Re: GDM and XDMCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 On 08/20/2010 10:46 AM, Daniel B. Thurman wrote:
>  On 08/20/2010 09:23 AM, Steve Blackwell wrote:
>> On Thu, 19 Aug 2010 20:09:48 -0700
>> "Daniel B. Thurman" <dant@xxxxxxxxx> wrote:
>>>  On 08/19/2010 07:48 AM, Steve Blackwell wrote:
>>>> I want to be able to log in to another computer from this computer
>>>> using XDMCP. Assuming that I have configured the other computer
>>>> correctly, a big assumption to be sure, what do I have to do to GDM
>>>> to show a menu or some other way of displaying the available XDMCP
>>>> computers on my login screen?
>>>>
>>>> I get plenty of google hits on GDM & XDMCP but they all appear to be
>>>> about how to configure GDM to allow a remote computer to log in to
>>>> my local computer and not the other way around.
>>>>
>>>> Is XDMCP even the right way to go? Should I be using VNC? I know
>>>> XDMCP is inherently insecure but this is on a local private network.
>>>>
>>>> Thanks,
>>>> Steve
>>> I use XDMCP on all of my boxes and
>>> force only local connections.  Tested
>>> from 5 -> 13 and it works.
>> Are you using GDM or KDM? 
>> If GDM can you post your custom.conf file and if it is possible, a pic
>> of your GDM screen with the XDMCP hosts shown?
>>
>> Thanks,
>> Steve
> I am using both gdm & kdm.
>
> There was a very hard to locate webpage that explained
> how to enable and configure XDMCP for both, but I will try
> to give you the run down, best as I can.  I hope I have not
> missed anything...
>
> As for security, make sure that you read up online on how
> to use X SSH tunnelling if later, you decide to expose your
> X chooser to the Internet for remote access.  Also, if you do
> this, you have to expose port 177 on your firewall.
>
> Keep in mind that you will get a chooser, a login screen
> showing the same background image with the login
> dialog with the list of users, exactly as it appears when
> you log directly onto your console terminal.
>
> When you use a vnc viewer, the remote access host
> field is in the form: <host or IP address>:<last-2 digit-port#>
>
> What this does is to choose the port number defining
> the window properties as defined in vncserver shown
> below, the color depth and the screen size.  This allows
> for flexibility for the particular terminal console you are
> using remotely.
>
> After you properly configured everything below, a reboot
> is required. If there are any issues, be SURE that port 177
> is actually accessible remotely and you can use nmap
> to check it since it is a udp port. Also make sure that
> vncserver services are actually listening via netstat.
>
> 1) GDM
>     /etc/gdm/custom.conf
>     Add to: [xdmcp]
>     Enable=true
>     Willing=/etc/X11/xdm/Xwilling
>     Xaccess=/etc/X11/xdm/Xaccess
>     Port=177
>
> 2) XDM
>     /etc/X11/xdm/xdm-config
>     ! SECURITY: do not listen for XDMCP or Chooser requests
>     ! Comment out this line if you want to manage X terminals with xdm
>     !DisplayManager.requestPort:    0
>
>     /etc/X11/xdm/Xaccess
>     *                                       #any host can get a login window
>     #localhost
>     10.1.0.         # Listen to local area network only  <== at bottom,
> newly added & set your network here
>
> 3) KDE
>     /etc/kde/kdm/kdmrc
>     [Xdmcp]
>     Enable=true
>     Port=177
>     Xaccess=/etc/kde/kdm/Xaccess
>     Willing=/etc/kde/kdm/Xwilling
>
>     /etc/kde/kdm/Xaccess
>     *                                       #any host can get a login window
>     #localhost
>     10.1.0.         # Listen to local area network only  <== at bottom,
> newly added & set your network here
>
> 4) Services & Server
>     *** Add to bottom & make sure spaces are single <TAB>
>     *** You can add or remove to your taste but make sure that
>           if you change anything below, update /etc/xinetd.d/vncserver
>     /etc/services
> #========== Added by: <your initials>
> vnc-640x480x8   5950/tcp
> vnc-800x600x8   5951/tcp
> vnc-1024x768x8  5952/tcp
> vnc-1280x1024x8 5953/tcp
> vnc-1600x1200x8 5954/tcp
>
> vnc-640x480x16  5960/tcp
> vnc-800x600x16  5961/tcp
> vnc-1024x768x16 5962/tcp
> vnc-1280x1024x16        5963/tcp
> vnc-1600x1200x16        5964/tcp
>
> vnc-640x480x24  5970/tcp
> vnc-800x600x24  5971/tcp
> vnc-1024x768x24 5972/tcp
> vnc-1280x1024x24        5973/tcp
> vnc-1600x1200x24        5974/tcp
>
> vnc-640x480x32  5980/tcp
> vnc-800x600x32  5981/tcp
> vnc-1024x768x32 5982/tcp
> vnc-1280x1024x32        5983/tcp
> vnc-1600x1200x32        5984/tcp
> #==========
>
>     /etc/xinetd.d/vncserver  <=== NEW FILE with:
> # VNC XServer
> # Each line should be on one line, starting vnc-
> # and ending -depth x where x is the number.
> #
> service vnc-640x480x8
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 8
> }
>
> service vnc-800x600x8
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 8
> }
>
> service vnc-1024x768x8
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 8
> }
>
> service vnc-1280x1024x8
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 8
> }
>
> service vnc-1600x1200x8
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 8
> }
>
> service vnc-640x480x16
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 16
> }
>
> service vnc-800x600x16
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 16
> }
>
> service vnc-1024x768x16
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 16
> }
>
> service vnc-1280x1024x16
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 16
> }
>
> service vnc-1600x1200x16
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 16
> }
>
> service vnc-640x480x24
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 24
> }
>
> service vnc-800x600x24
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 24
> }
>
> service vnc-1024x768x24
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 24
> }
>
> service vnc-1280x1024x24
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 24
> }
>
> service vnc-1600x1200x24
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 24
> }
>
> service vnc-640x480x32
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 32
> }
>
> service vnc-800x600x32
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 32
> }
>
> service vnc-1024x768x32
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 32
> }
>
> service vnc-1280x1024x32
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 32
> }
>
> service vnc-1600x1200x32
> {
>         protocol = tcp
>         socket_type = stream
>         wait = no
>         user = nobody
>         server = /usr/bin/Xvnc
>         server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 32
> }
>
I forgot to add, that not only port 177 has to be exposed for Internet
access, but also ports 5950-5954, 5960-5964, ... for the vncserver ports
as well and you can choose whatever you want to expose selectively
as you do not have to expose all of these ports, if at all.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux