On 08/20/2010 10:46 AM, Daniel B. Thurman wrote:
> On 08/20/2010 09:23 AM, Steve Blackwell wrote:
>> On Thu, 19 Aug 2010 20:09:48 -0700
>> "Daniel B. Thurman" <dant@xxxxxxxxx> wrote:
>>> On 08/19/2010 07:48 AM, Steve Blackwell wrote:
>>>> I want to be able to log in to another computer from this computer
>>>> using XDMCP. Assuming that I have configured the other computer
>>>> correctly, a big assumption to be sure, what do I have to do to GDM
>>>> to show a menu or some other way of displaying the available XDMCP
>>>> computers on my login screen?
>>>>
>>>> I get plenty of google hits on GDM & XDMCP but they all appear to be
>>>> about how to configure GDM to allow a remote computer to log in to
>>>> my local computer and not the other way around.
>>>>
>>>> Is XDMCP even the right way to go? Should I be using VNC? I know
>>>> XDMCP is inherently insecure but this is on a local private network.
>>>>
>>>> Thanks,
>>>> Steve
>>> I use XDMCP on all of my boxes and
>>> force only local connections. Tested
>>> from 5 -> 13 and it works.
>> Are you using GDM or KDM?
>> If GDM can you post your custom.conf file and if it is possible, a pic
>> of your GDM screen with the XDMCP hosts shown?
>>
>> Thanks,
>> Steve
> I am using both gdm & kdm.
>
> There was a very hard to locate webpage that explained
> how to enable and configure XDMCP for both, but I will try
> to give you the run down, best as I can. I hope I have not
> missed anything...
>
> As for security, make sure that you read up online on how
> to use X SSH tunnelling if later, you decide to expose your
> X chooser to the Internet for remote access. Also, if you do
> this, you have to expose port 177 on your firewall.
>
> Keep in mind that you will get a chooser, a login screen
> showing the same background image with the login
> dialog with the list of users, exactly as it appears when
> you log directly onto your console terminal.
>
> When you use a vnc viewer, the remote access host
> field is in the form: <host or IP address>:<last-2 digit-port#>
>
> What this does is to choose the port number defining
> the window properties as defined in vncserver shown
> below, the color depth and the screen size. This allows
> for flexibility for the particular terminal console you are
> using remotely.
>
> After you properly configured everything below, a reboot
> is required. If there are any issues, be SURE that port 177
> is actually accessible remotely and you can use nmap
> to check it since it is a udp port. Also make sure that
> vncserver services are actually listening via netstat.
>
> 1) GDM
> /etc/gdm/custom.conf
> Add to: [xdmcp]
> Enable=true
> Willing=/etc/X11/xdm/Xwilling
> Xaccess=/etc/X11/xdm/Xaccess
> Port=177
>
> 2) XDM
> /etc/X11/xdm/xdm-config
> ! SECURITY: do not listen for XDMCP or Chooser requests
> ! Comment out this line if you want to manage X terminals with xdm
> !DisplayManager.requestPort: 0
>
> /etc/X11/xdm/Xaccess
> * #any host can get a login window
> #localhost
> 10.1.0. # Listen to local area network only <== at bottom,
> newly added & set your network here
>
> 3) KDE
> /etc/kde/kdm/kdmrc
> [Xdmcp]
> Enable=true
> Port=177
> Xaccess=/etc/kde/kdm/Xaccess
> Willing=/etc/kde/kdm/Xwilling
>
> /etc/kde/kdm/Xaccess
> * #any host can get a login window
> #localhost
> 10.1.0. # Listen to local area network only <== at bottom,
> newly added & set your network here
>
> 4) Services & Server
> *** Add to bottom & make sure spaces are single <TAB>
> *** You can add or remove to your taste but make sure that
> if you change anything below, update /etc/xinetd.d/vncserver
> /etc/services
> #========== Added by: <your initials>
> vnc-640x480x8 5950/tcp
> vnc-800x600x8 5951/tcp
> vnc-1024x768x8 5952/tcp
> vnc-1280x1024x8 5953/tcp
> vnc-1600x1200x8 5954/tcp
>
> vnc-640x480x16 5960/tcp
> vnc-800x600x16 5961/tcp
> vnc-1024x768x16 5962/tcp
> vnc-1280x1024x16 5963/tcp
> vnc-1600x1200x16 5964/tcp
>
> vnc-640x480x24 5970/tcp
> vnc-800x600x24 5971/tcp
> vnc-1024x768x24 5972/tcp
> vnc-1280x1024x24 5973/tcp
> vnc-1600x1200x24 5974/tcp
>
> vnc-640x480x32 5980/tcp
> vnc-800x600x32 5981/tcp
> vnc-1024x768x32 5982/tcp
> vnc-1280x1024x32 5983/tcp
> vnc-1600x1200x32 5984/tcp
> #==========
>
> /etc/xinetd.d/vncserver <=== NEW FILE with:
> # VNC XServer
> # Each line should be on one line, starting vnc-
> # and ending -depth x where x is the number.
> #
> service vnc-640x480x8
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 8
> }
>
> service vnc-800x600x8
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 8
> }
>
> service vnc-1024x768x8
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 8
> }
>
> service vnc-1280x1024x8
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 8
> }
>
> service vnc-1600x1200x8
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 8
> }
>
> service vnc-640x480x16
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 16
> }
>
> service vnc-800x600x16
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 16
> }
>
> service vnc-1024x768x16
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 16
> }
>
> service vnc-1280x1024x16
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 16
> }
>
> service vnc-1600x1200x16
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 16
> }
>
> service vnc-640x480x24
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 24
> }
>
> service vnc-800x600x24
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 24
> }
>
> service vnc-1024x768x24
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 24
> }
>
> service vnc-1280x1024x24
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 24
> }
>
> service vnc-1600x1200x24
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 24
> }
>
> service vnc-640x480x32
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 640x480 -depth 32
> }
>
> service vnc-800x600x32
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 800x600 -depth 32
> }
>
> service vnc-1024x768x32
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1024x768 -depth 32
> }
>
> service vnc-1280x1024x32
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1280x1024 -depth 32
> }
>
> service vnc-1600x1200x32
> {
> protocol = tcp
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/Xvnc
> server_args = -inetd -query localhost -once securitytypes=none
> -geometry 1600x1200 -depth 32
> }
>
I forgot to add, that not only port 177 has to be exposed for Internet
access, but also ports 5950-5954, 5960-5964, ... for the vncserver ports
as well and you can choose whatever you want to expose selectively
as you do not have to expose all of these ports, if at all.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
