checksum to generate the seed of authorization keys.
+This should be a file that changes frequently.
+This resource is valid only when the arc4random() function
+has been detected at installation.
+The default is \fI/dev/mem\fP.
+.IP \fBDisplayManager.randomDevice\fP
+A file to read 8 bytes from to generate the seed of authorization keys.
+The default (if detected) is \fI DEV_RANDOM \fP. If this file cannot be read, or if a
+read blocks for more than 5 seconds, xdm falls back to using a checksum
+of \fBDisplayManager.randomFile\fP to generate the seed.
+This resource is valid only when a device providing a random data source
+has been detected at installation.
+.IP \fBDisplayManager.prngdSocket\fP
+.IP \fBDisplayManager.prngPort\fP
+A UNIX domain socket name or a TCP socket port number on local host on
+which a Pseudo-Random Number Generator Daemon, like EGD
+(http://egd.sourceforge.net) is listening, in order to generate the
+autorization keys. Either a non null port or a valid socket name must
+be specified. The default is to use the Unix-domain socket
+\fI/tmp/entropy\fP.
+This resource is valid only when the arc4random() function
+has been detected at installation.
+.PP
+On systems that don't have such a daemon, a fall-back entropy
+gathering system, based on various log file contents hashed by the MD5
+algorithm is used instead.
+.IP \fBDisplayManager.greeterLib\fP
+On systems that support a dynamically-loadable greeter library, the
+name of the library. The default is
+\fI DEF_GREETER_LIB\fP.
+.IP \fBDisplayManager.choiceTimeout\fP
+Number of seconds to wait for display to respond after user has
+selected a host from the chooser. If the display sends an XDMCP
+IndirectQuery within this time, the request is forwarded to the chosen
+host. Otherwise, it is assumed to be from a new session and the
+chooser is offered again.
+Default is 15.
+.IP \fBDisplayManager.sourceAddress\fP
+Use the numeric IP address of the incoming connection on multihomed hosts
+instead of the host name. This is to avoid trying to connect on the wrong
+interface which might be down at this time.
+.IP \fBDisplayManager.willing\fP
+This specifies a program which is run (as) root when an an XDMCP
+BroadcastQuery is received and this host is configured to offer XDMCP
+display management. The output of this program may be displayed on a chooser
+window. If no program is specified, the string \fIWilling to manage\fP is
+sent.
+.PP
+.\"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP"
+This resource specifies the name of the file to be loaded by \fIxrdb\fP
+as the resource database onto the root window of screen 0 of the display.
+The \fIXsetup\fP program, the Login widget, and \fIchooser\fP will use
+the resources set in this file.
+This resource data base is loaded just before the authentication procedure
+is started, so it can control the appearance of the login window. See the
+section
+.B "Authentication Widget,"
+which describes the various
+resources that are appropriate to place in this file.
+There is no default value for this resource, but
+\fI XDMDIR/Xresources\fP
+is the conventional name.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP"
+Specifies the program run to offer a host menu for Indirect queries
+redirected to the special host name CHOOSER.
+\fI CHOOSERPATH \fP is the default.
+See the sections \fBXDMCP Access Control\fP and \fBChooser\fP.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.xrdb\fP"
+Specifies the program used to load the resources. By default,
+.I xdm
+uses \fI BINDIR/xrdb\fP.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.cpp\fP"
+This specifies the name of the C preprocessor which is used by \fIxrdb\fP.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.setup\fP"
+This specifies a program which is run (as root) before offering the
+Login window. This may be used to change the appearance of the screen
+around the Login window or to put up other windows (e.g., you may want
+to run \fIxconsole\fP here).
+By default, no program is run. The conventional name for a
+file used here is \fIXsetup\fP.
+See the section \fBSetup Program.\fP
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.startup\fP"
+This specifies a program which is run (as root) after the authentication
+process succeeds. By default, no program is run. The conventional name for a
+file used here is \fIXstartup\fP.
+See the section \fBStartup Program.\fP
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.session\fP"
+This specifies the session to be executed (not running as root).
+By default, \fI BINDIR/xterm\fP is
+run. The conventional name is \fIXsession\fP.
+See the section
+.B "Session Program."
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.reset\fP"
+This specifies a program which is run (as root) after the session terminates.
+By default, no program is run.
+The conventional name is \fIXreset\fP.
+See the section
+.B "Reset Program."
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openDelay\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openRepeat\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openTimeout\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.startAttempts\fP"
+These numeric resources control the behavior of
+.I xdm
+when attempting to open intransigent servers. \fBopenDelay\fP is
+the length of the
+pause (in seconds) between successive attempts, \fBopenRepeat\fP is the
+number of attempts to make, \fBopenTimeout\fP is the amount of time
+to wait while actually
+attempting the open (i.e., the maximum time spent in the
+.IR connect (2)
+system call) and \fBstartAttempts\fP is the number of times this entire process
+is done before giving up on the server. After \fBopenRepeat\fP attempts have been made,
+or if \fBopenTimeout\fP seconds elapse in any particular attempt,
+.I xdm
+terminates and restarts the server, attempting to connect again.
+This
+process is repeated \fBstartAttempts\fP times, at which point the display is
+declared dead and disabled. Although
+this behavior may seem arbitrary, it has been empirically developed and
+works quite well on most systems. The default values are
+5 for \fBopenDelay\fP, 5 for \fBopenRepeat\fP, 30 for \fBopenTimeout\fP and
+4 for \fBstartAttempts\fP.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.pingInterval\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.pingTimeout\fP"
+To discover when remote displays disappear,
+.I xdm
+occasionally pings them, using an X connection and \fIXSync\fP
+calls. \fBpingInterval\fP specifies the time (in minutes) between each
+ping attempt, \fBpingTimeout\fP specifies the maximum amount of time (in
+minutes) to wait for the terminal to respond to the request. If the
+terminal does not respond, the session is declared dead and terminated. By
+default, both are set to 5 minutes. If you frequently use X terminals which
+can become isolated from the managing host, you may wish to increase this
+value. The only worry is that sessions will continue to exist after the
+terminal has been accidentally disabled.
+.I xdm
+will not ping local displays. Although it would seem harmless, it is
+unpleasant when the workstation session is terminated as a result of the
+server hanging for NFS service and not responding to the ping.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.terminateServer\fP"
+This boolean resource specifies whether the X server should be terminated
+when a session terminates (instead of resetting it). This option can be
+used when the server tends to grow without bound over time, in order to limit
+the amount of time the server is run. The default value is ``false.''
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.userPath\fP"
+.I Xdm
+sets the PATH environment variable for the session to this value. It should
+be a colon separated list of directories; see
+.IR sh (1)
+for a full description.
+The default value is ``DEF_USER_PATH''.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP"
+.I Xdm
+sets the PATH environment variable for the startup and reset scripts to the
+value of this resource. The default for this resource is ``DEF_SYSTEM_PATH''.
+Note the absence of ``.'' from this entry. This is a good practice to
+follow for root; it avoids many common Trojan Horse system penetration
+schemes.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP"
+.I Xdm
+sets the SHELL environment variable for the startup and reset scripts to the
+value of this resource. It is \fI/bin/sh\fP by default.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.failsafeClient\fP"
+If the default session fails to execute,
+.I xdm
+will fall back to this program. This program is executed with no
+arguments, but executes using the same environment variables as
+the session would have had (see the section \fBSession Program\fP).
+By default, \fI BINDIR/xterm\fP is used.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabTimeout\fP"
+To improve security,
+.I xdm
+grabs the server and keyboard while reading the login name and password.
+The
+\fBgrabServer\fP resource specifies if the server should be held for the
+duration of the name/password reading. When ``false,'' the server is ungrabbed
+after the keyboard grab succeeds, otherwise the server is grabbed until just
+before the session begins. The default is ``false.''
+The \fBgrabTimeout\fP resource specifies the maximum time
+.I xdm
+will wait for the grab to succeed. The grab may fail if some other
+client has the server grabbed, or possibly if the network latencies
+are very high. This resource has a default value of 3 seconds; you
+should be cautious when raising it, as a user can be spoofed by a
+look-alike window on the display. If the grab fails,
+.I xdm
+kills and restarts the server (if possible) and the session.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authorize\fP"
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authName\fP"
+\fBauthorize\fP is a boolean resource which controls whether
+.I xdm
+generates and uses authorization for the local server connections. If
+authorization is used, \fBauthName\fP is a list
+of authorization mechanisms to use, separated by white space.
+XDMCP connections dynamically specify which
+authorization mechanisms are supported, so
+\fBauthName\fP is ignored in this case. When \fBauthorize\fP is set for a
+display and authorization is not available, the user is informed by having a
+different message displayed in the login widget. By default, \fBauthorize\fP
+is ``true,'' \fBauthName\fP is ``MIT-MAGIC-COOKIE-1,'' or, if
+XDM-AUTHORIZATION-1 is available, ``XDM-AUTHORIZATION-1\0MIT-MAGIC-COOKIE-1.''
+.IP \fBDisplayManager.\fP\fIDISPLAY\fP\fB.authFile\fP
+This file is used to communicate the authorization data from
+.I xdm
+to the server, using the \fB\-auth\fP server command line option.
+It should be
+kept in a directory which is not world-writable as it could easily be
+removed, disabling the authorization mechanism in the server.
+If not specified, a name is generated from DisplayManager.authDir and
+the name of the display.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authComplain\fP"
+If set to ``false,'' disables the use of the \fBunsecureGreeting\fP
+in the login window.
+See the section \fBAuthentication Widget.\fP
+The default is ``true.''
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetSignal\fP"
+The number of the signal \fIxdm\fP sends to reset the server.
+See the section \fBControlling the Server.\fP
+The default is 1 (SIGHUP).
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.termSignal\fP"
+The number of the signal \fIxdm\fP sends to terminate the server.
+See the section \fBControlling the Server.\fP
+The default is 15 (SIGTERM).
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetForAuth\fP"
+The original implementation of authorization in the sample server reread the
+authorization file at server reset time, instead of when checking the
+initial connection. As
+.I xdm
+generates the authorization information just before connecting to the
+display, an old server would not get up-to-date authorization information.
+This resource causes
+.I xdm
+to send SIGHUP to the server after setting up the file, causing an
+additional server reset to occur, during which time the new authorization
+information will be read.
+The default is ``false,'' which will work for all MIT servers.
+.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.userAuthDir\fP"
+When
+.I xdm
+is unable to write to the usual user authorization file ($HOME/.Xauthority),
+it creates a unique file name in this directory and points the environment
+variable XAUTHORITY at the created file. It uses \fI/tmp\fP by default.
+.SH "CONFIGURATION FILE"
+First, the
+.I xdm
+configuration file should be set up.
+Make a directory (usually \fI XDMDIR\fP) to contain all
+of the relevant files.
+.LP
+Here is a reasonable configuration file, which could be
+named \fIxdm-config\fP:
+.nf
+
+.ta .5i 4i
+
+ DisplayManager.servers: XDMDIR/Xservers
+ DisplayManager.errorLogFile: XDMLOGDIR/xdm.log
+ DisplayManager*resources: XDMDIR/Xresources
+ DisplayManager*startup: XDMDIR/Xstartup
+ DisplayManager*session: XDMDIR/Xsession
+ DisplayManager.pidFile: XDMPIDDIR/xdm-pid
+ DisplayManager._0.authorize: true
+ DisplayManager*authorize: false
+
+.fi
+.PP
+Note that this file mostly contains references to other files. Note also
+that some of the resources are specified with ``*'' separating the
+components. These resources can be made unique for each different display,
+by replacing the ``*'' with the display-name, but normally this is not very
+useful. See the \fBResources\fP section for a complete discussion.
+.SH "XDMCP ACCESS CONTROL"
+.PP
+The database file specified by the \fBDisplayManager.accessFile\fP provides
+information which
+.I xdm
+uses to control access from displays requesting XDMCP service. This file
+contains three types of entries: entries which control the response to
+Direct and Broadcast queries, entries which control the response to
+Indirect queries, and macro definitions.
+.PP
+The format of the Direct entries is simple, either a host name or a
+pattern, which is distinguished from a host name by the inclusion of
+one or more meta characters (`*' matches any sequence of 0 or more
+characters, and `?' matches any single character) which are compared against
+the host name of the display device.
+If the entry is a host name, all comparisons are done using
+network addresses, so any name which converts to the correct network address
+may be used.
+For patterns, only canonical host names are used
+in the comparison, so ensure that you do not attempt to match
+aliases.
+Preceding either a host name or a pattern with a `!' character
+causes hosts which
+match that entry to be excluded.
+.PP
+To only respond to Direct queries for a host or pattern,
+it can be followed by the optional ``NOBROADCAST'' keyword.
+This can be used to prevent an xdm server from appearing on
+menus based on Broadcast queries.
+.PP
+An Indirect entry also contains a host name or pattern,
+but follows it with a list of
+host names or macros to which indirect queries should be sent.
+.PP
+A macro definition contains a macro name and a list of host names and
+other macros that
+the macro expands to. To distinguish macros from hostnames, macro
+names start with a `%' character. Macros may be nested.
+.PP
+Indirect entries
+may also specify to have \fIxdm\fP run \fIchooser\fP to offer a menu
+of hosts to connect to. See the section \fBChooser\fP.
+.PP
+When checking access for a particular display host, each entry is scanned in
+turn and the first matching entry determines the response. Direct and
+Broadcast
+entries are ignored when scanning for an Indirect entry and vice-versa.
+.PP
+Blank lines are ignored, `#' is treated as a comment
+delimiter causing the rest of that line to be ignored,
+and `\e\fInewline\fP'
+causes the newline to be ignored, allowing indirect host lists to span
+multiple lines.
+.PP
+Here is an example Xaccess file:
+.LP
+.ta 2i 4i
+.nf
+#
+# Xaccess \- XDMCP access control file
+#
+
+#
+# Direct/Broadcast query entries
+#
+
+!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
+bambi.ogi.edu # allow access from this particular display
+*.lcs.mit.edu # allow access from any display in LCS
+
+*.deshaw.com NOBROADCAST # allow only direct access
+*.gw.com # allow direct and broadcast
+
+#
+# Indirect query entries
+#
+
+%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu
+ excess.lcs.mit.edu kanga.lcs.mit.edu
+
+extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon
+!xtra.lcs.mit.edu dummy #disallow indirect access
+*.lcs.mit.edu %HOSTS #all others get to choose
+.fi
+.PP
+If compiled with IPv6 support, multicast address groups may also be included
+in the list of addresses indirect queries are set to. Multicast addresses
+may be followed by an optional / character and hop count. If no hop count is
+specified, the multicast hop count defaults to 1, keeping the packet on the
+local network. For IPv4 multicasting, the hop count is used as the TTL.
+.PP
+Examples:
+.LP
+.ta 2.1i 4.5i
+.nf
+rincewind.sample.net ff02::1 #IPv6 Multicast to ff02::1
+\& #with a hop count of 1
+ponder.sample.net CHOOSER 239.192.1.1/16 #Offer a menu of hosts
+\& #who respond to IPv4 Multicast
+\& # to 239.192.1.1 with a TTL of 16
+.fi
+.SH CHOOSER
+.PP
+For X terminals that do not offer a host menu for use with Broadcast
+or Indirect queries, the \fIchooser\fP program can do this for them.
+In the \fIXaccess\fP file, specify ``CHOOSER'' as the first entry in
+the Indirect host list. \fIChooser\fP will send a Query request to
+each of the remaining host names in the list and offer a menu of all
+the hosts that respond.
+.PP
+The list may consist of the word ``BROADCAST,'' in which case
+\fIchooser\fP will send a Broadcast instead, again offering a menu of
+all hosts that respond. Note that on some operating systems, UDP
+packets cannot be broadcast, so this feature will not work.
+.PP
+Example \fIXaccess\fP file using \fIchooser\fP:
+
+.nf
+extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of these hosts
+xtra.lcs.mit.edu CHOOSER BROADCAST #offer a menu of all hosts
+.fi
+.PP
+The program to use for \fIchooser\fP is specified by the
+\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP resource. For more
+flexibility at this step, the chooser could be a shell script.
+\fIChooser\fP is the session manager here; it is run instead of a
+child \fIxdm\fP to manage the display.
+.PP
+Resources for this program
+can be put into the file named by
+\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP.
+.PP
+When the user selects a host, \fIchooser\fP prints the host chosen,
+which is read by the parent \fIxdm\fP, and exits.
+\fIxdm\fP closes its connection to the X server, and the server resets
+and sends another \fBIndirect\fP XDMCP request.
+\fIxdm\fP remembers the user's choice (for
+\fBDisplayManager.choiceTimeout\fP seconds) and forwards the request
+to the chosen host, which starts a session on that display.
+.\"
+.SH LISTEN
+The following configuration directive is also defined for the Xaccess
+configuration file:
+.IP "\fBLISTEN\fP \fIinterface\fP \fI[list of multicast group addresses]\fP"
+\fIinterface\fP may be a hostname or IP addresss representing a
+network interface on this machine, or the wildcard * to represent all
+available network interfaces.
+.PP
+If one or more LISTEN lines are specified, xdm only listens for XDMCP
+connections on the specified interfaces. If multicast group addresses
+are listed on a listen line, xdm joins the multicast groups on the
+given interface.
+.PP
+If no LISTEN lines are given, the original behavior of listening on
+all interfaces is preserved for backwards compatibility.
+Additionally, if no LISTEN is specified, xdm joins the default XDMCP
+IPv6 multicast group, when compiled with IPv6 support.
+.PP
+To disable listening for XDMCP connections altogther, a line of LISTEN
+with no addresses may be specified, or the previously supported method
+of setting DisplayManager.requestPort to 0 may be used.
+.PP
+Examples:
+.ta 2i 4i
+.nf
+LISTEN * ff02::1 # Listen on all interfaces and to the
+\& # ff02::1 IPv6 multicast group.
+LISTEN 10.11.12.13 # Listen only on this interface, as long
+\& # as no other listen directives appear in
+\& # file.
+.fi
+.SH "IPv6 MULTICAST ADDRESS SPECIFICATION"
+.PP
+The Internet Assigned Numbers Authority has has assigned
+ff0\fIX\fP:0:0:0:0:0:0:12b as the permanently assigned range of
+multicast addresses for XDMCP. The \fIX\fP in the prefix may be replaced
+by any valid scope identifier, such as 1 for Interface-Local, 2 for Link-Local,
+5 for Site-Local, and so on. (See IETF RFC 4291 or its replacement for
+further details and scope definitions.) xdm defaults to listening on the
+Link-Local scope address ff02:0:0:0:0:0:0:12b to most closely match the
+old IPv4 subnet broadcast behavior.
+.SH "LOCAL SERVER SPECIFICATION"
+.PP
+The resource \fBDisplayManager.servers\fP gives a server specification
+or, if the values starts with a slash (/), the name of a file
+containing server specifications, one per line.
+.PP
+Each specification
+indicates a display which should constantly be managed and which is
+not using XDMCP.
+This method is used typically for local servers only. If the resource
+or the file named by the resource is empty, \fIxdm\fP will offer XDMCP
+service only.
+.PP
+Each specification consists of at least three parts: a display
+name, a display class, a display type, and (for local servers) a command
+line to start the server. A typical entry for local display number 0 would
+be:
+.nf
+
+ :0 Digital-QV local BINDIR/X :0
+
+.fi
+The display types are:
+.ta 1i
+.nf
+
+local local display: \fIxdm\fP must run the server
+foreign remote display: \fIxdm\fP opens an X connection to a running server
+
+.fi
+.PP
+The display name must be something that can be passed in the \fB\-display\fP
+option to an X program. This string is used to generate the display-specific
+resource names, so be careful to match the
+names (e.g., use ``:0 Sun-CG3 local BINDIR/X :0'' instead of
+``localhost:0 Sun-CG3 local BINDIR/X :0''
+if your other resources are specified as
+``DisplayManager._0.session''). The display class portion is also used in the
+display-specific resources, as the class of the resource. This is
+useful if you have a large collection of similar displays (such as a corral of
+X terminals) and would like to set resources for groups of them. When using
+XDMCP, the display is required to specify the display class, so the manual
+for your particular X terminal should document the display class
+string for your device. If it doesn't, you can run
+.I xdm
+in debug mode and
+look at the resource strings which it generates for that device, which will
+include the class string.
+.PP
+When \fIxdm\fP starts a session, it sets up authorization data for the
+server. For local servers, \fIxdm\fP passes
+``\fB\-auth\fP \fIfilename\fP'' on the server's command line to point
+it at its authorization data.
+For XDMCP servers, \fIxdm\fP passes the
+authorization data to the server via the \fBAccept\fP XDMCP request.
+.SH RESOURCES FILE
+The \fIXresources\fP file is
+loaded onto the display as a resource database using
+.I xrdb.
+As the authentication
+widget reads this database before starting up, it usually contains
+parameters for that widget:
+.nf
+.ta .5i 1i
+
+ xlogin*login.translations: #override
+ Ctrl<Key>R: abort-display()
+ <Key>F1: set-session-argument(failsafe) finish-field()
+ <Key>Return: set-session-argument() finish-field()
+ xlogin*borderWidth: 3
+ xlogin*greeting: CLIENTHOST
+\& #ifdef COLOR
+ xlogin*greetColor: CadetBlue
+ xlogin*failColor: red
+\& #endif
+
+.fi
+.PP
+Please note the translations entry; it specifies
+a few new translations for the widget which allow users to escape from the
+default session (and avoid troubles that may occur in it). Note that if
+\&#override is not specified, the default translations are removed and replaced
+by the new value, not a very useful result as some of the default translations
+are quite useful (such as ``<Key>: insert-char ()'' which responds to normal
+typing).
+.PP
+This file may also contain resources for the setup program and \fIchooser\fP.
+.SH "SETUP PROGRAM"
+The \fIXsetup\fP file is run after
+the server is reset, but before the Login window is offered.
+The file is typically a shell script.
+It is run as root, so should be careful about security.
+This is the place to change the root background or bring up other
+windows that should appear on the screen along with the Login widget.
+.PP
+In addition to any specified by \fBDisplayManager.exportList\fP,
+the following environment variables are passed:
+.nf
+.ta .5i 2i
+
+ DISPLAY the associated display name
+ PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP
+ SHELL the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP
+ XAUTHORITY may be set to an authority file
+.fi
+.PP
+Note that since \fIxdm\fP grabs the keyboard, any other windows will not be
+able to receive keyboard input. They will be able to interact with
+the mouse, however; beware of potential security holes here.
+If \fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP is set,
+\fIXsetup\fP will not be able to connect
+to the display at all.
+Resources for this program
+can be put into the file named by
+\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP.
+.PP
+Here is a sample \fIXsetup\fP script:
+.nf
+
+\& #!/bin/sh
+\& # Xsetup_0 \- setup script for one workstation
+ xcmsdb < XDMDIR/monitors/alex.0
+ xconsole\0\-geometry\0480x130\-0\-0\0\-notify\0\-verbose\0\-exitOnFail &
+
+.fi
+.SH "AUTHENTICATION WIDGET"
+The authentication widget prompts the user for the username, password, and/or
+other required authentication data from the keyboard. Nearly every imaginable
+parameter can be controlled with a resource. Resources for this widget
+should be put into the file named by
+\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP. All of these have reasonable
+default values, so it is not necessary to specify any of them.
+.PP
+The resource file is loaded with
+.IR xrdb (__appmansuffix__)
+so it may use the substitutions defined by that program such as CLIENTHOST
+for the client hostname in the login message, or C pre-processor #ifdef
+statements to produce different displays depending on color depth or other
+variables.
+.PP
+.I Xdm
+can be compiled with support for the
+.IR Xft (__libmansuffix__)
+library for font rendering. If this support is present, font faces are
+specified using the resources with names ending in ``face'' in the
+fontconfig face format described in the
+.I Font Names
+section of
+.IR fonts.conf (__filemansuffix__).
+If not, then fonts are specified using the resources with names ending
+in ``font'' in the traditional
+.I X Logical Font Description
+format described in the
+.I Font Names
+section of
+.IR X (__miscmansuffix__).
+.IP "\fBxlogin.Login.width, xlogin.Login.height, xlogin.Login.x, xlogin.Login.y\fP"
+The geometry of the Login widget is normally computed automatically. If you
+wish to position it elsewhere, specify each of these resources.
+.IP "\fBxlogin.Login.foreground\fP"
+The color used to display the input typed by the user.
+.IP "\fBxlogin.Login.face\fP"
+The face used to display the input typed by the user when built with Xft
+support. The default is ``Serif-18''.
+.IP "\fBxlogin.Login.font\fP"
+The font used to display the input typed by the user when not built with Xft
+support.
+.IP "\fBxlogin.Login.greeting\fP"
+A string which identifies this window.
+The default is ``X Window System.''
+.IP "\fBxlogin.Login.unsecureGreeting\fP"
+When X authorization is requested in the configuration file for this
+display and none is in use, this greeting replaces the standard
+greeting. The default is ``This is an unsecure session''
+.IP "\fBxlogin.Login.greetFace\fP"
+The face used to display the greeting when built with Xft support.
+The default is ``Serif-24:italic''.
+.IP "\fBxlogin.Login.greetFont\fP"
+The font used to display the greeting when not built with Xft support.
+.IP "\fBxlogin.Login.greetColor\fP"
+The color used to display the greeting.
+.IP "\fBxlogin.Login.namePrompt\fP"
+The string displayed to prompt for a user name.
+.I Xrdb
+strips trailing white space from resource values, so to add spaces at
+the end of the prompt (usually a nice thing), add spaces escaped with
+backslashes. The default is ``Login: ''
+.IP "\fBxlogin.Login.passwdPrompt\fP"
+The string displayed to prompt for a password, when not using an authentication
+system such as PAM that provides its own prompts.
+The default is ``Password: ''
+.IP "\fBxlogin.Login.promptFace\fP"
+The face used to display prompts when built with Xft support.
+The default is ``Serif-18:bold''.
+.IP "\fBxlogin.Login.promptFont\fP"
+The font used to display prompts when not built with Xft support.
+.IP "\fBxlogin.Login.promptColor\fP"
+The color used to display prompts.
+.IP "\fBxlogin.Login.changePasswdMessage\fP"
+A message which is displayed when the users password has expired.
+The default is ``Password Change Required''
+.IP "\fBxlogin.Login.fail\fP"
+A message which is displayed when the authentication fails, when not using an
+authentication system such as PAM that provides its own prompts.
+The default is ``Login incorrect''
+.IP "\fBxlogin.Login.failFace\fP"
+The face used to display the failure message when built with Xft support.
+The default is ``Serif-18:bold''.
+.IP "\fBxlogin.Login.failFont\fP"
+The font used to display the failure message when not built with Xft support.
+.IP "\fBxlogin.Login.failColor\fP"
+The color used to display the failure message.
+.IP "\fBxlogin.Login.failTimeout\fP"
+The number of seconds that the failure message is displayed.
+The default is 10.
+.IP "\fBxlogin.Login.logoFileName\fP"
+Name of an XPM format pixmap to display in the greeter window, if built with
+XPM support. The default is no pixmap.
+.IP "\fBxlogin.Login.logoPadding\fP"
+Number of pixels of space between the logo pixmap and other elements of the
+greeter window, if the pixmap is displayed.
+The default is 5.
+.IP "\fBxlogin.Login.useShape\fP"
+If set to ``true'', when built with XPM support, attempt to use the
+X Non-Rectangular Window Shape Extension to set the window shape.
+The default is ``true''.
+.IP "\fBxlogin.Login.hiColor\fP, \fBxlogin.Login.shdColor\fP"
+Raised appearance bezels may be drawn around
+the greeter frame and text input boxes by setting these resources. hiColor
+is the highlight color, used on the top and left sides of the frame, and the
+bottom and right sides of text input areas. shdColor is the shadow color,
+used on the bottom and right sides of the frame, and the top and left sides
+of text input areas.
+The default for both is the foreground color, providing a flat appearance.
+.IP "\fBxlogin.Login.frameWidth\fP"
+frameWidth is the width in pixels of the area
+around the greeter frame drawn in hiColor and shdColor.
+.IP "\fBxlogin.Login.innerFramesWidth\fP"
+innerFramesWidth is the width in pixels of the
+area around text input areas drawn in hiColor and shdColor.
+.IP "\fBxlogin.Login.sepWidth\fP"
+sepWidth is the width in pixels of the
+bezeled line between the greeting and input areas
+drawn in hiColor and shdColor.
+.IP "\fBxlogin.Login.allowRootLogin\fP"
+If set to ``false'', don't allow root (and any other user with uid = 0) to
+log in directly.
+The default is ``true''.
+This setting is only checked by some of the authentication backends at this
+time.
+.IP "\fBxlogin.Login.allowNullPasswd\fP"
+If set to ``true'', allow an otherwise failing password match to succeed
+if the account does not require a password at all.
+The default is ``false'', so only users that have passwords assigned can
+log in.
+.IP "\fBxlogin.Login.echoPasswd\fP"
+If set to ``true'', stars will be rendered instead of the password itself,
+i.e. '***...'.
+The default is ``false''.
+.IP "\fBxlogin.Login.translations\fP"
+This specifies the translations used for the login widget. Refer to the X
+Toolkit documentation for a complete discussion on translations. The default
+translation table is:
+.nf
+.ta .5i 2i
+
+ Ctrl<Key>H: delete-previous-character()
+ Ctrl<Key>D: delete-character()
+ Ctrl<Key>B: move-backward-character()
+ Ctrl<Key>F: move-forward-character()
+ Ctrl<Key>A: move-to-begining()
+ Ctrl<Key>E: move-to-end()
+ Ctrl<Key>K: erase-to-end-of-line()
+ Ctrl<Key>U: erase-line()
+ Ctrl<Key>X: erase-line()
+ Ctrl<Key>C: restart-session()
+ Ctrl<Key>: abort-session()
+ <Key>BackSpace: delete-previous-character()
+ <Key>Delete: delete-previous-character()
+ <Key>Return: finish-field()
+ <Key>: insert-char()
+
+.fi
+.PP
+The actions which are supported by the widget are:
+.IP "delete-previous-character"
+Erases the character before the cursor.
+.IP "delete-character"
+Erases the character after the cursor.
+.IP "move-backward-character"
+Moves the cursor backward.
+.IP "move-forward-character"
+Moves the cursor forward.
+.IP "move-to-begining"
+(Apologies about the spelling error.)
+Moves the cursor to the beginning of the editable text.
+.IP "move-to-end"
+Moves the cursor to the end of the editable text.
+.IP "erase-to-end-of-line"
+Erases all text after the cursor.
+.IP "erase-line"
+Erases the entire text.
+.IP "finish-field"
+If the cursor is in the name field, proceeds to the password field; if the
+cursor is in the password field, checks the current name/password pair. If
+the name/password pair is valid, \fIxdm\fP
+starts the session. Otherwise the failure message is displayed and
+the user is prompted again.
+.IP "abort-session"
+Terminates and restarts the server.
+.IP "abort-display"
+Terminates the server, disabling it. This action
+is not accessible in the default configuration.
+There are various reasons to stop \fIxdm\fP on a system console, such as
+when shutting the system down, when using \fIxdmshell\fP,
+to start another type of server, or to generally access the console.
+Sending \fIxdm\fP a SIGHUP will restart the display. See the section
+\fBControlling XDM\fP.
+.IP "restart-session"
+Resets the X server and starts a new session. This can be used when
+the resources have been changed and you want to test them or when
+the screen has been overwritten with system messages.
+.IP "insert-char"
+Inserts the character typed.
+.IP "set-session-argument"
+Specifies a single word argument which is passed to the session at startup.
+See the section \fBSession Program\fP.
+.IP "allow-all-access"
+Disables access control in the server. This can be used when
+the .Xauthority file cannot be created by
+.I xdm.
+Be very careful using this;
+it might be better to disconnect the machine from the network
+before doing this.
+.PP
+On some systems (OpenBSD) the user's shell must be listed in
+.I /etc/shells
+to allow login through xdm. The normal password and account expiration
+dates are enforced too.
+.SH "STARTUP PROGRAM"
+.PP
+The \fIXstartup\fP program is run as
+root when the user logs in.
+It is typically a shell script.
+Since it is run as root, \fIXstartup\fP should be
+very careful about security. This is the place to put commands which add
+entries to \fIutmp\fP or \fIwtmp\fP files,
+(the \fIsessreg\fP program may be useful here),
+mount users' home directories from file servers,
+or abort the session if logins are not
+allowed.
+.PP
+In addition to any specified by \fBDisplayManager.exportList\fP,
+the following environment variables are passed:
+.nf
+.ta .5i 2i
+
+ DISPLAY the associated display name
+ HOME the initial working directory of the user
+ LOGNAME the user name
+ USER the user name
+ PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP
+ SHELL the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP
+ XAUTHORITY may be set to an authority file
+ WINDOWPATH may be set to the "window path" leading to the X server
+
+.fi
+.PP
+No arguments are passed to the script.
+.I Xdm
+waits until this script exits before starting the user session. If the
+exit value of this script is non-zero,
+.I xdm
+discontinues the session and starts another authentication
+cycle.
+.PP
+The sample \fIXstartup\fP file shown here prevents login while the
+file \fI/etc/nologin\fP
+exists.
+Thus this is not a complete example, but
+simply a demonstration of the available functionality.
+.PP
+Here is a sample \fIXstartup\fP script:
+.nf
+.ta .5i 1i
+
+\& #!/bin/sh
+\& #
+\& # Xstartup
+\& #
+\& # This program is run as root after the user is verified
+\& #
+ if [ \-f /etc/nologin ]; then
+ xmessage\0\-file /etc/nologin\0\-timeout 30\0\-center
+ exit 1
+ fi
+ sessreg\0\-a\0\-l $DISPLAY\0\-x XDMDIR/Xservers $LOGNAME
+ XDMDIR/GiveConsole
+ exit 0
+.fi
+.SH "SESSION PROGRAM"
+.PP
+The \fIXsession\fP program is the command which is run as the user's session.
+It is run with
+the permissions of the authorized user.
+.PP
+In addition to any specified by \fBDisplayManager.exportList\fP,
+the following environment variables are passed:
+.nf
+.ta .5i 2i
+
+ DISPLAY the associated display name
+ HOME the initial working directory of the user
+ LOGNAME the user name
+ USER the user name
+ PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.userPath\fP
+ SHELL the user's default shell (from \fIgetpwnam\fP)
+ XAUTHORITY may be set to a non-standard authority file
+ KRB5CCNAME may be set to a Kerberos credentials cache name
+ WINDOWPATH may be set to the "window path" leading to the X server
+
+.fi
+.PP
+At most installations, \fIXsession\fP should look in $HOME for
+a file \fI\.xsession,\fP
+which contains commands that each user would like to use as a session.
+\fIXsession\fP should also
+implement a system default session if no user-specified session exists.
+.PP
+An argument may be passed to this program from the authentication widget
+using the `set-session-argument' action. This can be used to select
+different styles of session. One good use of this feature is to allow
+the user to escape from the ordinary session when it fails. This
+allows users to repair their own \fI.xsession\fP if it fails,
+without requiring administrative intervention.
+The example following
+demonstrates this feature.
+.PP
+This example recognizes
+the special
+``failsafe'' mode, specified in the translations
+in the \fIXresources\fP file, to provide an escape
+from the ordinary session. It also requires that the .xsession file
+be executable so we don't have to guess what shell it wants to use.
+.nf
+.ta .5i 1i 1.5i
+
+\& #!/bin/sh
+\& #
+\& # Xsession
+\& #
+\& # This is the program that is run as the client
+\& # for the display manager.
+
+ case $# in
+ 1)
+ case $1 in
+ failsafe)
+ exec xterm \-geometry 80x24\-0\-0
+ ;;
+ esac
+ esac
+
+ startup=$HOME/.xsession
+ resources=$HOME/.Xresources
+
+ if [ \-f "$startup" ]; then
+ exec "$startup"
+ else
+ if [ \-f "$resources" ]; then
+ xrdb \-load "$resources"
+ fi
+ twm &
+ xman \-geometry +10\-10 &
+ exec xterm \-geometry 80x24+10+10 \-ls
+ fi
+
+.fi
+.PP
+The user's \fI.xsession\fP file might look something like this
+example. Don't forget that the file must have execute permission.
+.nf
+\& #! /bin/csh
+\& # no \-f in the previous line so .cshrc gets run to set $PATH
+ twm &
+ xrdb \-merge "$HOME/.Xresources"
+ emacs \-geometry +0+50 &
+ xbiff \-geometry \-430+5 &
+ xterm \-geometry \-0+50 -ls
+.fi
+.SH "RESET PROGRAM"
+.PP
+Symmetrical with \fIXstartup\fP,
+the \fIXreset\fP script is run after the user session has
+terminated. Run as root, it should contain commands that undo
+the effects of commands in \fIXstartup,\fP updating entries
+in \fIutmp\fP or \fIwtmp\fP files,
+or unmounting directories from file servers. The environment
+variables that were passed to \fIXstartup\fP are also
+passed to \fIXreset\fP.
+.PP
+A sample \fIXreset\fP script:
+.nf
+.ta .5i 1i
+\& #!/bin/sh
+\& #
+\& # Xreset
+\& #
+\& # This program is run as root after the session ends
+\& #
+ sessreg\0\-d\0\-l $DISPLAY\0\-x XDMDIR/Xservers $LOGNAME
+ XDMDIR/TakeConsole
+ exit 0
+.fi
+.SH "CONTROLLING THE SERVER"
+.I Xdm
+controls local servers using POSIX signals. SIGHUP is expected to reset the
+server, closing all client connections and performing other cleanup
+duties. SIGTERM is expected to terminate the server.
+If these signals do not perform the expected actions,
+the resources \fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetSignal\fP and
+\fBDisplayManager.\fP\fIDISPLAY\fP\fB.termSignal\fP can specify alternate signals.
+.PP
+To control remote terminals not using XDMCP,
+.I xdm
+searches the window hierarchy on the display and uses the protocol request
+KillClient in an attempt to clean up the terminal for the next session. This
+may not actually kill all of the clients, as only those which have created
+windows will be noticed. XDMCP provides a more sure mechanism; when
+.I xdm
+closes its initial connection, the session is over and the terminal is
+required to close all other connections.
+.SH "CONTROLLING XDM"
+.PP
+.I Xdm
+responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP,
+.I xdm
+rereads the configuration file, the access control file, and the servers
+file. For the servers file, it notices if entries have been added or
+removed. If a new entry has been added,
+.I xdm
+starts a session on the associated display. Entries which have been removed
+are disabled immediately, meaning that any session in progress will be
+terminated without notice and no new session will be started.
+.PP
+When sent a SIGTERM,
+.I xdm
+terminates all sessions in progress and exits. This can be used when
+shutting down the system.
+.PP
+.I Xdm
+attempts to mark its various sub-processes for
+.IR ps (1)
+by editing the
+command line argument list in place. Because
+.I xdm
+can't allocate additional
+space for this task, it is useful to start
+.I xdm
+with a reasonably long
+command line (using the full path name should be enough).
+Each process which is
+servicing a display is marked \fB\-\fP\fIdisplay.\fP
+.SH "ADDITIONAL LOCAL DISPLAYS"
+.PP
+To add an additional local display, add a line for it to the
+\fIXservers\fP file.
+(See the section \fBLocal Server Specification\fP.)
+.PP
+Examine the display-specific resources in \fIxdm-config\fP
+(e.g., \fBDisplayManager._0.authorize\fP)
+and consider which of them should be copied for the new display.
+The default \fIxdm-config\fP has all the appropriate lines for
+displays \fB:0\fP and \fB:1\fP.
+.SH "OTHER POSSIBILITIES"
+.PP
+You can use \fIxdm\fP
+to run a single session at a time, using the 4.3 \fIinit\fP
+options or other suitable daemon by specifying the server on the command
+line:
+.nf
+.ta .5i
+
+ xdm \-server \(lq:0 SUN-3/60CG4 local BINDIR/X :0\(rq
+
+.fi
+.PP
+Or, you might have a file server and a collection of X terminals. The
+configuration for this is identical to the sample above,
+except the \fIXservers\fP file would look like
+.nf
+.ta .5i
+
+ extol:0 VISUAL-19 foreign
+ exalt:0 NCD-19 foreign
+ explode:0 NCR-TOWERVIEW3000 foreign
+
+.fi
+.PP
+This directs
+.I xdm
+to manage sessions on all three of these terminals. See the section
+\fBControlling Xdm\fP for a description of using signals to enable
+and disable these terminals in a manner reminiscent of
+.IR init (__adminmansuffix__).
+.SH LIMITATIONS
+One thing that
+.I xdm
+isn't very good at doing is coexisting with other window systems. To use
+multiple window systems on the same hardware, you'll probably be more
+interested in
+.I xinit.
+.SH FILES
+.TP 20
+.I XDMDIR/xdm-config
+the default configuration file
+.TP 20
+.I $HOME/.Xauthority
+user authorization file where \fIxdm\fP stores keys for clients to read
+.TP 20
+.I CHOOSERPATH
+the default chooser
+.TP 20
+.I BINDIR/xrdb
+the default resource database loader
+.TP 20
+.I BINDIR/X
+the default server
+.TP 20
+.I BINDIR/xterm
+the default session program and failsafe client
+.TP 20
+.I XDMXAUTHDIR/A<display>\-<suffix>
+the default place for authorization files
+.TP 20
+.I /tmp/K5C<display>
+Kerberos credentials cache
+.SH "SEE ALSO"
+.IR X (__miscmansuffix__),
+.IR xinit (__appmansuffix__),
+.IR xauth (__appmansuffix__),
+.IR xrdb (__appmansuffix__),
+.IR Xsecurity (__miscmansuffix__),
+.IR sessreg (__appmansuffix__),
+.IR Xserver (__appmansuffix__),
+.\" .IR chooser (__appmansuffix__), \" except that there isn't a manual for it yet
+.IR xdmshell (__appmansuffix__),
+.IR fonts.conf (__filemansuffix__).
+.br
+.I "X Display Manager Control Protocol"
+.br
+.RI "IETF RFC 4291: " "IP Version 6 Addressing Architecture" .
+.SH AUTHOR
+Keith Packard, MIT X Consortium
diff --git a/man/xdmshell.man b/man/xdmshell.man
new file mode 100644
index 0000000..8f27193
--- /dev/null
+++ b/man/xdmshell.man
@@ -0,0 +1,108 @@
+.\" Copyright 1989 The Open Group
+.\"
+.\" Permission to use, copy, modify, distribute, and sell this software and its
+.\" documentation for any purpose is hereby granted without fee, provided that
+.\" the above copyright notice appear in all copies and that both that
+.\" copyright notice and this permission notice appear in supporting
+.\" documentation.
+.\"
+.\" The above copyright notice and this permission notice shall be included
+.\" in all copies or substantial portions of the Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+.\" OTHER DEALINGS IN THE SOFTWARE.
+.\"
+.\" Except as contained in this notice, the name of The Open Group shall
+.\" not be used in advertising or otherwise to promote the sale, use or
+.\" other dealings in this Software without prior written authorization
+.\" from The Open Group.
+.\"
+.\" Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+.\"
+.\" Permission is hereby granted, free of charge, to any person obtaining a
+.\" copy of this software and associated documentation files (the "Software"),
+.\" to deal in the Software without restriction, including without limitation
+.\" the rights to use, copy, modify, merge, publish, distribute, sublicense,
+.\" and/or sell copies of the Software, and to permit persons to whom the
+.\" Software is furnished to do so, subject to the following conditions:
+.\"
+.\" The above copyright notice and this permission notice (including the next
+.\" paragraph) shall be included in all copies or substantial portions of the
+.\" Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+.\" THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+.\" LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+.\" FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+.\" DEALINGS IN THE SOFTWARE.
+.\"
+.\"
+.TH XDMSHELL __appmansuffix__ __xorgversion__
+.SH NAME
+xdmshell \- shell for starting xdm on login
+.SH SYNOPSIS
+.B BINDIR/xdmshell
+.SH DESCRIPTION
+.I Xdmshell
+can be used on systems that are configured to start a console in text mode by
+default, to allow users to start the X display manager by logging in as a
+special user with the shell set to the xdmshell program.
+.LP
+Many servers set the keyboard to do non-blocking I/O under the assumption that
+they are the only programs attempting to read from the keyboard.
+Unfortunately, some versions of \fIgetty\fP(__adminmansuffix__) will
+immediately see a continuous stream of zero-length reads which they interpret
+as end-of-file indicators. Eventually, \fIinit\fP(__adminmansuffix__) will
+disable logins on that line until somebody types the following as root:
+.RS
+\# kill -HUP 1
+.RE
+.LP
+On some platforms, one alternative is to disable logins on the console
+and always run \fIxdm\fP(__appmansuffix__) from \fI/etc/inittab\fP.
+.LP
+Another approach is to set up an account whose shell is the \fIxdmshell\fP
+program found in the xdm distribution. This program is not installed by
+default so that site administrators will examine it to see if it meets their
+needs. The \fIxdmshell\fP utility makes sure that it is being run from the
+appropriate type of terminal, starts \fIxdm\fP, waits for it to finish, and
+then resets the console if necessary. If the \fIxdm\fP resources file
+(specified by the \fIDisplayManager*resources\fP entry in the
+\fIxdm-config\fP file) contains a binding to the \fIabort-display\fP action
+similar to the following
+.RS
+xlogin*login.translations: #override Ctrl<Key>R: abort-display()
+.RE
+the console can then by restored by pressing the indicated key
+(Control-R in the above example) in the \fIxdm\fP login window.
+.LP
+.ne 10
+The \fIxdmshell\fP program is usually
+installed setuid to root but executable only by members of a special group,
+of which the only member is the account which has \fIxdmshell\fP as its shell:
+.RS
+.nf
+% grep xdm /etc/passwd
+x::101:51:Account for starting up X:/tmp:BINDIR/xdmshell
+% grep 51 /etc/group
+xdmgrp:*:51:
+% ls -lg BINDIR/xdmshell
+-rws--x--- 1 root xdmgrp 20338 Nov 1 01:32 BINDIR/xdmshell
+.fi
+.RE
+.LP
+If the \fIxdm\fP resources have not been configured to have a key bound to
+the \fIabort-display()\fP action, there will be no way for general users to
+login to the console directly. Whether or not this is desirable depends on
+the particular site.
+.SH "SEE ALSO"
+.IR X (__miscmansuffix__),
+.IR xdm (__appmansuffix__),
+.IR xinit (__appmansuffix__)
diff --git a/xdm.man.cpp b/xdm.man.cpp
deleted file mode 100644
index 9ba7379..0000000
--- a/xdm.man.cpp
+++ /dev/null
@@ -1,1455 +0,0 @@
-.\" Copyright 1988, 1994, 1998 The Open Group
-.\"
-.\" Permission to use, copy, modify, distribute, and sell this software and its
-.\" documentation for any purpose is hereby granted without fee, provided that
-.\" the above copyright notice appear in all copies and that both that
-.\" copyright notice and this permission notice appear in supporting
-.\" documentation.
-.\"
-.\" The above copyright notice and this permission notice shall be included
-.\" in all copies or substantial portions of the Software.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-.\" OTHER DEALINGS IN THE SOFTWARE.
-.\"
-.\" Except as contained in this notice, the name of The Open Group shall
-.\" not be used in advertising or otherwise to promote the sale, use or
-.\" other dealings in this Software without prior written authorization
-.\" from The Open Group.
-.\"
-.\"
-.TH XDM 1 __xorgversion__
-.SH NAME
-xdm \- X Display Manager with support for XDMCP, host chooser
-.SH SYNOPSIS
-.B xdm
-[
-.B \-config
-.I configuration_file
-] [
-.B \-nodaemon
-] [
-.B \-debug
-.I debug_level
-] [
-.B \-error
-.I error_log_file
-] [
-.B \-resources
-.I resource_file
-] [
-.B \-server
-.I server_entry
-] [
-.B \-session
-.I session_program
-]
-.SH DESCRIPTION
-.I Xdm
-manages a collection of X displays, which may be on the local host
-or remote servers. The design of
-.I xdm
-was guided by the needs of X terminals as well as The Open Group standard
-XDMCP, the \fIX Display Manager Control Protocol\fP.
-.I Xdm
-provides services similar to those provided by \fIinit\fP, \fIgetty\fP
-and \fIlogin\fP on character terminals: prompting for login name and password,
-authenticating the user, and running a ``session.''
-.PP
-A ``session'' is defined by the lifetime of a particular process; in the
-traditional character-based terminal world, it is the user's login shell.
-In the
-.I xdm
-context, it is an arbitrary session manager. This is because in a windowing
-environment, a user's login shell process does not necessarily have any
-terminal-like interface with which to connect.
-When a real session manager is not available, a window manager or terminal
-emulator is typically used as the ``session manager,'' meaning that
-termination of this process terminates the user's session.
-.PP
-When the session is terminated, \fIxdm\fP
-resets the X server and (optionally) restarts the whole process.
-.PP
-When \fIxdm\fP receives an Indirect query via XDMCP, it can run a
-\fIchooser\fP process to
-perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts)
-on behalf of the display and
-offer a menu of possible hosts that offer XDMCP display management.
-This feature is useful with X terminals that do not offer a host
-menu themselves.
-.PP
-.I Xdm
-can be configured to ignore BroadcastQuery messages from selected hosts.
-This is useful when you don't want the host to appear in menus produced
-by
-.I chooser
-or X terminals themselves.
-.PP
-Because
-.I xdm
-provides the first interface that users will see, it is designed to be
-simple to use and easy to customize to the needs of a particular site.
-.I Xdm
-has many options, most of which have reasonable defaults. Browse through the
-various sections of this manual,
-picking and choosing the things you want to change.
-Pay particular attention to the
-.B "Session Program"
-section, which will describe how to
-set up the style of session desired.
-.SH "OVERVIEW"
-\fIxdm\fP is highly configurable, and most of its behavior can be
-controlled by resource files and shell scripts. The names of these
-files themselves are resources read from the file \fIxdm-config\fP or
-the file named by the \fB\-config\fP option.
-.PP
-\fIxdm\fP offers display management two different ways. It can manage
-X servers running on the local machine and specified in
-\fIXservers\fP, and it can manage remote X servers (typically X
-terminals) using XDMCP (the XDM Control Protocol)
-as specified in the \fIXaccess\fP file.
-.PP
-The resources of the X clients run by \fIxdm\fP outside the user's
-session, including \fIxdm\fP's own login window, can be
-affected by setting resources in the \fIXresources\fP file.
-.PP
-For X terminals that do not offer a menu of hosts to get display
-management from, \fIxdm\fP can collect willing hosts and run the
-\fIchooser\fP program to offer the user a menu.
-For X displays attached to a host, this step is typically not used, as
-the local host does the display management.
-.PP
-After resetting the X server, \fIxdm\fP runs the \fIXsetup\fP script
-to assist in setting up the screen the user sees along with the
-\fIxlogin\fP widget.
-.PP
-The \fIxlogin\fP widget, which \fIxdm\fP presents,
-offers the familiar login and password prompts.
-.PP
-After the user logs in, \fIxdm\fP runs the \fIXstartup\fP script as
-root.
-.PP
-Then \fIxdm\fP runs the \fIXsession\fP script as the user. This
-system session file may do some additional startup and typically runs
-the \fI.xsession\fP script in the user's home directory.
-When the \fIXsession\fP script exits, the session is over.
-.PP
-At the end of the session, the \fIXreset\fP script is run to clean up,
-the X server is reset, and the cycle starts over.
-.PP
-The file \fI XDMLOGDIR/xdm.log\fP will contain error
-messages from
-.I xdm
-and anything output to stderr by \fIXsetup, Xstartup, Xsession\fP
-or \fIXreset\fP.
-When you have trouble getting
-.I xdm
-working, check this file to see if
-.I xdm
-has any clues to the trouble.
-.SH OPTIONS
-.PP
-All of these options, except \fB\-config\fP itself,
-specify values that can also be specified in the configuration file
-as resources.
-.IP "\fB\-config\fP \fIconfiguration_file\fP"
-Names the configuration file, which specifies resources to control
-the behavior of
-.I xdm.
-.I XDMDIR/xdm-config
-is the default.
-See the section \fBConfiguration File\fP.
-.IP "\fB\-nodaemon\fP"
-Specifies ``false'' as the value for the \fBDisplayManager.daemonMode\fP
-resource.
-This suppresses the normal daemon behavior, which is for
-.I xdm
-to close all file descriptors, disassociate itself from
-the controlling terminal, and put
-itself in the background when it first starts up.
-.IP "\fB\-debug\fP \fIdebug_level\fP"
-Specifies the numeric value for the \fBDisplayManager.debugLevel\fP
-resource. A non-zero value causes
-.I xdm
-to print lots of debugging statements to the terminal; it also disables the
-\fBDisplayManager.daemonMode\fP resource, forcing
-.I xdm
-to run synchronously. To interpret these debugging messages, a copy
-of the source code for
-.I xdm
-is almost a necessity. No attempt has been
-made to rationalize or standardize the output.
-.IP "\fB\-error\fP \fIerror_log_file\fP"
-Specifies the value for the \fBDisplayManager.errorLogFile\fP resource.
-This file contains errors from
-.I xdm
-as well as anything written to stderr by the various scripts and programs
-run during the progress of the session.
-.IP "\fB\-resources\fP \fIresource_file\fP"
-Specifies the value for the \fBDisplayManager*resources\fP resource. This file
-is loaded using
-.IR xrdb (__appmansuffix__)
-to specify configuration parameters for the
-authentication widget.
-.IP "\fB\-server\fP \fIserver_entry\fP"
-Specifies the value for the \fBDisplayManager.servers\fP resource.
-See the section
-.B "Local Server Specification"
-for a description of this resource.
-.IP "\fB\-udpPort\fP \fIport_number\fP"
-Specifies the value for the \fBDisplayManager.requestPort\fP resource. This
-sets the port-number which
-.I xdm
-will monitor for XDMCP requests. If set to 0, xdm will not listen
-for XDMCP or Chooser requests. As XDMCP uses the registered well-known
-UDP port 177, this resource should not be changed to a value other than 0,
-except for debugging.
-.IP "\fB\-session\fP \fIsession_program\fP"
-Specifies the value for the \fBDisplayManager*session\fP resource. This
-indicates the program to run as the session after the user has logged in.
-.IP "\fB\-xrm\fP \fIresource_specification\fP"
-Allows an arbitrary resource to be specified, as in most
-X Toolkit applications.
-.SH RESOURCES
-At many stages the actions of
-.I xdm
-can be controlled through the use of its configuration file, which is in the
-X resource format.
-Some resources modify the behavior of
-.I xdm
-on all displays,
-while others modify its behavior on a single display. Where actions relate
-to a specific display,
-the display name is inserted into the resource name between
-``DisplayManager'' and the final resource name segment.
-.PP
-For local displays, the resource name and class are as read from the
-\fIXservers\fP file.
-.PP
-For remote displays, the resource name is what the network address of
-the display resolves to. See the \fBremoveDomain\fP resource. The
-name must match exactly; \fIxdm\fP is not aware of
-all the network aliases that might reach a given display.
-If the name resolve fails, the address is
-used. The resource class is as sent by the display in the XDMCP
-Manage request.
-.PP
-Because the resource
-manager uses colons to separate the name of the resource from its value and
-dots to separate resource name parts,
-.I xdm
-substitutes underscores for both dots and colons when generating the resource
-name.
-For example, \fBDisplayManager.expo_x_org_0.startup\fP is the name of the
-resource which defines the startup shell file for the ``expo.x.org:0'' display.
-.\"
-.IP "\fBDisplayManager.servers\fP"
-This resource either specifies a file name full of server entries, one per
-line (if the value starts with a slash), or a single server entry.
-See the section \fBLocal Server Specification\fP for the details.
-.IP "\fBDisplayManager.requestPort\fP"
-This indicates the UDP port number which
-.I xdm
-uses to listen for incoming XDMCP requests. Unless you need to debug the
-system, leave this with its default value of 177.
-.IP "\fBDisplayManager.errorLogFile\fP"
-Error output is normally directed at the system console. To redirect it,
-set this resource to a file name. A method to send these messages to
-.I syslog
-should be developed for systems which support it; however, the
-wide variety of interfaces precludes any system-independent
-implementation. This file also contains any output directed to stderr
-by the \fIXsetup, Xstartup, Xsession\fP and \fIXreset\fP files,
-so it will contain descriptions
-of problems in those scripts as well.
-.IP "\fBDisplayManager.debugLevel\fP"
-If the integer value of this resource is greater than zero,
-reams of
-debugging information will be printed. It also disables daemon mode, which
-would redirect the information into the bit-bucket, and
-allows non-root users to run
-.I xdm,
-which would normally not be useful.
-.IP "\fBDisplayManager.daemonMode\fP"
-Normally,
-.I xdm
-attempts to make itself into a daemon process unassociated with any terminal.
-This is
-accomplished by forking and leaving the parent process to exit, then closing
-file descriptors and releasing the controlling terminal. In some
-environments this is not desired (in particular, when debugging). Setting
-this resource to ``false'' will disable this feature.
-.IP "\fBDisplayManager.pidFile\fP"
-The filename specified will be created to contain an ASCII
-representation of the process-id of the main
-.I xdm
-process.
-.I Xdm
-also uses file locking on this file
-to attempt to eliminate multiple daemons running on
-the same machine, which would cause quite a bit of havoc.
-.IP "\fBDisplayManager.lockPidFile\fP"
-This is the resource which controls whether
-.I xdm
-uses file locking to keep multiple display managers from running amok.
-On System V, this
-uses the \fIlockf\fP library call, while on BSD it uses \fIflock.\fP
-.IP "\fBDisplayManager.authDir\fP"
-This names a directory under which
-.I xdm
-stores authorization files while initializing the session. The
-default value is \fI XDMXAUTHDIR.\fP
-Can be overridden for specific displays by
-DisplayManager.\fIDISPLAY\fP.authFile.
-.IP \fBDisplayManager.autoRescan\fP
-This boolean controls whether
-.I xdm
-rescans the configuration, servers, access control and authentication keys
-files after a session terminates and the files have changed. By default it
-is ``true.'' You can force
-.I xdm
-to reread these files by sending a SIGHUP to the main process.
-.IP "\fBDisplayManager.removeDomainname\fP"
-When computing the display name for XDMCP clients, the name resolver will
-typically create a fully qualified host name for the terminal. As this is
-sometimes confusing,
-.I xdm
-will remove the domain name portion of the host name if it is the same as the
-domain name of the local host when this variable is set. By default the
-value is ``true.''
-.IP "\fBDisplayManager.keyFile\fP"
-XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key
-be shared between
-.I xdm
-and the terminal. This resource specifies the file containing those
-values. Each entry in the file consists of a display name and the shared
-key. By default,
-.I xdm
-does not include support for XDM-AUTHENTICATION-1, as it requires DES which
-is not generally distributable because of United States export restrictions.
-.IP \fBDisplayManager.accessFile\fP
-To prevent unauthorized XDMCP service and to allow forwarding of XDMCP
-IndirectQuery requests, this file contains a database of hostnames which are
-either allowed direct access to this machine, or have a list of hosts to
-which queries should be forwarded to. The format of this file is described
-in the section
-.B "XDMCP Access Control."
-.IP \fBDisplayManager.exportList\fP
-A list of additional environment variables, separated by white space,
-to pass on to the \fIXsetup\fP,
-\fIXstartup\fP, \fIXsession\fP, and \fIXreset\fP programs.
-.IP \fBDisplayManager.randomFile\fP
-A file to checksum to generate the seed of authorization keys.
-This should be a file that changes frequently.
-This resource is valid only when the arc4random() function
-has been detected at installation.
-The default is \fI/dev/mem\fP.
-.IP \fBDisplayManager.randomDevice\fP
-A file to read 8 bytes from to generate the seed of authorization keys.
-The default (if detected) is \fI DEV_RANDOM \fP. If this file cannot be read, or if a
-read blocks for more than 5 seconds, xdm falls back to using a checksum
-of \fBDisplayManager.randomFile\fP to generate the seed.
-This resource is valid only when a device providing a random data source
-has been detected at installation.
-.IP \fBDisplayManager.prngdSocket\fP
-.IP \fBDisplayManager.prngPort\fP
-A UNIX domain socket name or a TCP socket port number on local host on
-which a Pseudo-Random Number Generator Daemon, like EGD
-(http://egd.sourceforge.net) is listening, in order to generate the
-autorization keys. Either a non null port or a valid socket name must
-be specified. The default is to use the Unix-domain socket
-\fI/tmp/entropy\fP.
-This resource is valid only when the arc4random() function
-has been detected at installation.
-.PP
-On systems that don't have such a daemon, a fall-back entropy
-gathering system, based on various log file contents hashed by the MD5
-algorithm is used instead.
-.IP \fBDisplayManager.greeterLib\fP
-On systems that support a dynamically-loadable greeter library, the
-name of the library. The default is
-\fI DEF_GREETER_LIB\fP.
-.IP \fBDisplayManager.choiceTimeout\fP
-Number of seconds to wait for display to respond after user has
-selected a host from the chooser. If the display sends an XDMCP
-IndirectQuery within this time, the request is forwarded to the chosen
-host. Otherwise, it is assumed to be from a new session and the
-chooser is offered again.
-Default is 15.
-.IP \fBDisplayManager.sourceAddress\fP
-Use the numeric IP address of the incoming connection on multihomed hosts
-instead of the host name. This is to avoid trying to connect on the wrong
-interface which might be down at this time.
-.IP \fBDisplayManager.willing\fP
-This specifies a program which is run (as) root when an an XDMCP
-BroadcastQuery is received and this host is configured to offer XDMCP
-display management. The output of this program may be displayed on a chooser
-window. If no program is specified, the string \fIWilling to manage\fP is
-sent.
-.PP
-.\"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP"
-This resource specifies the name of the file to be loaded by \fIxrdb\fP
-as the resource database onto the root window of screen 0 of the display.
-The \fIXsetup\fP program, the Login widget, and \fIchooser\fP will use
-the resources set in this file.
-This resource data base is loaded just before the authentication procedure
-is started, so it can control the appearance of the login window. See the
-section
-.B "Authentication Widget,"
-which describes the various
-resources that are appropriate to place in this file.
-There is no default value for this resource, but
-\fI XDMDIR/Xresources\fP
-is the conventional name.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP"
-Specifies the program run to offer a host menu for Indirect queries
-redirected to the special host name CHOOSER.
-\fI CHOOSERPATH \fP is the default.
-See the sections \fBXDMCP Access Control\fP and \fBChooser\fP.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.xrdb\fP"
-Specifies the program used to load the resources. By default,
-.I xdm
-uses \fI BINDIR/xrdb\fP.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.cpp\fP"
-This specifies the name of the C preprocessor which is used by \fIxrdb\fP.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.setup\fP"
-This specifies a program which is run (as root) before offering the
-Login window. This may be used to change the appearance of the screen
-around the Login window or to put up other windows (e.g., you may want
-to run \fIxconsole\fP here).
-By default, no program is run. The conventional name for a
-file used here is \fIXsetup\fP.
-See the section \fBSetup Program.\fP
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.startup\fP"
-This specifies a program which is run (as root) after the authentication
-process succeeds. By default, no program is run. The conventional name for a
-file used here is \fIXstartup\fP.
-See the section \fBStartup Program.\fP
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.session\fP"
-This specifies the session to be executed (not running as root).
-By default, \fI BINDIR/xterm\fP is
-run. The conventional name is \fIXsession\fP.
-See the section
-.B "Session Program."
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.reset\fP"
-This specifies a program which is run (as root) after the session terminates.
-By default, no program is run.
-The conventional name is \fIXreset\fP.
-See the section
-.B "Reset Program."
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openDelay\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openRepeat\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.openTimeout\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.startAttempts\fP"
-These numeric resources control the behavior of
-.I xdm
-when attempting to open intransigent servers. \fBopenDelay\fP is
-the length of the
-pause (in seconds) between successive attempts, \fBopenRepeat\fP is the
-number of attempts to make, \fBopenTimeout\fP is the amount of time
-to wait while actually
-attempting the open (i.e., the maximum time spent in the
-.IR connect (2)
-system call) and \fBstartAttempts\fP is the number of times this entire process
-is done before giving up on the server. After \fBopenRepeat\fP attempts have been made,
-or if \fBopenTimeout\fP seconds elapse in any particular attempt,
-.I xdm
-terminates and restarts the server, attempting to connect again.
-This
-process is repeated \fBstartAttempts\fP times, at which point the display is
-declared dead and disabled. Although
-this behavior may seem arbitrary, it has been empirically developed and
-works quite well on most systems. The default values are
-5 for \fBopenDelay\fP, 5 for \fBopenRepeat\fP, 30 for \fBopenTimeout\fP and
-4 for \fBstartAttempts\fP.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.pingInterval\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.pingTimeout\fP"
-To discover when remote displays disappear,
-.I xdm
-occasionally pings them, using an X connection and \fIXSync\fP
-calls. \fBpingInterval\fP specifies the time (in minutes) between each
-ping attempt, \fBpingTimeout\fP specifies the maximum amount of time (in
-minutes) to wait for the terminal to respond to the request. If the
-terminal does not respond, the session is declared dead and terminated. By
-default, both are set to 5 minutes. If you frequently use X terminals which
-can become isolated from the managing host, you may wish to increase this
-value. The only worry is that sessions will continue to exist after the
-terminal has been accidentally disabled.
-.I xdm
-will not ping local displays. Although it would seem harmless, it is
-unpleasant when the workstation session is terminated as a result of the
-server hanging for NFS service and not responding to the ping.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.terminateServer\fP"
-This boolean resource specifies whether the X server should be terminated
-when a session terminates (instead of resetting it). This option can be
-used when the server tends to grow without bound over time, in order to limit
-the amount of time the server is run. The default value is ``false.''
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.userPath\fP"
-.I Xdm
-sets the PATH environment variable for the session to this value. It should
-be a colon separated list of directories; see
-.IR sh (1)
-for a full description.
-The default value is ``DEF_USER_PATH''.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP"
-.I Xdm
-sets the PATH environment variable for the startup and reset scripts to the
-value of this resource. The default for this resource is ``DEF_SYSTEM_PATH''.
