1 <!-- generated from ../../kdm/config.def - DO NOT EDIT! -->
3 <chapter id="kdm-files">
4 <title>The Files &kdm; Uses for Configuration</title>
6 <para>This chapter documents the files that control &kdm;'s behavior.
7 Some of this can be also controlled from the &kcontrol; module, but
11 <title>&kdmrc; - The &kdm; master configuration file</title>
13 <para>The basic format of the file is <quote>INI-like</quote>.
14 Options are key/value pairs, placed in sections.
15 Everything in the file is case sensitive.
16 Syntactic errors and unrecognized key/section identifiers cause &kdm; to
17 issue non-fatal error messages.</para>
19 <para>Lines beginning with <literal>#</literal> are comments; empty lines
20 are ignored as well.</para>
22 <para>Sections are denoted by
23 <literal>[</literal><replaceable>Name of Section</replaceable><literal>]</literal>.
26 <para>You can configure every X-display individually.</para>
27 <para>Every display has a display name, which consists of a host name
28 (which is empty for local displays specified in <option>StaticServers</option>
29 or <option>ReserveServers</option>), a colon, and a display number.
30 Additionally, a display belongs to a
31 display class (which can be ignored in most cases).</para>
33 <para>Sections with display-specific settings have the formal syntax
34 <literal>[X-</literal> <replaceable>host</replaceable> [ <literal>:</literal> <replaceable>number</replaceable> [ <literal>_</literal> <replaceable>class</replaceable> ] ] <literal>-</literal> <replaceable>sub-section</replaceable> <literal>]</literal>
36 <para>All sections with the same <replaceable>sub-section</replaceable>
37 make up a section class.</para>
39 <para>You can use the wildcard <literal>*</literal> (match any) for
40 <replaceable>host</replaceable>, <replaceable>number</replaceable>,
41 and <replaceable>class</replaceable>. You may omit trailing components;
42 they are assumed to be <literal>*</literal> then. The host part may be a
43 domain specification like <replaceable>.inf.tu-dresden.de</replaceable>
44 or the wildcard <literal>+</literal> (match non-empty).</para>
46 <para>From which section a setting is actually taken is determined by
51 <para>An exact match takes precedence over a partial match (for the
52 host part), which in turn takes precedence over a wildcard
53 (<literal>+</literal> taking precendence over <literal>*</literal>).</para>
57 <para>Precedence decreases from left to right for equally exact matches.</para>
63 Example: display name <quote>myhost.foo:0</quote>, class <quote>dpy</quote>
67 <para>[X-myhost.foo:0_dpy] precedes</para>
70 <para>[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes</para>
73 <para>[X-myhost.foo:*_dpy] precedes</para>
76 <para>[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes</para>
79 <para>[X-.foo:*_*] (same as [X-.foo]) precedes</para>
82 <para>[X-+:0_dpy] precedes</para>
85 <para>[X-*:0_dpy] precedes</para>
88 <para>[X-*:0_*] (same as [X-*:0]) precedes</para>
91 <para>[X-*:*_*] (same as [X-*]).</para>
94 <para>These sections do <emphasis>not</emphasis> match this display:</para>
95 <para>[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*]</para>
103 <para>Common sections are [X-*] (all displays), [X-:*] (all local displays)
104 and [X-:0] (the first local display).</para>
106 <para>The format for all keys is
107 <userinput><option><replaceable>key</replaceable></option> <literal>=</literal> <parameter>value</parameter></userinput>.
108 Keys are only valid in the section class they are defined for.
109 Some keys do not apply to particular displays, in which case they are ignored.
112 <para>If a setting is not found in any matching section, the default
115 <para>Special characters need to be backslash-escaped (leading and trailing
116 spaces (<literal>\s</literal>), tab (<literal>\t</literal>), linefeed
117 (<literal>\n</literal>), carriage return (<literal>\r</literal>) and the
118 backslash itself (<literal>\\</literal>)).</para>
119 <para>In lists, fields are separated with commas without whitespace in between.
121 <para>Some command strings are subject to simplified sh-style word splitting:
122 single quotes (<literal>'</literal>) and double quotes (<literal>"</literal>)
123 have the usual meaning; the backslash quotes everything (not only special
124 characters). Note that the backslashes need to be doubled because of the
125 two levels of quoting.</para>
127 <note><para>A pristine &kdmrc; is very thoroughly commented.
128 All comments will be lost if you change this file with the
129 kcontrol frontend.</para></note>
132 <sect2 id="kdmrc-general">
133 <title>The [General] section of &kdmrc;</title>
136 This section contains global options that do not fit into any specific section.
142 <term id="option-configversion"><option>ConfigVersion</option></term>
145 This option exists solely for the purpose of clean automatic upgrades.
146 <emphasis>Do not</emphasis> change it, you may interfere with future
147 upgrades and this could result in &kdm; failing to run.
153 <term id="option-staticservers"><option>StaticServers</option></term>
156 List of displays (&X-Server;s) permanently managed by &kdm;. Displays with a
157 hostname are foreign displays which are expected to be already running,
158 the others are local displays for which &kdm; starts an own &X-Server;;
159 see <option>ServerCmd</option>. Each display may belong to a display class;
160 append it to the display name separated by an underscore.
161 See <xref linkend="kdmrc-xservers"/> for the details.
163 <para>The default is <quote>:0</quote>.</para>
168 <term id="option-reserveservers"><option>ReserveServers</option></term>
171 List of on-demand displays. See <option>StaticServers</option> for syntax.
173 <para>Empty by default.</para>
178 <term id="option-servervts"><option>ServerVTs</option></term>
181 List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the
182 absolute value is used, and the <acronym>VT</acronym> will be allocated only
183 if the kernel says it is free. If &kdm; exhausts this list, it will allocate
184 free <acronym>VT</acronym>s greater than the absolute value of the last entry
186 Currently Linux only.
188 <para>Empty by default.</para>
193 <term id="option-consolettys"><option>ConsoleTTYs</option></term>
196 This option is for operating systems (<acronym>OS</acronym>s) with support
197 for virtual terminals (<acronym>VT</acronym>s), by both &kdm; and the
198 <acronym>OS</acronym>s itself.
199 Currently this applies only to Linux.
201 When &kdm; switches to console mode, it starts monitoring all
202 <acronym>TTY</acronym> lines listed here (without the leading
203 <literal>/dev/</literal>).
204 If none of them is active for some time, &kdm; switches back to the X login.
206 <para>Empty by default.</para>
211 <term id="option-pidfile"><option>PidFile</option></term>
214 The filename specified will be created to contain an ASCII representation
215 of the process ID of the main &kdm; process; the PID will not be stored
216 if the filename is empty.
218 <para>Empty by default.</para>
223 <term id="option-lockpidfile"><option>LockPidFile</option></term>
226 This option controls whether &kdm; uses file locking to keep multiple
227 display managers from running onto each other.
229 <para>The default is <quote>true</quote>.</para>
234 <term id="option-authdir"><option>AuthDir</option></term>
237 This names a directory under which &kdm; stores &X-Server; authorization
238 files while initializing the session. &kdm; expects the system to clean up
239 this directory from stale files on reboot.
241 The authorization file to be used for a particular display can be
242 specified with the <option>AuthFile</option> option in [X-*-Core].
244 <para>The default is <quote>/var/run/xauth</quote>.</para>
249 <term id="option-autorescan"><option>AutoRescan</option></term>
252 This boolean controls whether &kdm; automatically re-reads its
253 configuration files if it finds them to have changed.
255 <para>The default is <quote>true</quote>.</para>
260 <term id="option-exportlist"><option>ExportList</option></term>
263 Additional environment variables &kdm; should pass on to all programs it runs.
264 <envar>LD_LIBRARY_PATH</envar> and <envar>XCURSOR_THEME</envar> are good candidates;
265 otherwise, it should not be necessary very often.
267 <para>Empty by default.</para>
272 <term id="option-randomfile"><option>RandomFile</option></term>
275 If the system has no native entropy source like /dev/urandom (see
276 <option>RandomDevice</option>) and no entropy daemon like EGD (see
277 <option>PrngdSocket</option> and <option>PrngdPort</option>) is running,
278 &kdm; will fall back to its own pseudo-random number generator
279 that will, among other things, successively checksum parts of this file
280 (which, obviously, should change frequently).
282 This option does not exist on Linux and various BSDs.
284 <para>The default is <quote>/dev/mem</quote>.</para>
289 <term id="option-prngdsocket"><option>PrngdSocket</option></term>
292 If the system has no native entropy source like /dev/urandom (see
293 <option>RandomDevice</option>), read random data from a Pseudo-Random
294 Number Generator Daemon,
295 like EGD (http://egd.sourceforge.net) via this UNIX domain socket.
297 This option does not exist on Linux and various BSDs.
299 <para>Empty by default.</para>
304 <term id="option-prngdport"><option>PrngdPort</option></term>
307 Same as <option>PrngdSocket</option>, only use a TCP socket on localhost.
313 <term id="option-randomdevice"><option>RandomDevice</option></term>
316 The path to a character device which &kdm; should read random data from.
317 Empty means to use the system's preferred entropy device if there is one.
319 This option does not exist on OpenBSD, as it uses the arc4_random
322 <para>Empty by default.</para>
327 <term id="option-fifodir"><option>FifoDir</option></term>
330 The directory in which the command sockets should
331 be created; make it empty to disable them.
333 <para>The default is <quote>/var/run/xdmctl</quote>.</para>
338 <term id="option-fifogroup"><option>FifoGroup</option></term>
341 The group to which the global command socket should belong;
342 can be either a name or a numerical ID.
348 <term id="option-datadir"><option>DataDir</option></term>
351 The directory in which &kdm; should store persistent working data; such data
352 is, for example, the previous user that logged in on a particular display.
354 <para>The default is <quote>/var/lib/kdm</quote>.</para>
359 <term id="option-dmrcdir"><option>DmrcDir</option></term>
362 The directory in which &kdm; should store users' <filename>.dmrc</filename> files. This is only
363 needed if the home directories are not readable before actually logging in
366 <para>Empty by default.</para>
374 <sect2 id="kdmrc-xdmcp">
375 <title>The [Xdmcp] section of &kdmrc;</title>
378 This section contains options that control &kdm;'s handling of
385 <term id="option-enable"><option>Enable</option></term>
388 Whether &kdm; should listen to incoming &XDMCP; requests.
390 <para>The default is <quote>true</quote>.</para>
395 <term id="option-port"><option>Port</option></term>
398 This indicates the UDP port number which &kdm; uses to listen for incoming
399 &XDMCP; requests. Unless you need to debug the system, leave this with its
402 <para>The default is <quote>177</quote>.</para>
407 <term id="option-keyfile"><option>KeyFile</option></term>
410 XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private
411 key to be shared between &kdm; and the terminal. This option specifies
412 the file containing those values. Each entry in the file consists of a
413 display name and the shared key.
415 <para>Empty by default.</para>
420 <term id="option-xaccess"><option>Xaccess</option></term>
423 To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP;
424 IndirectQuery requests, this file contains a database of hostnames which
425 are either allowed direct access to this machine, or have a list of hosts
426 to which queries should be forwarded to. The format of this file is
427 described in <xref linkend="kdmrc-xaccess"/>.
429 <para>The default is <quote>${<envar>kde_confdir</envar>}/kdm/Xaccess</quote>.</para>
434 <term id="option-choicetimeout"><option>ChoiceTimeout</option></term>
437 Number of seconds to wait for the display to respond after the user has
438 selected a host from the chooser. If the display sends an &XDMCP;
439 IndirectQuery within this time, the request is forwarded to the chosen
440 host; otherwise, it is assumed to be from a new session and the chooser
443 <para>The default is <quote>15</quote>.</para>
448 <term id="option-removedomainname"><option>RemoveDomainname</option></term>
451 When computing the display name for &XDMCP; clients, the name resolver will
452 typically create a fully qualified host name for the terminal. As this is
453 sometimes confusing, &kdm; will remove the domain name portion of the host
454 name if it is the same as the domain name of the local host when this option
457 <para>The default is <quote>true</quote>.</para>
462 <term id="option-sourceaddress"><option>SourceAddress</option></term>
465 Use the numeric IP address of the incoming connection on multihomed hosts
466 instead of the host name. This is to avoid trying to connect on the wrong
467 interface which might be down at this time.
469 <para>The default is <quote>false</quote>.</para>
474 <term id="option-willing"><option>Willing</option></term>
477 This specifies a program which is run (as
478 <systemitem class="username">root</systemitem>) when an &XDMCP;
479 DirectQuery or BroadcastQuery is received and this host is configured
480 to offer &XDMCP; display management. The output of this program may be
481 displayed in a chooser window. If no program is specified, the string
482 <quote>Willing to manage</quote> is sent.
484 <para>Empty by default.</para>
492 <sect2 id="kdmrc-shutdown">
493 <title>The [Shutdown] section of &kdmrc;</title>
496 This section contains global options concerning system shutdown.
502 <term id="option-haltcmd"><option>HaltCmd</option></term>
505 The command (subject to word splitting) to run to halt/poweroff the system.
507 The default is something reasonable for the system on which &kdm; was built, like
508 <command>/sbin/shutdown <option>-h</option> <parameter>now</parameter></command>.
514 <term id="option-rebootcmd"><option>RebootCmd</option></term>
517 The command (subject to word splitting) to run to reboot the system.
519 The default is something reasonable for the system &kdm; on which was built, like
520 <command>/sbin/shutdown <option>-r</option> <parameter>now</parameter></command>.
526 <term id="option-allowfifo"><option>AllowFifo</option></term>
529 Whether it is allowed to shut down the system via the global command socket.
531 <para>The default is <quote>false</quote>.</para>
536 <term id="option-allowfifonow"><option>AllowFifoNow</option></term>
539 Whether it is allowed to abort active sessions when shutting down the
540 system via the global command socket.
542 This will have no effect unless <option>AllowFifo</option> is enabled.
544 <para>The default is <quote>true</quote>.</para>
549 <term id="option-bootmanager"><option>BootManager</option></term>
552 The boot manager &kdm; should use for offering boot options in the
557 <term><parameter>None</parameter></term>
558 <listitem><para>no boot manager</para></listitem>
561 <term><parameter>Grub</parameter></term>
562 <listitem><para>Grub boot manager</para></listitem>
565 <term><parameter>Lilo</parameter></term>
566 <listitem><para>Lilo boot manager (Linux on i386 & x86-64 only)</para></listitem>
569 <para>The default is <quote>None</quote>.</para>
577 <sect2 id="kdmrc-core">
578 <title>The [X-*-Core] section class of &kdmrc;</title>
581 This section class contains options concerning the configuration
582 of the &kdm; backend (core).
588 <term id="option-opendelay"><option>OpenDelay</option></term>
591 See <option>OpenRepeat</option>.
593 <para>The default is <quote>15</quote>.</para>
598 <term id="option-opentimeout"><option>OpenTimeout</option></term>
601 See <option>OpenRepeat</option>.
603 <para>The default is <quote>120</quote>.</para>
608 <term id="option-openrepeat"><option>OpenRepeat</option></term>
611 These options control the behavior of &kdm; when attempting to open a
612 connection to an &X-Server;. <option>OpenDelay</option> is the length
613 of the pause (in seconds) between successive attempts,
614 <option>OpenRepeat</option> is the number of attempts to make and
615 <option>OpenTimeout</option> is the amount of time to spend on a
616 connection attempt. After <option>OpenRepeat</option> attempts have been
617 made, or if <option>OpenTimeout</option> seconds elapse in any particular
618 connection attempt, the start attempt is considered failed.
620 <para>The default is <quote>5</quote>.</para>
625 <term id="option-startattempts"><option>StartAttempts</option></term>
628 How many times &kdm; should attempt to start a <literal>foreign</literal>
629 display listed in <option>StaticServers</option> before giving up
631 Local displays are attempted only once, and &XDMCP; displays are retried
632 indefinitely by the client (unless the option <option>-once</option>
633 was given to the &X-Server;).
635 <para>The default is <quote>4</quote>.</para>
640 <term id="option-serverattempts"><option>ServerAttempts</option></term>
643 How many times &kdm; should attempt to start up a local &X-Server;.
644 Starting up includes executing it and waiting for it to come up.
646 <para>The default is <quote>1</quote>.</para>
651 <term id="option-servertimeout"><option>ServerTimeout</option></term>
654 How many seconds &kdm; should wait for a local &X-Server; to come up.
656 <para>The default is <quote>15</quote>.</para>
661 <term id="option-servercmd"><option>ServerCmd</option></term>
664 The command line to start the &X-Server;, without display number and VT spec.
665 This string is subject to word splitting.
667 The default is something reasonable for the system on which &kdm; was built,
668 like <command>/usr/X11R6/bin/X</command>.
674 <term id="option-serverargslocal"><option>ServerArgsLocal</option></term>
677 Additional arguments for the &X-Server;s for local sessions.
678 This string is subject to word splitting.
680 <para>Empty by default.</para>
685 <term id="option-serverargsremote"><option>ServerArgsRemote</option></term>
688 Additional arguments for the &X-Server;s for remote sessions.
689 This string is subject to word splitting.
691 <para>Empty by default.</para>
696 <term id="option-servervt"><option>ServerVT</option></term>
699 The VT the &X-Server; should run on.
700 <option>ServerVTs</option> should be used instead of this option.
701 Leave it zero to let &kdm; assign a <acronym>VT</acronym> automatically.
702 Set it to <literal>-1</literal> to avoid assigning a <acronym>VT</acronym>
703 alltogether - this is required for setups with multiple physical consoles.
704 Currently Linux only.
710 <term id="option-servertty"><option>ServerTTY</option></term>
713 This option is for <acronym>OS</acronym>s without support for
714 <acronym>VT</acronym>s, either by &kdm; or the <acronym>OS</acronym> itself.
715 Currently this applies to all <acronym>OS</acronym>s but Linux.
717 When &kdm; switches to console mode, it starts monitoring this
718 <acronym>TTY</acronym> line (specified without the leading
719 <literal>/dev/</literal>) for activity. If the line is not used for some time,
720 &kdm; switches back to the X login.
722 <para>Empty by default.</para>
727 <term id="option-pinginterval"><option>PingInterval</option></term>
730 See <option>PingTimeout</option>.
732 <para>The default is <quote>5</quote>.</para>
737 <term id="option-pingtimeout"><option>PingTimeout</option></term>
740 To discover when <emphasis>remote</emphasis> displays disappear, &kdm;
741 regularly pings them.
742 <option>PingInterval</option> specifies the time (in minutes) between the
743 pings and <option>PingTimeout</option> specifies the maximum amount of
744 time (in minutes) to wait for the terminal to respond to the request. If
745 the terminal does not respond, the session is declared dead and terminated.
747 If you frequently use X terminals which can become isolated from
748 the managing host, you may wish to increase the timeout. The only worry
749 is that sessions will continue to exist after the terminal has been
750 accidentally disabled.
752 <para>The default is <quote>5</quote>.</para>
757 <term id="option-terminateserver"><option>TerminateServer</option></term>
760 Whether &kdm; should restart the local &X-Server; after session exit instead
761 of resetting it. Use this if the &X-Server; leaks memory or crashes the system
764 <para>The default is <quote>false</quote>.</para>
769 <term id="option-resetsignal"><option>ResetSignal</option></term>
772 The signal number to use to reset the local &X-Server;.
774 <para>The default is <quote>1 (SIGHUP)</quote>.</para>
779 <term id="option-termsignal"><option>TermSignal</option></term>
782 The signal number to use to terminate the local &X-Server;.
784 <para>The default is <quote>15 (SIGTERM)</quote>.</para>
789 <term id="option-authorize"><option>Authorize</option></term>
792 Controls whether &kdm; generates and uses authorization for
793 <emphasis>local</emphasis> &X-Server; connections.
794 For &XDMCP; displays the authorization requested by the display is used;
795 foreign non-&XDMCP; displays do not support authorization at all.
797 <para>The default is <quote>true</quote>.</para>
802 <term id="option-authnames"><option>AuthNames</option></term>
805 If <option>Authorize</option> is true, use the authorization mechanisms
806 listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available;
807 XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well,
808 depending on the build configuration.
810 <para>The default is <quote>DEF_AUTH_NAME</quote>.</para>
815 <term id="option-resetforauth"><option>ResetForAuth</option></term>
818 Some <emphasis>old</emphasis> &X-Server;s re-read the authorization file
819 at &X-Server; reset time, instead of when checking the initial connection.
820 As &kdm; generates the authorization information just before connecting to
821 the display, an old &X-Server; would not get up-to-date authorization
822 information. This option causes &kdm; to send SIGHUP to the &X-Server;
823 after setting up the file, causing an additional &X-Server; reset to occur,
824 during which time the new authorization information will be read.
826 <para>The default is <quote>false</quote>.</para>
831 <term id="option-authfile"><option>AuthFile</option></term>
834 This file is used to communicate the authorization data from &kdm; to
835 the &X-Server;, using the <option>-auth</option> &X-Server; command line
836 option. It should be kept in a directory which is not world-writable
837 as it could easily be removed, disabling the authorization mechanism in
838 the &X-Server;. If not specified, a random name is generated from
839 <option>AuthDir</option> and the name of the display.
841 <para>Empty by default.</para>
846 <term id="option-resources"><option>Resources</option></term>
849 This option specifies the name of the file to be loaded by
850 <command>xrdb</command> as the resource database onto the root window
851 of screen 0 of the display. KDE programs generally do not use
852 X-resources, so this option is only needed if the <option>Setup</option>
853 program needs some X-resources.
855 <para>Empty by default.</para>
860 <term id="option-xrdb"><option>Xrdb</option></term>
863 The <command>xrdb</command> program to use to read the X-resources file
864 specified in <option>Recources</option>.
865 The command is subject to word splitting.
867 <para>The default is <quote>${<envar>x_bindir</envar>}/xrdb</quote>.</para>
872 <term id="option-setup"><option>Setup</option></term>
875 This string is subject to word splitting.
876 It specifies a program which is run (as
877 <systemitem class="username">root</systemitem>) before offering the
878 greeter window. This may be used to change the appearance of the screen
879 around the greeter window or to put up other windows (e.g., you may want
880 to run <command>xconsole</command> here).
881 The conventional name for a file used here is <command>Xsetup</command>.
882 See <xref linkend="kdmrc-xsetup"/>.
884 <para>Empty by default.</para>
889 <term id="option-startup"><option>Startup</option></term>
892 This string is subject to word splitting.
893 It specifies a program which is run (as
894 <systemitem class="username">root</systemitem>) after the user
895 authentication process succeeds.
896 The conventional name for a file used here is <command>Xstartup</command>.
897 See <xref linkend="kdmrc-xstartup"/>.
899 <para>Empty by default.</para>
904 <term id="option-reset"><option>Reset</option></term>
907 This string is subject to word splitting.
908 It specifies a program which is run (as
909 <systemitem class="username">root</systemitem>) after the session
911 The conventional name for a file used here is <command>Xreset</command>.
912 See <xref linkend="kdmrc-xreset"/>.
914 <para>Empty by default.</para>
919 <term id="option-session"><option>Session</option></term>
922 This string is subject to word splitting.
923 It specifies the session program to be executed (as the user owning
925 The conventional name for a file used here is <command>Xsession</command>.
926 See <xref linkend="kdmrc-xsession"/>.
928 <para>The default is <quote>${<envar>x_bindir</envar>}/xterm -ls -T</quote>.</para>
933 <term id="option-failsafeclient"><option>FailsafeClient</option></term>
936 If the <option>Session</option> program fails to execute, &kdm; will
937 fall back to this program. This program is executed with no arguments,
938 but executes using the same environment variables as the session would
939 have had (see <xref linkend="kdmrc-xsession"/>).
941 <para>The default is <quote>${<envar>x_bindir</envar>}/xterm</quote>.</para>
946 <term id="option-userpath"><option>UserPath</option></term>
949 The <envar>PATH</envar> environment variable for
950 non-<systemitem class="username">root</systemitem> <option>Session</option>s.
952 The default depends on the system &kdm; was built on.
958 <term id="option-systempath"><option>SystemPath</option></term>
961 The <envar>PATH</envar> environment variable for all programs but
962 non-<systemitem class="username">root</systemitem>
963 <option>Session</option>s. Note that it is good practice not to include
964 <literal>.</literal> (the current directory) into this entry.
966 The default depends on the system &kdm; was built on.
972 <term id="option-systemshell"><option>SystemShell</option></term>
975 The <envar>SHELL</envar> environment variable for all programs but the
976 <option>Session</option>.
978 <para>The default is <quote>/bin/sh</quote>.</para>
983 <term id="option-userauthdir"><option>UserAuthDir</option></term>
986 When &kdm; is unable to write to the usual user authorization file
987 ($<envar>HOME</envar>/.Xauthority), it creates a unique file name in this
988 directory and points the environment variable <envar>XAUTHORITY</envar>
991 <para>The default is <quote>/tmp</quote>.</para>
996 <term id="option-forceuserauthdir"><option>ForceUserAuthDir</option></term>
999 If true, <option>UserAuthDir</option> will be used unconditionally.
1001 <para>The default is <quote>false</quote>.</para>
1006 <term id="option-autorelogin"><option>AutoReLogin</option></term>
1009 If enabled, &kdm; will automatically restart a session after an &X-Server;
1010 crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this
1011 feature opens a security hole: a secured display lock can be circumvented
1012 (unless &kde;'s built-in screen locker is used).
1014 <para>The default is <quote>false</quote>.</para>
1019 <term id="option-allowrootlogin"><option>AllowRootLogin</option></term>
1022 If disabled, do not allow <systemitem class="username">root</systemitem>
1023 (and any other user with UID = 0) to log in directly.
1025 <para>The default is <quote>true</quote>.</para>
1030 <term id="option-allownullpasswd"><option>AllowNullPasswd</option></term>
1033 If disabled, only users that have passwords assigned can log in.
1035 <para>The default is <quote>true</quote>.</para>
1040 <term id="option-allowshutdown"><option>AllowShutdown</option></term>
1043 Who is allowed to shut down the system. This applies both to the
1044 greeter and to the command sockets.
1048 <term><parameter>None</parameter></term>
1049 <listitem><para>no <guilabel>Shutdown...</guilabel> menu entry is shown at all</para></listitem>
1052 <term><parameter>Root</parameter></term>
1053 <listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down</para></listitem>
1056 <term><parameter>All</parameter></term>
1057 <listitem><para>everybody can shut down the machine</para></listitem>
1060 <para>The default is <quote>All</quote>.</para>
1065 <term id="option-allowsdforcenow"><option>AllowSdForceNow</option></term>
1068 Who is allowed to abort active sessions when shutting down.
1072 <term><parameter>None</parameter></term>
1073 <listitem><para>no forced shutdown is allowed at all</para></listitem>
1076 <term><parameter>Root</parameter></term>
1077 <listitem><para>the <systemitem class="username">root</systemitem> password must be entered to shut down forcibly</para></listitem>
1080 <term><parameter>All</parameter></term>
1081 <listitem><para>everybody can shut down the machine forcibly</para></listitem>
1084 <para>The default is <quote>All</quote>.</para>
1089 <term id="option-defaultsdmode"><option>DefaultSdMode</option></term>
1092 The default choice for the shutdown condition/timing.
1096 <term><parameter>Schedule</parameter></term>
1097 <listitem><para>shut down after all active sessions exit (possibly at once)</para></listitem>
1100 <term><parameter>TryNow</parameter></term>
1101 <listitem><para>shut down, if no active sessions are open; otherwise, do nothing</para></listitem>
1104 <term><parameter>ForceNow</parameter></term>
1105 <listitem><para>shut down unconditionally</para></listitem>
1108 <para>The default is <quote>Schedule</quote>.</para>
1113 <term id="option-scheduledsd"><option>ScheduledSd</option></term>
1116 How to offer shutdown scheduling options:
1120 <term><parameter>Never</parameter></term>
1121 <listitem><para>not at all</para></listitem>
1124 <term><parameter>Optional</parameter></term>
1125 <listitem><para>as a button in the simple shutdown dialogs</para></listitem>
1128 <term><parameter>Always</parameter></term>
1129 <listitem><para>instead of the simple shutdown dialogs</para></listitem>
1132 <para>The default is <quote>Never</quote>.</para>
1137 <term id="option-nopassenable"><option>NoPassEnable</option></term>
1140 Enable password-less logins on this display. <emphasis>Use with extreme care!</emphasis>
1142 <para>The default is <quote>false</quote>.</para>
1147 <term id="option-nopassusers"><option>NoPassUsers</option></term>
1150 The users that do not need to provide a password to log in.
1151 Items which are prefixed with <literal>@</literal> represent all users in the
1152 user group named by that item.
1153 <literal>*</literal> means all users but
1154 <systemitem class="username">root</systemitem>
1155 (and any other user with UID = 0).
1156 <emphasis>Never</emphasis> list <systemitem class="username">root</systemitem>.
1158 <para>Empty by default.</para>
1163 <term id="option-autologinenable"><option>AutoLoginEnable</option></term>
1166 Enable automatic login. <emphasis>Use with extreme care!</emphasis>
1168 <para>The default is <quote>false</quote>.</para>
1173 <term id="option-autologinagain"><option>AutoLoginAgain</option></term>
1176 If true, auto-login after logout. If false, auto-login is performed only
1177 when a display session starts up.
1179 <para>The default is <quote>false</quote>.</para>
1184 <term id="option-autologindelay"><option>AutoLoginDelay</option></term>
1187 The delay in seconds before automatic login kicks in. This is also known as
1188 <quote>Timed Login</quote>.
1194 <term id="option-autologinuser"><option>AutoLoginUser</option></term>
1197 The user to log in automatically. <emphasis>Never</emphasis> specify <systemitem class="username">root</systemitem>!
1199 <para>Empty by default.</para>
1204 <term id="option-autologinpass"><option>AutoLoginPass</option></term>
1207 The password for the user to log in automatically. This is <emphasis>not</emphasis> required
1208 unless the user is logged into a <acronym>NIS</acronym> or Kerberos domain. If you use this
1209 option, you should <command>chmod <option>600</option> <filename>kdmrc</filename></command> for obvious reasons.
1211 <para>Empty by default.</para>
1216 <term id="option-autologinlocked"><option>AutoLoginLocked</option></term>
1219 Immediately lock the automatically started session. This works only with
1222 <para>The default is <quote>false</quote>.</para>
1227 <term id="option-sessionsdirs"><option>SessionsDirs</option></term>
1230 A list of directories containing session type definitions.
1232 <para>The default is <quote>${<envar>kde_datadir</envar>}/kdm/sessions</quote>.</para>
1237 <term id="option-clientlogfile"><option>ClientLogFile</option></term>
1240 The file (relative to the user's home directory) to redirect the session
1243 The following character pairs are replaced by their value:
1246 <term><parameter>%d</parameter></term>
1247 <listitem><para>name of the current display</para></listitem>
1250 <term><parameter>%u</parameter></term>
1251 <listitem><para>login name of the current user</para></listitem>
1254 <term><parameter>%r</parameter></term>
1255 <listitem><para>empty at first. See below.</para></listitem>
1258 <term><parameter>%%</parameter></term>
1259 <listitem><para>a single <literal>%</literal></para></listitem>
1262 When the constructed filename cannot be used safely and the specification
1264 <literal>%</literal><replaceable>stuff</replaceable><literal>r</literal>,
1265 other names will be tried - this time expanding
1266 <literal>%</literal><replaceable>stuff</replaceable><literal>r</literal>
1267 to <replaceable>stuff</replaceable> followed by a random number.
1269 <para>The default is <quote>.xsession-errors</quote>.</para>
1274 <term id="option-clientlogfallback"><option>ClientLogFallback</option></term>
1277 Fallback when <option>ClientLogFile</option> cannot be used. The same expansions are
1278 supported. <emphasis>Do not</emphasis> use relative paths here.
1280 <para>The default is <quote>/tmp/xerr-%u-%d%-r</quote>.</para>
1285 <term id="option-usesessreg"><option>UseSessReg</option></term>
1288 Specify whether &kdm;'s built-in utmp/wtmp/lastlog registration should
1289 be used. If it is not, the tool <command>sessreg</command> should be used
1290 in the <option>Startup</option> and <option>Reset</option> scripts, or,
1291 alternatively, the pam_lastlog module should be used on
1292 <acronym>PAM</acronym>-enabled systems.
1294 <para>The default is <quote>true</quote>.</para>
1302 <sect2 id="kdmrc-greeter">
1303 <title>The [X-*-Greeter] section class of &kdmrc;</title>
1306 This section class contains options concerning the configuration
1307 of the &kdm; frontend (greeter).
1313 <term id="option-guistyle"><option>GUIStyle</option></term>
1316 Specify the widget style for the greeter. Empty means to use the
1317 built-in default which currently is <literal>Plastik</literal>.
1319 <para>Empty by default.</para>
1324 <term id="option-colorscheme"><option>ColorScheme</option></term>
1327 Specify the widget color scheme for the greeter. Empty means to use
1328 the built-in default which currently is yellowish grey with some light
1329 blue and yellow elements.
1331 <para>Empty by default.</para>
1336 <term id="option-logoarea"><option>LogoArea</option></term>
1339 What should be shown in the greeter righthand of the input lines (if
1340 <option>UserList</option> is disabled) or above them (if
1341 <option>UserList</option> is enabled):
1345 <term><parameter>None</parameter></term>
1346 <listitem><para>nothing</para></listitem>
1349 <term><parameter>Logo</parameter></term>
1350 <listitem><para>the image specified by <option>LogoPixmap</option></para></listitem>
1353 <term><parameter>Clock</parameter></term>
1354 <listitem><para>a neat analog clock</para></listitem>
1357 <para>The default is <quote>Clock</quote>.</para>
1362 <term id="option-logopixmap"><option>LogoPixmap</option></term>
1365 The image to show in the greeter if <option>LogoArea</option> is
1366 <literal>Logo</literal>.
1368 <para>Empty by default.</para>
1373 <term id="option-greeterpos"><option>GreeterPos</option></term>
1376 The relative coordinates (percentages of the screen size; X,Y) at which
1377 the center of the greeter is put. &kdm; aligns the greeter to the edges
1378 of the screen it would cross otherwise.
1380 <para>The default is <quote>50,50</quote>.</para>
1385 <term id="option-greeterscreen"><option>GreeterScreen</option></term>
1388 The screen the greeter should be displayed on in multi-headed and Xinerama
1389 setups. The numbering starts with 0. For Xinerama, it corresponds to the
1390 listing order in the active ServerLayout section of XF86Config; -1 means
1391 to use the upper-left screen, -2 means to use the upper-right screen.
1397 <term id="option-greetstring"><option>GreetString</option></term>
1400 The headline in the greeter. An empty greeting means none at all.
1402 The following character pairs are replaced by their value:
1405 <term><parameter>%d</parameter></term>
1406 <listitem><para>name of the current display</para></listitem>
1409 <term><parameter>%h</parameter></term>
1410 <listitem><para>local host name, possibly with the
1411 domain name</para></listitem>
1414 <term><parameter>%n</parameter></term>
1415 <listitem><para>local node name, most probably the host name without the
1416 domain name</para></listitem>
1419 <term><parameter>%s</parameter></term>
1420 <listitem><para>operating system</para></listitem>
1423 <term><parameter>%r</parameter></term>
1424 <listitem><para>operating system version</para></listitem>
1427 <term><parameter>%m</parameter></term>
1428 <listitem><para>machine (hardware) type</para></listitem>
1431 <term><parameter>%%</parameter></term>
1432 <listitem><para>a single <literal>%</literal></para></listitem>
1436 <para>The default is <quote>Welcome to %s at %n</quote>.</para>
1441 <term id="option-antialiasing"><option>AntiAliasing</option></term>
1444 Whether the fonts used in the greeter should be antialiased.
1446 <para>The default is <quote>false</quote>.</para>
1451 <term id="option-greetfont"><option>GreetFont</option></term>
1454 The font for the greeter headline.
1456 <para>The default is <quote>Serif,20,bold</quote>.</para>
1461 <term id="option-stdfont"><option>StdFont</option></term>
1464 The normal font used in the greeter.
1466 <para>The default is <quote>Sans Serif,10</quote>.</para>
1471 <term id="option-failfont"><option>FailFont</option></term>
1474 The font used for the <quote>Login Failed</quote> message.
1476 <para>The default is <quote>Sans Serif,10,bold</quote>.</para>
1481 <term id="option-numlock"><option>NumLock</option></term>
1484 What to do with the Num Lock modifier for the time the greeter is running:
1488 <term><parameter>Off</parameter></term>
1489 <listitem><para>turn off</para></listitem>
1492 <term><parameter>On</parameter></term>
1493 <listitem><para>turn on</para></listitem>
1496 <term><parameter>Keep</parameter></term>
1497 <listitem><para>do not change the state</para></listitem>
1500 <para>The default is <quote>Keep</quote>.</para>
1505 <term id="option-language"><option>Language</option></term>
1508 Language and locale to use in the greeter, encoded like $<envar>LC_LANG</envar>.
1510 <para>The default is <quote>en_US</quote>.</para>
1515 <term id="option-usercompletion"><option>UserCompletion</option></term>
1518 Enable autocompletion in the username line edit.
1520 <para>The default is <quote>false</quote>.</para>
1525 <term id="option-userlist"><option>UserList</option></term>
1528 Show a user list with unix login names, real names, and images in the greeter.
1530 <para>The default is <quote>true</quote>.</para>
1535 <term id="option-showusers"><option>ShowUsers</option></term>
1538 This option controls which users will be shown in the user view
1539 (<option>UserList</option>) and/or offered for autocompletion
1540 (<option>UserCompletion</option>).
1541 If it is <literal>Selected</literal>, <option>SelectedUsers</option> contains
1542 the final list of users.
1543 If it is <literal>NotHidden</literal>, the initial user list are all users
1544 found on the system. Users contained in <option>HiddenUsers</option> are
1545 removed from the list, just like all users with a UID greater than specified
1546 in <option>MaxShowUID</option> and users with a non-zero UID less than
1547 specified in <option>MinShowUID</option>.
1548 Items in <option>SelectedUsers</option> and <option>HiddenUsers</option>
1549 which are prefixed with <literal>@</literal> represent all users in the
1550 user group named by that item.
1551 Finally, the user list will be sorted alphabetically, if
1552 <option>SortUsers</option> is enabled.
1554 <para>The default is <quote>NotHidden</quote>.</para>
1559 <term id="option-selectedusers"><option>SelectedUsers</option></term>
1562 See <option>ShowUsers</option>.
1564 <para>Empty by default.</para>
1569 <term id="option-hiddenusers"><option>HiddenUsers</option></term>
1572 See <option>ShowUsers</option>.
1574 <para>Empty by default.</para>
1579 <term id="option-minshowuid"><option>MinShowUID</option></term>
1582 See <option>ShowUsers</option>.
1588 <term id="option-maxshowuid"><option>MaxShowUID</option></term>
1591 See <option>ShowUsers</option>.
1593 <para>The default is <quote>65535</quote>.</para>
1598 <term id="option-sortusers"><option>SortUsers</option></term>
1601 See <option>ShowUsers</option>.
1603 <para>The default is <quote>true</quote>.</para>
1608 <term id="option-facesource"><option>FaceSource</option></term>
1611 If <option>UserList</option> is enabled, this specifies where &kdm; gets the
1616 <term><parameter>AdminOnly</parameter></term>
1617 <listitem><para>from <filename><<option>FaceDir</option>>/$<envar>USER</envar>.face[.icon]</filename></para></listitem>
1620 <term><parameter>PreferAdmin</parameter></term>
1621 <listitem><para>prefer <<option>FaceDir</option>>, fallback on $<envar>HOME</envar></para></listitem>
1624 <term><parameter>PreferUser</parameter></term>
1625 <listitem><para>... and the other way round</para></listitem>
1628 <term><parameter>UserOnly</parameter></term>
1629 <listitem><para>from the user's <filename>$<envar>HOME</envar>/.face[.icon]</filename></para></listitem>
1634 The images can be in any format Qt recognizes, but the filename
1635 must match &kdm;'s expectations: <literal>.face.icon</literal> should be a
1636 48x48 icon, while <literal>.face</literal> should be a 300x300 image.
1637 Currently the big image is used only as a fallback and is scaled down,
1638 but in the future it might be displayed full-size in the logo area or a
1641 <para>The default is <quote>AdminOnly</quote>.</para>
1646 <term id="option-facedir"><option>FaceDir</option></term>
1649 See <option>FaceSource</option>.
1651 <para>The default is <quote>${<envar>kde_datadir</envar>}/kdm/faces</quote>.</para>
1656 <term id="option-preselectuser"><option>PreselectUser</option></term>
1659 Specify, if/which user should be preselected for log in:
1663 <term><parameter>None</parameter></term>
1664 <listitem><para>do not preselect any user</para></listitem>
1667 <term><parameter>Previous</parameter></term>
1668 <listitem><para>the user which successfully logged in last time</para></listitem>
1671 <term><parameter>Default</parameter></term>
1672 <listitem><para>the user specified in the <option>DefaultUser</option> option</para></listitem>
1677 If <option>FocusPasswd</option> is enabled and a user was preselected,
1678 the cursor is placed in the password input field automatically.
1680 <note><para>Enabling user preselection can be considered a security hole,
1681 as it presents a valid login name to a potential attacker, so he
1682 <quote>only</quote> needs to guess the password. On the other hand,
1683 one could set <option>DefaultUser</option> to a fake login name.</para></note>
1686 <para>The default is <quote>None</quote>.</para>
1691 <term id="option-defaultuser"><option>DefaultUser</option></term>
1694 See <option>PreselectUser</option>.
1696 <para>Empty by default.</para>
1701 <term id="option-focuspasswd"><option>FocusPasswd</option></term>
1704 See <option>PreselectUser</option>.
1706 <para>The default is <quote>false</quote>.</para>
1711 <term id="option-echopasswd"><option>EchoPasswd</option></term>
1714 If this is true, the entered password is echoed as bullets. Otherwise,
1715 no feedback is given at all.
1717 <para>The default is <quote>true</quote>.</para>
1722 <term id="option-usebackground"><option>UseBackground</option></term>
1725 If enabled, &kdm; will automatically start the <command>krootimage</command>
1726 program to set up the background; otherwise, the <option>Setup</option>
1727 program is responsible for the background.
1729 <para>The default is <quote>true</quote>.</para>
1734 <term id="option-backgroundcfg"><option>BackgroundCfg</option></term>
1737 The configuration file to be used by <command>krootimage</command>.
1738 It contains a section named <literal>[Desktop0]</literal> like
1739 <filename>kdesktoprc</filename> does. Its options are not described
1740 herein; guess their meanings or use the control center.
1742 <para>The default is <quote>${<envar>kde_confdir</envar>}/kdm/backgroundrc</quote>.</para>
1747 <term id="option-grabserver"><option>GrabServer</option></term>
1750 To improve security, the greeter grabs the &X-Server; and then the keyboard
1751 when it starts up. This option specifies if the &X-Server; grab should be held
1752 for the duration of the name/password reading. When disabled, the &X-Server;
1753 is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is
1754 grabbed until just before the session begins.
1756 <note><para>Enabling this option disables <option>UseBackground</option> and
1757 <option>Setup</option>.</para></note>
1760 <para>The default is <quote>false</quote>.</para>
1765 <term id="option-grabtimeout"><option>GrabTimeout</option></term>
1768 This option specifies the maximum time &kdm; will wait for the grabs to
1769 succeed. A grab may fail if some other X-client has the &X-Server; or the
1770 keyboard grabbed, or possibly if the network latencies are very high. You
1771 should be cautious when raising the timeout, as a user can be spoofed by
1772 a look-alike window on the display. If a grab fails, &kdm; kills and
1773 restarts the &X-Server; (if possible) and the session.
1775 <para>The default is <quote>3</quote>.</para>
1780 <term id="option-authcomplain"><option>AuthComplain</option></term>
1783 Warn, if a display has no X-authorization. This will be the case if
1786 the authorization file for a local &X-Server; could not be created,
1789 a remote display from &XDMCP; did not request any authorization or
1792 the display is a <quote>foreign</quote> display specified in
1793 <option>StaticServers</option>.
1797 <para>The default is <quote>true</quote>.</para>
1802 <term id="option-loginmode"><option>LoginMode</option></term>
1805 Specify whether the greeter of local displays should start up in host chooser
1806 (remote) or login (local) mode and whether it is allowed to switch to the
1811 <term><parameter>LocalOnly</parameter></term>
1812 <listitem><para>only local login possible</para></listitem>
1815 <term><parameter>DefaultLocal</parameter></term>
1816 <listitem><para>start up in local mode, but allow switching to remote mode</para></listitem>
1819 <term><parameter>DefaultRemote</parameter></term>
1820 <listitem><para>... and the other way round</para></listitem>
1823 <term><parameter>RemoteOnly</parameter></term>
1824 <listitem><para>only choice of remote host possible</para></listitem>
1827 <para>The default is <quote>LocalOnly</quote>.</para>
1832 <term id="option-chooserhosts"><option>ChooserHosts</option></term>
1835 A list of hosts to be automatically added to the remote login menu.
1836 The special name <literal>*</literal> means broadcast.
1837 Has no effect if <option>LoginMode</option> is <literal>LocalOnly</literal>.
1839 <para>The default is <quote>*</quote>.</para>
1844 <term id="option-forgingseed"><option>ForgingSeed</option></term>
1847 Use this number as a random seed when forging saved session types, etc. of
1848 unknown users. This is used to avoid telling an attacker about existing users
1849 by reverse conclusion. This value should be random but constant across the
1856 <term id="option-showlog"><option>ShowLog</option></term>
1859 Enable &kdm;'s built-in <command>xconsole</command>.
1860 Note that this can be enabled for only one display at a time.
1861 This option is available only if &kdm; was <command>configure</command>d
1862 with <option>--enable-kdm-xconsole</option>.
1864 <para>The default is <quote>false</quote>.</para>
1869 <term id="option-logsource"><option>LogSource</option></term>
1872 The data source for &kdm;'s built-in <command>xconsole</command>.
1873 If empty, a console log redirection is requested from
1874 <filename>/dev/console</filename>.
1875 Has no effect if <option>ShowLog</option> is disabled.
1877 <para>Empty by default.</para>
1882 <term id="option-pluginslogin"><option>PluginsLogin</option></term>
1885 Specify conversation plugins for the login dialog; the first in the list
1886 is selected initially.
1887 Each plugin can be specified as a base name (which expands to
1888 <filename>$<envar>kde_modulesdir</envar>/kgreet_<replaceable>base</replaceable></filename>)
1889 or as a full pathname.
1891 Conversation plugins are modules for the greeter which obtain authentication
1892 data from the user. Currently only the <literal>classic</literal> plugin is
1893 shipped with &kde;; it presents the well-known username and password form.
1895 <para>The default is <quote>classic</quote>.</para>
1900 <term id="option-pluginsshutdown"><option>PluginsShutdown</option></term>
1903 Same as <option>PluginsLogin</option>, but for the shutdown dialog.
1905 <para>The default is <quote>classic</quote>.</para>
1910 <term id="option-pluginoptions"><option>PluginOptions</option></term>
1913 A list of options of the form
1914 <replaceable>Key</replaceable><literal>=</literal><replaceable>Value</replaceable>.
1915 The conversation plugins can query these settings; it is up to them what
1918 <para>Empty by default.</para>
1923 <term id="option-allowconsole"><option>AllowConsole</option></term>
1926 Show the <guilabel>Console Login</guilabel> action in the greeter (if <option>ServerTTY</option>/<option>ConsoleTTYs</option>
1929 <para>The default is <quote>true</quote>.</para>
1934 <term id="option-allowclose"><option>AllowClose</option></term>
1937 Show the <guilabel>Restart X Server</guilabel>/<guilabel>Close Connection</guilabel> action in the greeter.
1939 <para>The default is <quote>true</quote>.</para>
1944 <term id="option-preloader"><option>Preloader</option></term>
1947 A program to run while the greeter is visible. It is supposed to preload
1948 as much as possible of the session that is going to be started (most
1951 <para>Empty by default.</para>
1956 <term id="option-usetheme"><option>UseTheme</option></term>
1959 Whether the greeter should be themed.
1961 <para>The default is <quote>false</quote>.</para>
1966 <term id="option-theme"><option>Theme</option></term>
1969 The theme to use for the greeter. Can point to either a directory or an XML
1972 <para>Empty by default.</para>
1983 <sect1 id="kdmrc-xservers">
1984 <title>Specifying permanent &X-Server;s</title>
1986 <para>Each entry in the <option>StaticServers</option> list indicates a
1987 display which should constantly be
1988 managed and which is not using &XDMCP;. This method is typically used only for
1989 local &X-Server;s that are started by &kdm;, but &kdm; can manage externally
1990 started (<quote>foreign</quote>) &X-Server;s as well, may they run on the
1991 local machine or rather remotely.</para>
1993 <para>The formal syntax of a specification is
1995 <userinput><replaceable>display name</replaceable> [<literal>_</literal><replaceable>display class</replaceable>]</userinput>
1997 for all &X-Server;s. <quote>Foreign</quote> displays differ in having
1998 a host name in the display name, may it be <literal>localhost</literal>.</para>
2000 <para>The <replaceable>display name</replaceable> must be something that can
2001 be passed in the <option>-display</option> option to an X program. This string
2002 is used to generate the display-specific section names, so be careful to match
2004 The display name of &XDMCP; displays is derived from the display's address by
2005 reverse host name resolution. For configuration purposes, the
2006 <literal>localhost</literal> prefix from locally running &XDMCP; displays is
2007 <emphasis>not</emphasis> stripped to make them distinguishable from local
2008 &X-Server;s started by &kdm;.</para>
2010 <para>The <replaceable>display class</replaceable> portion is also used in the
2011 display-specific sections. This is useful if you have a large collection of
2012 similar displays (such as a corral of X terminals) and would like to set
2013 options for groups of them.
2014 When using &XDMCP;, the display is required to specify the display class,
2015 so the manual for your particular X terminal should document the display
2016 class string for your device. If it does not, you can run &kdm; in debug
2017 mode and <command>grep</command> the log for <quote>class</quote>.</para>
2019 <para>The displays specified in <option>ReserveServers</option> will not be
2020 started when &kdm; starts up, but when it is explicitly requested via
2022 If reserve displays are specified, the &kde; menu will have a
2023 <guilabel>Start New Session</guilabel> item near the bottom; use that to
2024 activate a reserve display with a new login session. The monitor will switch
2025 to the new display, and you will have a minute to login. If there are no more
2026 reserve displays available, the menu item will be disabled.</para>
2028 <para>When &kdm; starts a session, it sets up authorization data for the
2029 &X-Server;. For local servers, &kdm; passes
2030 <command><option>-auth</option> <filename><replaceable>filename</replaceable></filename></command>
2031 on the &X-Server;'s command line to point it at its authorization data.
2032 For &XDMCP; displays, &kdm; passes the authorization data to the &X-Server;
2033 via the <quote>Accept</quote> &XDMCP; message.</para>
2037 <sect1 id="kdmrc-xaccess">
2038 <title>&XDMCP; access control</title>
2040 <para>The file specified by the <option>AccessFile</option> option provides
2041 information which &kdm; uses to control access from displays requesting service
2043 The file contains four types of entries: entries which control the response
2044 to <quote>Direct</quote> and <quote>Broadcast</quote> queries, entries which
2045 control the response to <quote>Indirect</quote> queries, macro definitions,
2046 and entries which control on which network interfaces &kdm; listens for &XDMCP;
2048 Blank lines are ignored, <literal>#</literal> is treated as a comment
2049 delimiter causing the rest of that line to be ignored, and <literal>\</literal>
2050 causes an immediately following newline to be ignored, allowing host lists
2051 to span multiple lines.
2054 <para>The format of the <quote>Direct</quote> entries is simple, either a
2055 host name or a pattern, which is compared against the host name of the display
2056 device. Alternatively, a macro may be used to make the entry match everything
2057 the macro expands to.
2058 Patterns are distinguished from host names by the inclusion of one or more
2059 meta characters; <literal>*</literal> matches any sequence of 0 or more
2060 characters, and <literal>?</literal> matches any single character.
2061 If the entry is a host name, all comparisons are done using network addresses,
2062 so any name which converts to the correct network address may be used. Note
2063 that only the first network address returned for a host name is used.
2064 For patterns, only canonical host names are used in the comparison, so ensure
2065 that you do not attempt to match aliases.
2066 Host names from &XDMCP; queries always contain the local domain name
2067 even if the reverse lookup returns a short name, so you can use
2068 patterns for the local domain.
2069 Preceding the entry with a <literal>!</literal> character causes hosts which
2070 match that entry to be excluded. Preceding it with an <literal>=</literal> has
2071 no effect but is required when specifying a macro to distinguish the entry
2072 from a macro definition.
2073 To only respond to <quote>Direct</quote> queries for a host or pattern,
2074 it can be followed by the optional <literal>NOBROADCAST</literal> keyword.
2075 This can be used to prevent a &kdm; server from appearing on menus based on
2076 <quote>Broadcast</quote> queries.</para>
2078 <para>An <quote>Indirect</quote> entry also contains a host name, pattern or
2079 macro, but follows it with a list of host names or macros to which the queries
2080 should be forwarded. <quote>Indirect</quote> entries can be excluding as well,
2081 in which case a (valid) dummy host name must be supplied to make the entry
2082 distinguishable from a <quote>Direct</quote> entry.
2083 If compiled with IPv6 support, multicast address groups may also be included
2084 in the list of addresses the queries are forwarded to.
2085 <!-- Not actually implemented!
2086 Multicast addresses may be followed by an optional <literal>/</literal>
2087 character and hop count. If no hop count is specified, the multicast hop count
2088 defaults to 1, keeping the packet on the local network. For IPv4 multicasting,
2089 the hop count is used as the TTL.
2091 If the indirect host list contains the keyword <literal>CHOOSER</literal>,
2092 <quote>Indirect</quote> queries are not forwarded, but instead a host chooser
2093 dialog is displayed by &kdm;. The chooser will send a <quote>Direct</quote>
2094 query to each of the remaining host names in the list and offer a menu of
2095 all the hosts that respond. The host list may contain the keyword
2096 <literal>BROADCAST</literal>, to make the chooser send a
2097 <quote>Broadcast</quote> query as well; note that on some operating systems,
2098 UDP packets cannot be broadcast, so this feature will not work.
2101 <para>When checking access for a particular display host, each entry is scanned
2102 in turn and the first matching entry determines the response.
2103 <quote>Direct</quote> and <quote>Broadcast</quote> entries are ignored when
2104 scanning for an <quote>Indirect</quote> entry and vice-versa.</para>
2106 <para>A macro definition contains a macro name and a list of host names and
2107 other macros that the macro expands to. To distinguish macros from hostnames,
2108 macro names start with a <literal>%</literal> character.</para>
2110 <para>The last entry type is the <literal>LISTEN</literal> directive.
2111 The formal syntax is
2113 <userinput> <literal>LISTEN</literal> [<replaceable>interface</replaceable> [<replaceable>multicast list</replaceable>]]</userinput>
2115 If one or more <literal>LISTEN</literal> lines are specified, &kdm; listens
2116 for &XDMCP; requests only on the specified interfaces.
2117 <replaceable>interface</replaceable> may be a hostname or IP address
2118 representing a network interface on this machine, or the wildcard
2119 <literal>*</literal> to represent all available network interfaces.
2120 If multicast group addresses are listed on a <literal>LISTEN</literal> line,
2121 &kdm; joins the multicast groups on the given interface. For IPv6 multicasts,
2122 the IANA has assigned ff0<replaceable>X</replaceable>:0:0:0:0:0:0:12b as the
2123 permanently assigned range of multicast addresses for &XDMCP;. The
2124 <replaceable>X</replaceable> in the prefix may be replaced by any valid scope
2125 identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and
2126 so on (see IETF RFC 2373 or its replacement for further details and scope
2127 definitions). &kdm; defaults to listening on the Link-Local scope address
2128 ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior.
2129 If no <literal>LISTEN</literal> lines are given, &kdm; listens on all
2130 interfaces and joins the default &XDMCP; IPv6 multicast group (when
2131 compiled with IPv6 support).
2132 To disable listening for &XDMCP; requests altogether, a
2133 <literal>LISTEN</literal> line with no addresses may be specified, but using
2134 the <literal>[Xdmcp]</literal> <option>Enable</option> option is preferred.
2139 <sect1 id="kdm-scripts">
2140 <title>Supplementary programs</title>
2143 The following programs are run by &kdm; at various stages of a session.
2144 They typically are shell scripts.
2148 The Setup, Startup and Reset programs are run as
2149 <systemitem class="username">root</systemitem>, so they should be careful
2151 Their first argument is <literal>auto</literal> if the session results
2152 from an automatic login; otherwise, no arguments are passed to them.
2155 <sect2 id="kdmrc-xsetup">
2156 <title>Setup program</title>
2159 The <filename>Xsetup</filename> program is run after the &X-Server; is
2160 started or reset, but before the greeter is offered.
2161 This is the place to change the root background (if
2162 <option>UseBackground</option> is disabled) or bring up other windows that
2163 should appear on the screen along with the greeter.
2167 In addition to any specified by <option>ExportList</option>,
2168 the following environment variables are passed:</para>
2171 <term>DISPLAY</term>
2172 <listitem><para>the associated display name</para></listitem>
2176 <listitem><para>the value of <option>SystemPath</option></para></listitem>
2180 <listitem><para>the value of <option>SystemShell</option></para></listitem>
2183 <term>XAUTHORITY</term>
2184 <listitem><para>may be set to an authority file</para></listitem>
2187 <term>DM_CONTROL</term>
2188 <listitem><para>the value of <option>FifoDir</option></para></listitem>
2192 <para> Note that since &kdm; grabs the keyboard, any other windows will not be
2193 able to receive keyboard input. They will be able to interact with the mouse,
2194 however; beware of potential security holes here. If <option>GrabServer</option>
2195 is set, <filename>Xsetup</filename> will not be able to connect to the display
2196 at all. Resources for this program can be put into the file named by
2197 <option>Resources</option>.
2202 <sect2 id="kdmrc-xstartup">
2203 <title>Startup program</title>
2205 <para>The <filename>Xstartup</filename> program is run as
2206 <systemitem class="username">root</systemitem> when the user logs in.
2207 This is the place to put commands which add entries to
2208 <filename>utmp</filename> (the <command>sessreg</command> program
2209 may be useful here), mount users' home directories from file servers,
2210 or abort the session if some requirements are not met (but note that on
2211 modern systems, many of these tasks are already taken care of by
2212 <acronym>PAM</acronym> modules).</para>
2214 <para>In addition to any specified by <option>ExportList</option>,
2215 the following environment variables are passed:</para>
2218 <term>DISPLAY</term>
2219 <listitem><para>the associated display name</para></listitem>
2223 <listitem><para>the initial working directory of the user</para></listitem>
2226 <term>LOGNAME</term>
2227 <listitem><para>the username</para></listitem>
2231 <listitem><para>the username</para></listitem>
2235 <listitem><para>the value of <option>SystemPath</option></para></listitem>
2239 <listitem><para>the value of <option>SystemShell</option></para></listitem>
2242 <term>XAUTHORITY</term>
2243 <listitem><para>may be set to an authority file</para></listitem>
2246 <term>DM_CONTROL</term>
2247 <listitem><para>the value of <option>FifoDir</option></para></listitem>
2251 <para>&kdm; waits until this program exits before starting the user session.
2252 If the exit value of this program is non-zero, &kdm; discontinues the session
2253 and starts another authentication cycle.</para>
2257 <sect2 id="kdmrc-xsession">
2258 <title>Session program</title>
2260 <para>The <filename>Xsession</filename> program is the command which is run
2261 as the user's session. It is run with the permissions of the authorized user.
2262 One of the keywords <literal>failsafe</literal>, <literal>default</literal>
2263 or <literal>custom</literal>, or a string to <command>eval</command> by a
2264 Bourne-compatible shell is passed as the first argument.</para>
2266 <para>In addition to any specified by <option>ExportList</option>,
2267 the following environment variables are passed:</para>
2270 <term>DISPLAY</term>
2271 <listitem><para>the associated display name</para></listitem>
2275 <listitem><para>the initial working directory of the user</para></listitem>
2278 <term>LOGNAME</term>
2279 <listitem><para>the username</para></listitem>
2283 <listitem><para>the username</para></listitem>
2287 <listitem><para>the value of <option>UserPath</option>
2288 (or <option>SystemPath</option> for
2289 <systemitem class="username">root</systemitem> user sessions)</para>
2294 <listitem><para>the user's default shell</para></listitem>
2297 <term>XAUTHORITY</term>
2298 <listitem><para>may be set to a non-standard authority file</para></listitem>
2301 <term>KRBTKFILE</term>
2302 <listitem><para>may be set to a Kerberos4 credentials cache name</para>
2306 <term>KRB5CCNAME</term>
2307 <listitem><para>may be set to a Kerberos5 credentials cache name</para>
2311 <term>DM_CONTROL</term>
2312 <listitem><para>the value of <option>FifoDir</option></para></listitem>
2315 <term>XDM_MANAGED</term>
2316 <listitem><para>will contain a comma-separated list of parameters the
2317 session might find interesting, like which conversation
2318 plugin was used for the login</para>
2322 <term>DESKTOP_SESSION</term>
2323 <listitem><para>the name of the session the user has chosen to run</para>
2330 <sect2 id="kdmrc-xreset">
2331 <title>Reset program</title>
2333 <para>Symmetrical with <filename>Xstartup</filename>, the
2334 <filename>Xreset</filename> program is run after the user session has
2335 terminated. Run as <systemitem class="username">root</systemitem>, it should
2336 contain commands that undo the effects of commands in
2337 <filename>Xstartup</filename>, removing entries from <filename>utmp</filename>
2338 or unmounting directories from file servers.</para>
2340 <para>The environment variables that were passed to
2341 <filename>Xstartup</filename> are also passed to <filename>Xreset</filename>.