-Note the absence of ``.'' from this entry. This is a good practice to
-follow for root; it avoids many common Trojan Horse system penetration
-schemes.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP"
-.I Xdm
-sets the SHELL environment variable for the startup and reset scripts to the
-value of this resource. It is \fI/bin/sh\fP by default.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.failsafeClient\fP"
-If the default session fails to execute,
-.I xdm
-will fall back to this program. This program is executed with no
-arguments, but executes using the same environment variables as
-the session would have had (see the section \fBSession Program\fP).
-By default, \fI BINDIR/xterm\fP is used.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabTimeout\fP"
-To improve security,
-.I xdm
-grabs the server and keyboard while reading the login name and password.
-The
-\fBgrabServer\fP resource specifies if the server should be held for the
-duration of the name/password reading. When ``false,'' the server is ungrabbed
-after the keyboard grab succeeds, otherwise the server is grabbed until just
-before the session begins. The default is ``false.''
-The \fBgrabTimeout\fP resource specifies the maximum time
-.I xdm
-will wait for the grab to succeed. The grab may fail if some other
-client has the server grabbed, or possibly if the network latencies
-are very high. This resource has a default value of 3 seconds; you
-should be cautious when raising it, as a user can be spoofed by a
-look-alike window on the display. If the grab fails,
-.I xdm
-kills and restarts the server (if possible) and the session.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authorize\fP"
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authName\fP"
-\fBauthorize\fP is a boolean resource which controls whether
-.I xdm
-generates and uses authorization for the local server connections. If
-authorization is used, \fBauthName\fP is a list
-of authorization mechanisms to use, separated by white space.
-XDMCP connections dynamically specify which
-authorization mechanisms are supported, so
-\fBauthName\fP is ignored in this case. When \fBauthorize\fP is set for a
-display and authorization is not available, the user is informed by having a
-different message displayed in the login widget. By default, \fBauthorize\fP
-is ``true,'' \fBauthName\fP is ``MIT-MAGIC-COOKIE-1,'' or, if
-XDM-AUTHORIZATION-1 is available, ``XDM-AUTHORIZATION-1\0MIT-MAGIC-COOKIE-1.''
-.IP \fBDisplayManager.\fP\fIDISPLAY\fP\fB.authFile\fP
-This file is used to communicate the authorization data from
-.I xdm
-to the server, using the \fB\-auth\fP server command line option.
-It should be
-kept in a directory which is not world-writable as it could easily be
-removed, disabling the authorization mechanism in the server.
-If not specified, a name is generated from DisplayManager.authDir and
-the name of the display.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.authComplain\fP"
-If set to ``false,'' disables the use of the \fBunsecureGreeting\fP
-in the login window.
-See the section \fBAuthentication Widget.\fP
-The default is ``true.''
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetSignal\fP"
-The number of the signal \fIxdm\fP sends to reset the server.
-See the section \fBControlling the Server.\fP
-The default is 1 (SIGHUP).
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.termSignal\fP"
-The number of the signal \fIxdm\fP sends to terminate the server.
-See the section \fBControlling the Server.\fP
-The default is 15 (SIGTERM).
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetForAuth\fP"
-The original implementation of authorization in the sample server reread the
-authorization file at server reset time, instead of when checking the
-initial connection. As
-.I xdm
-generates the authorization information just before connecting to the
-display, an old server would not get up-to-date authorization information.
-This resource causes
-.I xdm
-to send SIGHUP to the server after setting up the file, causing an
-additional server reset to occur, during which time the new authorization
-information will be read.
-The default is ``false,'' which will work for all MIT servers.
-.IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.userAuthDir\fP"
-When
-.I xdm
-is unable to write to the usual user authorization file ($HOME/.Xauthority),
-it creates a unique file name in this directory and points the environment
-variable XAUTHORITY at the created file. It uses \fI/tmp\fP by default.
-.SH "CONFIGURATION FILE"
-First, the
-.I xdm
-configuration file should be set up.
-Make a directory (usually \fI XDMDIR\fP) to contain all
-of the relevant files.
-.LP
-Here is a reasonable configuration file, which could be
-named \fIxdm-config\fP:
-.nf
-
-.ta .5i 4i
-
- DisplayManager.servers: XDMDIR/Xservers
- DisplayManager.errorLogFile: XDMLOGDIR/xdm.log
- DisplayManager*resources: XDMDIR/Xresources
- DisplayManager*startup: XDMDIR/Xstartup
- DisplayManager*session: XDMDIR/Xsession
- DisplayManager.pidFile: XDMPIDDIR/xdm-pid
- DisplayManager._0.authorize: true
- DisplayManager*authorize: false
-
-.fi
-.PP
-Note that this file mostly contains references to other files. Note also
-that some of the resources are specified with ``*'' separating the
-components. These resources can be made unique for each different display,
-by replacing the ``*'' with the display-name, but normally this is not very
-useful. See the \fBResources\fP section for a complete discussion.
-.SH "XDMCP ACCESS CONTROL"
-.PP
-The database file specified by the \fBDisplayManager.accessFile\fP provides
-information which
-.I xdm
-uses to control access from displays requesting XDMCP service. This file
-contains three types of entries: entries which control the response to
-Direct and Broadcast queries, entries which control the response to
-Indirect queries, and macro definitions.
-.PP
-The format of the Direct entries is simple, either a host name or a
-pattern, which is distinguished from a host name by the inclusion of
-one or more meta characters (`*' matches any sequence of 0 or more
-characters, and `?' matches any single character) which are compared against
-the host name of the display device.
-If the entry is a host name, all comparisons are done using
-network addresses, so any name which converts to the correct network address
-may be used.
-For patterns, only canonical host names are used
-in the comparison, so ensure that you do not attempt to match
-aliases.
-Preceding either a host name or a pattern with a `!' character
-causes hosts which
-match that entry to be excluded.
-.PP
-To only respond to Direct queries for a host or pattern,
-it can be followed by the optional ``NOBROADCAST'' keyword.
-This can be used to prevent an xdm server from appearing on
-menus based on Broadcast queries.
-.PP
-An Indirect entry also contains a host name or pattern,
-but follows it with a list of
-host names or macros to which indirect queries should be sent.
-.PP
-A macro definition contains a macro name and a list of host names and
-other macros that
-the macro expands to. To distinguish macros from hostnames, macro
-names start with a `%' character. Macros may be nested.
-.PP
-Indirect entries
-may also specify to have \fIxdm\fP run \fIchooser\fP to offer a menu
-of hosts to connect to. See the section \fBChooser\fP.
-.PP
-When checking access for a particular display host, each entry is scanned in
-turn and the first matching entry determines the response. Direct and
-Broadcast
-entries are ignored when scanning for an Indirect entry and vice-versa.
-.PP
-Blank lines are ignored, `#' is treated as a comment
-delimiter causing the rest of that line to be ignored,
-and `\e\fInewline\fP'
-causes the newline to be ignored, allowing indirect host lists to span
-multiple lines.
-.PP
-Here is an example Xaccess file:
-.LP
-.ta 2i 4i
-.nf
-XCOMM
-XCOMM Xaccess \- XDMCP access control file
-XCOMM
-
-XCOMM
-XCOMM Direct/Broadcast query entries
-XCOMM
-
-!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
-bambi.ogi.edu # allow access from this particular display
-*.lcs.mit.edu # allow access from any display in LCS
-
-*.deshaw.com NOBROADCAST # allow only direct access
-*.gw.com # allow direct and broadcast
-
-XCOMM
-XCOMM Indirect query entries
-XCOMM
-
-%HOSTS expo.lcs.mit.edu xenon.lcs.mit.edu
- excess.lcs.mit.edu kanga.lcs.mit.edu
-
-extract.lcs.mit.edu xenon.lcs.mit.edu #force extract to contact xenon
-!xtra.lcs.mit.edu dummy #disallow indirect access
-*.lcs.mit.edu %HOSTS #all others get to choose
-.fi
-.PP
-If compiled with IPv6 support, multicast address groups may also be included
-in the list of addresses indirect queries are set to. Multicast addresses
-may be followed by an optional / character and hop count. If no hop count is
-specified, the multicast hop count defaults to 1, keeping the packet on the
-local network. For IPv4 multicasting, the hop count is used as the TTL.
-.PP
-Examples:
-.LP
-.ta 2.1i 4.5i
-.nf
-rincewind.sample.net ff02::1 #IPv6 Multicast to ff02::1
-\& #with a hop count of 1
-ponder.sample.net CHOOSER 239.192.1.1/16 #Offer a menu of hosts
-\& #who respond to IPv4 Multicast
-\& # to 239.192.1.1 with a TTL of 16
-.fi
-.SH CHOOSER
-.PP
-For X terminals that do not offer a host menu for use with Broadcast
-or Indirect queries, the \fIchooser\fP program can do this for them.
-In the \fIXaccess\fP file, specify ``CHOOSER'' as the first entry in
-the Indirect host list. \fIChooser\fP will send a Query request to
-each of the remaining host names in the list and offer a menu of all
-the hosts that respond.
-.PP
-The list may consist of the word ``BROADCAST,'' in which case
-\fIchooser\fP will send a Broadcast instead, again offering a menu of
-all hosts that respond. Note that on some operating systems, UDP
-packets cannot be broadcast, so this feature will not work.
-.PP
-Example \fIXaccess\fP file using \fIchooser\fP:
-
-.nf
-extract.lcs.mit.edu CHOOSER %HOSTS #offer a menu of these hosts
-xtra.lcs.mit.edu CHOOSER BROADCAST #offer a menu of all hosts
-.fi
-.PP
-The program to use for \fIchooser\fP is specified by the
-\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP resource. For more
-flexibility at this step, the chooser could be a shell script.
-\fIChooser\fP is the session manager here; it is run instead of a
-child \fIxdm\fP to manage the display.
-.PP
-Resources for this program
-can be put into the file named by
-\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP.
-.PP
-When the user selects a host, \fIchooser\fP prints the host chosen,
-which is read by the parent \fIxdm\fP, and exits.
-\fIxdm\fP closes its connection to the X server, and the server resets
-and sends another \fBIndirect\fP XDMCP request.
-\fIxdm\fP remembers the user's choice (for
-\fBDisplayManager.choiceTimeout\fP seconds) and forwards the request
-to the chosen host, which starts a session on that display.
-.\"
-.SH LISTEN
-The following configuration directive is also defined for the Xaccess
-configuration file:
-.IP "\fBLISTEN\fP \fIinterface\fP \fI[list of multicast group addresses]\fP"
-\fIinterface\fP may be a hostname or IP addresss representing a
-network interface on this machine, or the wildcard * to represent all
-available network interfaces.
-.PP
-If one or more LISTEN lines are specified, xdm only listens for XDMCP
-connections on the specified interfaces. If multicast group addresses
-are listed on a listen line, xdm joins the multicast groups on the
-given interface.
-.PP
-If no LISTEN lines are given, the original behavior of listening on
-all interfaces is preserved for backwards compatibility.
-Additionally, if no LISTEN is specified, xdm joins the default XDMCP
-IPv6 multicast group, when compiled with IPv6 support.
-.PP
-To disable listening for XDMCP connections altogther, a line of LISTEN
-with no addresses may be specified, or the previously supported method
-of setting DisplayManager.requestPort to 0 may be used.
-.PP
-Examples:
-.ta 2i 4i
-.nf
-LISTEN * ff02::1 # Listen on all interfaces and to the
-\& # ff02::1 IPv6 multicast group.
-LISTEN 10.11.12.13 # Listen only on this interface, as long
-\& # as no other listen directives appear in
-\& # file.
-.fi
-.SH "IPv6 MULTICAST ADDRESS SPECIFICATION"
-.PP
-The Internet Assigned Numbers Authority has has assigned
-ff0\fIX\fP:0:0:0:0:0:0:12b as the permanently assigned range of
-multicast addresses for XDMCP. The \fIX\fP in the prefix may be replaced
-by any valid scope identifier, such as 1 for Interface-Local, 2 for Link-Local,
-5 for Site-Local, and so on. (See IETF RFC 4291 or its replacement for
-further details and scope definitions.) xdm defaults to listening on the
-Link-Local scope address ff02:0:0:0:0:0:0:12b to most closely match the
-old IPv4 subnet broadcast behavior.
-.SH "LOCAL SERVER SPECIFICATION"
-.PP
-The resource \fBDisplayManager.servers\fP gives a server specification
-or, if the values starts with a slash (/), the name of a file
-containing server specifications, one per line.
-.PP
-Each specification
-indicates a display which should constantly be managed and which is
-not using XDMCP.
-This method is used typically for local servers only. If the resource
-or the file named by the resource is empty, \fIxdm\fP will offer XDMCP
-service only.
-.PP
-Each specification consists of at least three parts: a display
-name, a display class, a display type, and (for local servers) a command
-line to start the server. A typical entry for local display number 0 would
-be:
-.nf
-
- :0 Digital-QV local BINDIR/X :0
-
-.fi
-The display types are:
-.ta 1i
-.nf
-
-local local display: \fIxdm\fP must run the server
-foreign remote display: \fIxdm\fP opens an X connection to a running server
-
-.fi
-.PP
-The display name must be something that can be passed in the \fB\-display\fP
-option to an X program. This string is used to generate the display-specific
-resource names, so be careful to match the
-names (e.g., use ``:0 Sun-CG3 local BINDIR/X :0'' instead of
-``localhost:0 Sun-CG3 local BINDIR/X :0''
-if your other resources are specified as
-``DisplayManager._0.session''). The display class portion is also used in the
-display-specific resources, as the class of the resource. This is
-useful if you have a large collection of similar displays (such as a corral of
-X terminals) and would like to set resources for groups of them. When using
-XDMCP, the display is required to specify the display class, so the manual
-for your particular X terminal should document the display class
-string for your device. If it doesn't, you can run
-.I xdm
-in debug mode and
-look at the resource strings which it generates for that device, which will
-include the class string.
-.PP
-When \fIxdm\fP starts a session, it sets up authorization data for the
-server. For local servers, \fIxdm\fP passes
-``\fB\-auth\fP \fIfilename\fP'' on the server's command line to point
-it at its authorization data.
-For XDMCP servers, \fIxdm\fP passes the
-authorization data to the server via the \fBAccept\fP XDMCP request.
-.SH RESOURCES FILE
-The \fIXresources\fP file is
-loaded onto the display as a resource database using
-.I xrdb.
-As the authentication
-widget reads this database before starting up, it usually contains
-parameters for that widget:
-.nf
-.ta .5i 1i
-
- xlogin*login.translations: #override
- Ctrl<Key>R: abort-display()
- <Key>F1: set-session-argument(failsafe) finish-field()
- <Key>Return: set-session-argument() finish-field()
- xlogin*borderWidth: 3
- xlogin*greeting: CLIENTHOST
-\& #ifdef COLOR
- xlogin*greetColor: CadetBlue
- xlogin*failColor: red
-\& #endif
-
-.fi
-.PP
-Please note the translations entry; it specifies
-a few new translations for the widget which allow users to escape from the
-default session (and avoid troubles that may occur in it). Note that if
-\&#override is not specified, the default translations are removed and replaced
-by the new value, not a very useful result as some of the default translations
-are quite useful (such as ``<Key>: insert-char ()'' which responds to normal
-typing).
-.PP
-This file may also contain resources for the setup program and \fIchooser\fP.
-.SH "SETUP PROGRAM"
-The \fIXsetup\fP file is run after
-the server is reset, but before the Login window is offered.
-The file is typically a shell script.
-It is run as root, so should be careful about security.
-This is the place to change the root background or bring up other
-windows that should appear on the screen along with the Login widget.
-.PP
-In addition to any specified by \fBDisplayManager.exportList\fP,
-the following environment variables are passed:
-.nf
-.ta .5i 2i
-
- DISPLAY the associated display name
- PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP
- SHELL the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP
- XAUTHORITY may be set to an authority file
-.fi
-.PP
-Note that since \fIxdm\fP grabs the keyboard, any other windows will not be
-able to receive keyboard input. They will be able to interact with
-the mouse, however; beware of potential security holes here.
-If \fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP is set,
-\fIXsetup\fP will not be able to connect
-to the display at all.
-Resources for this program
-can be put into the file named by
-\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP.
-.PP
-Here is a sample \fIXsetup\fP script:
-.nf
-
-\& #!/bin/sh
-\& # Xsetup_0 \- setup script for one workstation
- xcmsdb < XDMDIR/monitors/alex.0
- xconsole\0\-geometry\0480x130\-0\-0\0\-notify\0\-verbose\0\-exitOnFail &
-
-.fi
-.SH "AUTHENTICATION WIDGET"
-The authentication widget prompts the user for the username, password, and/or
-other required authentication data from the keyboard. Nearly every imaginable
-parameter can be controlled with a resource. Resources for this widget
-should be put into the file named by
-\fBDisplayManager.\fP\fIDISPLAY\fP\fB.resources\fP. All of these have reasonable
-default values, so it is not necessary to specify any of them.
-.PP
-The resource file is loaded with
-.IR xrdb (__appmansuffix__)
-so it may use the substitutions defined by that program such as CLIENTHOST
-for the client hostname in the login message, or C pre-processor #ifdef
-statements to produce different displays depending on color depth or other
-variables.
-.PP
-.I Xdm
-can be compiled with support for the
-.IR Xft (__libmansuffix__)
-library for font rendering. If this support is present, font faces are
-specified using the resources with names ending in ``face'' in the
-fontconfig face format described in the
-.I Font Names
-section of
-.IR fonts.conf (__filemansuffix__).
-If not, then fonts are specified using the resources with names ending
-in ``font'' in the traditional
-.I X Logical Font Description
-format described in the
-.I Font Names
-section of
-.IR X (__miscmansuffix__).
-.IP "\fBxlogin.Login.width, xlogin.Login.height, xlogin.Login.x, xlogin.Login.y\fP"
-The geometry of the Login widget is normally computed automatically. If you
-wish to position it elsewhere, specify each of these resources.
-.IP "\fBxlogin.Login.foreground\fP"
-The color used to display the input typed by the user.
-.IP "\fBxlogin.Login.face\fP"
-The face used to display the input typed by the user when built with Xft
-support. The default is ``Serif-18''.
-.IP "\fBxlogin.Login.font\fP"
-The font used to display the input typed by the user when not built with Xft
-support.
-.IP "\fBxlogin.Login.greeting\fP"
-A string which identifies this window.
-The default is ``X Window System.''
-.IP "\fBxlogin.Login.unsecureGreeting\fP"
-When X authorization is requested in the configuration file for this
-display and none is in use, this greeting replaces the standard
-greeting. The default is ``This is an unsecure session''
-.IP "\fBxlogin.Login.greetFace\fP"
-The face used to display the greeting when built with Xft support.
-The default is ``Serif-24:italic''.
-.IP "\fBxlogin.Login.greetFont\fP"
-The font used to display the greeting when not built with Xft support.
-.IP "\fBxlogin.Login.greetColor\fP"
-The color used to display the greeting.
-.IP "\fBxlogin.Login.namePrompt\fP"
-The string displayed to prompt for a user name.
-.I Xrdb
-strips trailing white space from resource values, so to add spaces at
-the end of the prompt (usually a nice thing), add spaces escaped with
-backslashes. The default is ``Login: ''
-.IP "\fBxlogin.Login.passwdPrompt\fP"
-The string displayed to prompt for a password, when not using an authentication
-system such as PAM that provides its own prompts.
-The default is ``Password: ''
-.IP "\fBxlogin.Login.promptFace\fP"
-The face used to display prompts when built with Xft support.
-The default is ``Serif-18:bold''.
-.IP "\fBxlogin.Login.promptFont\fP"
-The font used to display prompts when not built with Xft support.
-.IP "\fBxlogin.Login.promptColor\fP"
-The color used to display prompts.
-.IP "\fBxlogin.Login.changePasswdMessage\fP"
-A message which is displayed when the users password has expired.
-The default is ``Password Change Required''
-.IP "\fBxlogin.Login.fail\fP"
-A message which is displayed when the authentication fails, when not using an
-authentication system such as PAM that provides its own prompts.
-The default is ``Login incorrect''
-.IP "\fBxlogin.Login.failFace\fP"
-The face used to display the failure message when built with Xft support.
-The default is ``Serif-18:bold''.
-.IP "\fBxlogin.Login.failFont\fP"
-The font used to display the failure message when not built with Xft support.
-.IP "\fBxlogin.Login.failColor\fP"
-The color used to display the failure message.
-.IP "\fBxlogin.Login.failTimeout\fP"
-The number of seconds that the failure message is displayed.
-The default is 10.
-.IP "\fBxlogin.Login.logoFileName\fP"
-Name of an XPM format pixmap to display in the greeter window, if built with
-XPM support. The default is no pixmap.
-.IP "\fBxlogin.Login.logoPadding\fP"
-Number of pixels of space between the logo pixmap and other elements of the
-greeter window, if the pixmap is displayed.
-The default is 5.
-.IP "\fBxlogin.Login.useShape\fP"
-If set to ``true'', when built with XPM support, attempt to use the
-X Non-Rectangular Window Shape Extension to set the window shape.
-The default is ``true''.
-.IP "\fBxlogin.Login.hiColor\fP, \fBxlogin.Login.shdColor\fP"
-Raised appearance bezels may be drawn around
-the greeter frame and text input boxes by setting these resources. hiColor
-is the highlight color, used on the top and left sides of the frame, and the
-bottom and right sides of text input areas. shdColor is the shadow color,
-used on the bottom and right sides of the frame, and the top and left sides
-of text input areas.
-The default for both is the foreground color, providing a flat appearance.
-.IP "\fBxlogin.Login.frameWidth\fP"
-frameWidth is the width in pixels of the area
-around the greeter frame drawn in hiColor and shdColor.
-.IP "\fBxlogin.Login.innerFramesWidth\fP"
-innerFramesWidth is the width in pixels of the
-area around text input areas drawn in hiColor and shdColor.
-.IP "\fBxlogin.Login.sepWidth\fP"
-sepWidth is the width in pixels of the
-bezeled line between the greeting and input areas
-drawn in hiColor and shdColor.
-.IP "\fBxlogin.Login.allowRootLogin\fP"
-If set to ``false'', don't allow root (and any other user with uid = 0) to
-log in directly.
-The default is ``true''.
-This setting is only checked by some of the authentication backends at this
-time.
-.IP "\fBxlogin.Login.allowNullPasswd\fP"
-If set to ``true'', allow an otherwise failing password match to succeed
-if the account does not require a password at all.
-The default is ``false'', so only users that have passwords assigned can
-log in.
-.IP "\fBxlogin.Login.echoPasswd\fP"
-If set to ``true'', stars will be rendered instead of the password itself,
-i.e. '***...'.
-The default is ``false''.
-.IP "\fBxlogin.Login.translations\fP"
-This specifies the translations used for the login widget. Refer to the X
-Toolkit documentation for a complete discussion on translations. The default
-translation table is:
-.nf
-.ta .5i 2i
-
- Ctrl<Key>H: delete-previous-character()
- Ctrl<Key>D: delete-character()
- Ctrl<Key>B: move-backward-character()
- Ctrl<Key>F: move-forward-character()
- Ctrl<Key>A: move-to-begining()
- Ctrl<Key>E: move-to-end()
- Ctrl<Key>K: erase-to-end-of-line()
- Ctrl<Key>U: erase-line()
- Ctrl<Key>X: erase-line()
- Ctrl<Key>C: restart-session()
- Ctrl<Key>: abort-session()
- <Key>BackSpace: delete-previous-character()
- <Key>Delete: delete-previous-character()
- <Key>Return: finish-field()
- <Key>: insert-char()
-
-.fi
-.PP
-The actions which are supported by the widget are:
-.IP "delete-previous-character"
-Erases the character before the cursor.
-.IP "delete-character"
-Erases the character after the cursor.
-.IP "move-backward-character"
-Moves the cursor backward.
-.IP "move-forward-character"
-Moves the cursor forward.
-.IP "move-to-begining"
-(Apologies about the spelling error.)
-Moves the cursor to the beginning of the editable text.
-.IP "move-to-end"
-Moves the cursor to the end of the editable text.
-.IP "erase-to-end-of-line"
-Erases all text after the cursor.
-.IP "erase-line"
-Erases the entire text.
-.IP "finish-field"
-If the cursor is in the name field, proceeds to the password field; if the
-cursor is in the password field, checks the current name/password pair. If
-the name/password pair is valid, \fIxdm\fP
-starts the session. Otherwise the failure message is displayed and
-the user is prompted again.
-.IP "abort-session"
-Terminates and restarts the server.
-.IP "abort-display"
-Terminates the server, disabling it. This action
-is not accessible in the default configuration.
-There are various reasons to stop \fIxdm\fP on a system console, such as
-when shutting the system down, when using \fIxdmshell\fP,
-to start another type of server, or to generally access the console.
-Sending \fIxdm\fP a SIGHUP will restart the display. See the section
-\fBControlling XDM\fP.
-.IP "restart-session"
-Resets the X server and starts a new session. This can be used when
-the resources have been changed and you want to test them or when
-the screen has been overwritten with system messages.
-.IP "insert-char"
-Inserts the character typed.
-.IP "set-session-argument"
-Specifies a single word argument which is passed to the session at startup.
-See the section \fBSession Program\fP.
-.IP "allow-all-access"
-Disables access control in the server. This can be used when
-the .Xauthority file cannot be created by
-.I xdm.
-Be very careful using this;
-it might be better to disconnect the machine from the network
-before doing this.
-.PP
-On some systems (OpenBSD) the user's shell must be listed in
-.I /etc/shells
-to allow login through xdm. The normal password and account expiration
-dates are enforced too.
-.SH "STARTUP PROGRAM"
-.PP
-The \fIXstartup\fP program is run as
-root when the user logs in.
-It is typically a shell script.
-Since it is run as root, \fIXstartup\fP should be
-very careful about security. This is the place to put commands which add
-entries to \fIutmp\fP or \fIwtmp\fP files,
-(the \fIsessreg\fP program may be useful here),
-mount users' home directories from file servers,
-or abort the session if logins are not
-allowed.
-.PP
-In addition to any specified by \fBDisplayManager.exportList\fP,
-the following environment variables are passed:
-.nf
-.ta .5i 2i
-
- DISPLAY the associated display name
- HOME the initial working directory of the user
- LOGNAME the user name
- USER the user name
- PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemPath\fP
- SHELL the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP
- XAUTHORITY may be set to an authority file
- WINDOWPATH may be set to the "window path" leading to the X server
-
-.fi
-.PP
-No arguments are passed to the script.
-.I Xdm
-waits until this script exits before starting the user session. If the
-exit value of this script is non-zero,
-.I xdm
-discontinues the session and starts another authentication
-cycle.
-.PP
-The sample \fIXstartup\fP file shown here prevents login while the
-file \fI/etc/nologin\fP
-exists.
-Thus this is not a complete example, but
-simply a demonstration of the available functionality.
-.PP
-Here is a sample \fIXstartup\fP script:
-.nf
-.ta .5i 1i
-
-\& #!/bin/sh
-\& #
-\& # Xstartup
-\& #
-\& # This program is run as root after the user is verified
-\& #
- if [ \-f /etc/nologin ]; then
- xmessage\0\-file /etc/nologin\0\-timeout 30\0\-center
- exit 1
- fi
- sessreg\0\-a\0\-l $DISPLAY\0\-x XDMDIR/Xservers $LOGNAME
- XDMDIR/GiveConsole
- exit 0
-.fi
-.SH "SESSION PROGRAM"
-.PP
-The \fIXsession\fP program is the command which is run as the user's session.
-It is run with
-the permissions of the authorized user.
-.PP
-In addition to any specified by \fBDisplayManager.exportList\fP,
-the following environment variables are passed:
-.nf
-.ta .5i 2i
-
- DISPLAY the associated display name
- HOME the initial working directory of the user
- LOGNAME the user name
- USER the user name
- PATH the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.userPath\fP
- SHELL the user's default shell (from \fIgetpwnam\fP)
- XAUTHORITY may be set to a non-standard authority file
- KRB5CCNAME may be set to a Kerberos credentials cache name
- WINDOWPATH may be set to the "window path" leading to the X server
-
-.fi
-.PP
-At most installations, \fIXsession\fP should look in $HOME for
-a file \fI\.xsession,\fP
-which contains commands that each user would like to use as a session.
-\fIXsession\fP should also
-implement a system default session if no user-specified session exists.
-.PP
-An argument may be passed to this program from the authentication widget
-using the `set-session-argument' action. This can be used to select
-different styles of session. One good use of this feature is to allow
-the user to escape from the ordinary session when it fails. This
-allows users to repair their own \fI.xsession\fP if it fails,
-without requiring administrative intervention.
-The example following
-demonstrates this feature.
-.PP
-This example recognizes
-the special
-``failsafe'' mode, specified in the translations
-in the \fIXresources\fP file, to provide an escape
-from the ordinary session. It also requires that the .xsession file
-be executable so we don't have to guess what shell it wants to use.
-.nf
-.ta .5i 1i 1.5i
-
-\& #!/bin/sh
-\& #
-\& # Xsession
-\& #
-\& # This is the program that is run as the client
-\& # for the display manager.
-
- case $# in
- 1)
- case $1 in
- failsafe)
- exec xterm \-geometry 80x24\-0\-0
- ;;
- esac
- esac
-
- startup=$HOME/.xsession
- resources=$HOME/.Xresources
-
- if [ \-f "$startup" ]; then
- exec "$startup"
- else
- if [ \-f "$resources" ]; then
- xrdb \-load "$resources"
- fi
- twm &
- xman \-geometry +10\-10 &
- exec xterm \-geometry 80x24+10+10 \-ls
- fi
-
-.fi
-.PP
-The user's \fI.xsession\fP file might look something like this
-example. Don't forget that the file must have execute permission.
-.nf
-\& #! /bin/csh
-\& # no \-f in the previous line so .cshrc gets run to set $PATH
- twm &
- xrdb \-merge "$HOME/.Xresources"
- emacs \-geometry +0+50 &
- xbiff \-geometry \-430+5 &
- xterm \-geometry \-0+50 -ls
-.fi
-.SH "RESET PROGRAM"
-.PP
-Symmetrical with \fIXstartup\fP,
-the \fIXreset\fP script is run after the user session has
-terminated. Run as root, it should contain commands that undo
-the effects of commands in \fIXstartup,\fP updating entries
-in \fIutmp\fP or \fIwtmp\fP files,
-or unmounting directories from file servers. The environment
-variables that were passed to \fIXstartup\fP are also
-passed to \fIXreset\fP.
-.PP
-A sample \fIXreset\fP script:
-.nf
-.ta .5i 1i
-\& #!/bin/sh
-\& #
-\& # Xreset
-\& #
-\& # This program is run as root after the session ends
-\& #
- sessreg\0\-d\0\-l $DISPLAY\0\-x XDMDIR/Xservers $LOGNAME
- XDMDIR/TakeConsole
- exit 0
-.fi
-.SH "CONTROLLING THE SERVER"
-.I Xdm
-controls local servers using POSIX signals. SIGHUP is expected to reset the
-server, closing all client connections and performing other cleanup
-duties. SIGTERM is expected to terminate the server.
-If these signals do not perform the expected actions,
-the resources \fBDisplayManager.\fP\fIDISPLAY\fP\fB.resetSignal\fP and
-\fBDisplayManager.\fP\fIDISPLAY\fP\fB.termSignal\fP can specify alternate signals.
-.PP
-To control remote terminals not using XDMCP,
-.I xdm
-searches the window hierarchy on the display and uses the protocol request
-KillClient in an attempt to clean up the terminal for the next session. This
-may not actually kill all of the clients, as only those which have created
-windows will be noticed. XDMCP provides a more sure mechanism; when
-.I xdm
-closes its initial connection, the session is over and the terminal is
-required to close all other connections.
-.SH "CONTROLLING XDM"
-.PP
-.I Xdm
-responds to two signals: SIGHUP and SIGTERM. When sent a SIGHUP,
-.I xdm
-rereads the configuration file, the access control file, and the servers
-file. For the servers file, it notices if entries have been added or
-removed. If a new entry has been added,
-.I xdm
-starts a session on the associated display. Entries which have been removed
-are disabled immediately, meaning that any session in progress will be
-terminated without notice and no new session will be started.
-.PP
-When sent a SIGTERM,
-.I xdm
-terminates all sessions in progress and exits. This can be used when
-shutting down the system.
-.PP
-.I Xdm
-attempts to mark its various sub-processes for
-.IR ps (1)
-by editing the
-command line argument list in place. Because
-.I xdm
-can't allocate additional
-space for this task, it is useful to start
-.I xdm
-with a reasonably long
-command line (using the full path name should be enough).
-Each process which is
-servicing a display is marked \fB\-\fP\fIdisplay.\fP
-.SH "ADDITIONAL LOCAL DISPLAYS"
-.PP
-To add an additional local display, add a line for it to the
-\fIXservers\fP file.
-(See the section \fBLocal Server Specification\fP.)
-.PP
-Examine the display-specific resources in \fIxdm-config\fP
-(e.g., \fBDisplayManager._0.authorize\fP)
-and consider which of them should be copied for the new display.
-The default \fIxdm-config\fP has all the appropriate lines for
-displays \fB:0\fP and \fB:1\fP.
-.SH "OTHER POSSIBILITIES"
-.PP
-You can use \fIxdm\fP
-to run a single session at a time, using the 4.3 \fIinit\fP
-options or other suitable daemon by specifying the server on the command
-line:
-.nf
-.ta .5i
-
- xdm \-server \(lq:0 SUN-3/60CG4 local BINDIR/X :0\(rq
-
-.fi
-.PP
-Or, you might have a file server and a collection of X terminals. The
-configuration for this is identical to the sample above,
-except the \fIXservers\fP file would look like
-.nf
-.ta .5i
-
- extol:0 VISUAL-19 foreign
- exalt:0 NCD-19 foreign
- explode:0 NCR-TOWERVIEW3000 foreign
-
-.fi
-.PP
-This directs
-.I xdm
-to manage sessions on all three of these terminals. See the section
-\fBControlling Xdm\fP for a description of using signals to enable
-and disable these terminals in a manner reminiscent of
-.IR init (__adminmansuffix__).
-.SH LIMITATIONS
-One thing that
-.I xdm
-isn't very good at doing is coexisting with other window systems. To use
-multiple window systems on the same hardware, you'll probably be more
-interested in
-.I xinit.
-.SH FILES
-.TP 20
-.I XDMDIR/xdm-config
-the default configuration file
-.TP 20
-.I $HOME/.Xauthority
-user authorization file where \fIxdm\fP stores keys for clients to read
-.TP 20
-.I CHOOSERPATH
-the default chooser
-.TP 20
-.I BINDIR/xrdb
-the default resource database loader
-.TP 20
-.I BINDIR/X
-the default server
-.TP 20
-.I BINDIR/xterm
-the default session program and failsafe client
-.TP 20
-.I XDMXAUTHDIR/A<display>\-<suffix>
-the default place for authorization files
-.TP 20
-.I /tmp/K5C<display>
-Kerberos credentials cache
-.SH "SEE ALSO"
-.IR X (__miscmansuffix__),
-.IR xinit (__appmansuffix__),
-.IR xauth (__appmansuffix__),
-.IR xrdb (__appmansuffix__),
-.IR Xsecurity (__miscmansuffix__),
-.IR sessreg (__appmansuffix__),
-.IR Xserver (__appmansuffix__),
-.\" .IR chooser (__appmansuffix__), \" except that there isn't a manual for it yet
-.IR xdmshell (__appmansuffix__),
-.IR fonts.conf (__filemansuffix__).
-.br
-.I "X Display Manager Control Protocol"
-.br
-.RI "IETF RFC 4291: " "IP Version 6 Addressing Architecture" .
-.SH AUTHOR
-Keith Packard, MIT X Consortium
diff --git a/xdmshell.man.cpp b/xdmshell.man.cpp
deleted file mode 100644
index 8f27193..0000000
--- a/xdmshell.man.cpp
+++ /dev/null
@@ -1,108 +0,0 @@
-.\" Copyright 1989 The Open Group
-.\"
-.\" Permission to use, copy, modify, distribute, and sell this software and its
-.\" documentation for any purpose is hereby granted without fee, provided that
-.\" the above copyright notice appear in all copies and that both that
-.\" copyright notice and this permission notice appear in supporting
-.\" documentation.
-.\"
-.\" The above copyright notice and this permission notice shall be included
-.\" in all copies or substantial portions of the Software.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-.\" OTHER DEALINGS IN THE SOFTWARE.
-.\"
-.\" Except as contained in this notice, the name of The Open Group shall
-.\" not be used in advertising or otherwise to promote the sale, use or
-.\" other dealings in this Software without prior written authorization
-.\" from The Open Group.
-.\"
-.\" Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-.\"
-.\" Permission is hereby granted, free of charge, to any person obtaining a
-.\" copy of this software and associated documentation files (the "Software"),
-.\" to deal in the Software without restriction, including without limitation
-.\" the rights to use, copy, modify, merge, publish, distribute, sublicense,
-.\" and/or sell copies of the Software, and to permit persons to whom the
-.\" Software is furnished to do so, subject to the following conditions:
-.\"
-.\" The above copyright notice and this permission notice (including the next
-.\" paragraph) shall be included in all copies or substantial portions of the
-.\" Software.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-.\" THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-.\" LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-.\" FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-.\" DEALINGS IN THE SOFTWARE.
-.\"
-.\"
-.TH XDMSHELL __appmansuffix__ __xorgversion__
-.SH NAME
-xdmshell \- shell for starting xdm on login
-.SH SYNOPSIS
-.B BINDIR/xdmshell
-.SH DESCRIPTION
-.I Xdmshell
-can be used on systems that are configured to start a console in text mode by
-default, to allow users to start the X display manager by logging in as a
-special user with the shell set to the xdmshell program.
-.LP
-Many servers set the keyboard to do non-blocking I/O under the assumption that
-they are the only programs attempting to read from the keyboard.
-Unfortunately, some versions of \fIgetty\fP(__adminmansuffix__) will
-immediately see a continuous stream of zero-length reads which they interpret
-as end-of-file indicators. Eventually, \fIinit\fP(__adminmansuffix__) will
-disable logins on that line until somebody types the following as root:
-.RS
-\# kill -HUP 1
-.RE
-.LP
-On some platforms, one alternative is to disable logins on the console
-and always run \fIxdm\fP(__appmansuffix__) from \fI/etc/inittab\fP.
-.LP
-Another approach is to set up an account whose shell is the \fIxdmshell\fP
-program found in the xdm distribution. This program is not installed by
-default so that site administrators will examine it to see if it meets their
-needs. The \fIxdmshell\fP utility makes sure that it is being run from the
-appropriate type of terminal, starts \fIxdm\fP, waits for it to finish, and
-then resets the console if necessary. If the \fIxdm\fP resources file
-(specified by the \fIDisplayManager*resources\fP entry in the
-\fIxdm-config\fP file) contains a binding to the \fIabort-display\fP action
-similar to the following
-.RS
-xlogin*login.translations: #override Ctrl<Key>R: abort-display()
-.RE
-the console can then by restored by pressing the indicated key
-(Control-R in the above example) in the \fIxdm\fP login window.
-.LP
-.ne 10
-The \fIxdmshell\fP program is usually
-installed setuid to root but executable only by members of a special group,
-of which the only member is the account which has \fIxdmshell\fP as its shell:
-.RS
-.nf
-% grep xdm /etc/passwd
-x::101:51:Account for starting up X:/tmp:BINDIR/xdmshell
-% grep 51 /etc/group
-xdmgrp:*:51:
-% ls -lg BINDIR/xdmshell
--rws--x--- 1 root xdmgrp 20338 Nov 1 01:32 BINDIR/xdmshell
-.fi
-.RE
-.LP
-If the \fIxdm\fP resources have not been configured to have a key bound to
-the \fIabort-display()\fP action, there will be no way for general users to
-login to the console directly. Whether or not this is desirable depends on
-the particular site.
-.SH "SEE ALSO"
-.IR X (__miscmansuffix__),
-.IR xdm (__appmansuffix__),
-.IR xinit (__appmansuffix__)
--
1.6.0.4
More information about the xorg-devel
mailing list