1 files changed, 114 insertions, 24 deletions

diff --git a/xdm.man.cpp b/xdm.man.cpp
index 07fd53f..9ad586e 100644
--- a/xdm.man.cpp
+++ b/xdm.man.cpp
@@ -1,15 +1,15 @@
 .\" $Xorg: xdm.man,v 1.4 2001/02/09 02:05:41 xorgcvs Exp $
 .\" Copyright 1988, 1994, 1998  The Open Group
-.\" 
+.\"
 .\" Permission to use, copy, modify, distribute, and sell this software and its
 .\" documentation for any purpose is hereby granted without fee, provided that
 .\" the above copyright notice appear in all copies and that both that
 .\" copyright notice and this permission notice appear in supporting
 .\" documentation.
-.\" 
+.\"
 .\" The above copyright notice and this permission notice shall be included
 .\" in all copies or substantial portions of the Software.
-.\" 
+.\"
 .\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 .\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 .\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
@@ -17,14 +17,14 @@
 .\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 .\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 .\" OTHER DEALINGS IN THE SOFTWARE.
-.\" 
+.\"
 .\" Except as contained in this notice, the name of The Open Group shall
 .\" not be used in advertising or otherwise to promote the sale, use or
 .\" other dealings in this Software without prior written authorization
 .\" from The Open Group.
-.\" 
-.\" $XFree86: xc/programs/xdm/xdm.man,v 3.22 2002/10/12 16:06:47 herrb Exp $
-.\" 
+.\"
+.\" $XFree86: xc/programs/xdm/xdm.man,v 3.26 2003/10/24 20:38:15 tsi Exp $
+.\"
 .TH XDM 1 __xorgversion__
 .SH NAME
 xdm \- X Display Manager with support for XDMCP, host chooser
@@ -92,6 +92,13 @@ by
 .I chooser
 or X terminals themselves.
 .PP
+.I Xdm
+can be configured to ignore BroadcastQuery messages from selected hosts.
+This is useful when you don't want the host to appear in menus produced
+by
+.I chooser
+or X terminals themselves.
+.PP
 Because
 .I xdm
 provides the first interface that users will see, it is designed to be
@@ -144,7 +151,7 @@ When the \fIXsession\fP script exits, the session is over.
 At the end of the session, the \fIXreset\fP script is run to clean up,
 the X server is reset, and the cycle starts over.
 .PP
-The file \fI__projectroot__/lib/X11/xdm/xdm-errors\fP will contain error 
+The file \fI __projectroot__/lib/X11/xdm/xdm-errors\fP will contain error
 messages from
 .I xdm
 and anything output to stderr by \fIXsetup, Xstartup, Xsession\fP
@@ -247,7 +254,7 @@ dots to separate resource name parts,
 .I xdm
 substitutes underscores for both dots and colons when generating the resource
 name.
-For example, \fBDisplayManager.expo_x_org_0.startup\fP is the name of the 
+For example, \fBDisplayManager.expo_x_org_0.startup\fP is the name of the
 resource which defines the startup shell file for the ``expo.x.org:0'' display.
 .\"
 .IP "\fBDisplayManager.servers\fP"
@@ -305,7 +312,7 @@ uses the \fIlockf\fP library call, while on BSD it uses \fIflock.\fP
 This names a directory under which
 .I xdm
 stores authorization files while initializing the session.  The
-default value is \fI__projectroot__/lib/X11/xdm.\fP
+default value is \fI __projectroot__/lib/X11/xdm.\fP
 Can be overridden for specific displays by
 DisplayManager.\fIDISPLAY\fP.authFile.
 .IP \fBDisplayManager.autoRescan\fP
@@ -349,10 +356,31 @@ to pass on to the \fIXsetup\fP,
 A file to checksum to generate the seed of authorization keys.
 This should be a file that changes frequently.
 The default is \fI/dev/mem\fP.
+#ifdef DEV_RANDOM
+.IP \fBDisplayManager.randomDevice\fP
+A file to read 8 bytes from to generate the seed of authorization keys.
+The default is \fI DEV_RANDOM \fP. If this file cannot be read, or if a
+read blocks for more than 5 seconds, xdm falls back to using a checksum
+of \fBDisplayManager.randomFile\fP to generate the seed.
+#endif
+#if !defined(ARC4_RANDOM)
+.IP \fBDisplayManager.prngdSocket\fP
+.IP \fBDisplayManager.prngPort\fP
+A UNIX domain socket name or a TCP socket port number on local host on
+which a Pseudo-Random Number Generator Daemon, like EGD
+(http://egd.sourceforge.net) is listening, in order to generate the
+autorization keys. Either a non null port or a valid socket name must
+be specified. The default is to use the Unix-domain socket
+\fI/tmp/entropy\fP.
+.PP
+On systems that don't have such a daemon, a fall-back entropy
+gathering system, based on various log file contents hashed by the MD5
+algorithm is used instead.
+#endif
 .IP \fBDisplayManager.greeterLib\fP
 On systems that support a dynamically-loadable greeter library, the
 name of the library.  The default is
-\fI__projectroot__/lib/X11/xdm/libXdmGreet.so\fP.
+\fI __projectroot__/lib/X11/xdm/libXdmGreet.so\fP.
 .IP \fBDisplayManager.choiceTimeout\fP
 Number of seconds to wait for display to respond after user has
 selected a host from the chooser.  If the display sends an XDMCP
@@ -384,17 +412,17 @@ section
 which describes the various
 resources that are appropriate to place in this file.
 There is no default value for this resource, but
-\fI__projectroot__/lib/X11/xdm/Xresources\fP
+\fI __projectroot__/lib/X11/xdm/Xresources\fP
 is the conventional name.
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP"
 Specifies the program run to offer a host menu for Indirect queries
 redirected to the special host name CHOOSER.
-\fI__projectroot__/lib/X11/xdm/chooser\fP is the default.
+\fI __projectroot__/lib/X11/xdm/chooser\fP is the default.
 See the sections \fBXDMCP Access Control\fP and \fBChooser\fP.
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.xrdb\fP"
 Specifies the program used to load the resources.  By default,
 .I xdm
-uses \fI__projectroot__/bin/xrdb\fP.
+uses \fI __projectroot__/bin/xrdb\fP.
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.cpp\fP"
 This specifies the name of the C preprocessor which is used by \fIxrdb\fP.
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.setup\fP"
@@ -412,7 +440,7 @@ file used here is \fIXstartup\fP.
 See the section \fBStartup Program.\fP
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.session\fP"
 This specifies the session to be executed (not running as root).
-By default, \fI__projectroot__/bin/xterm\fP is
+By default, \fI __projectroot__/bin/xterm\fP is
 run.  The conventional name is \fIXsession\fP.
 See the section
 .B "Session Program."
@@ -498,7 +526,7 @@ If the default session fails to execute,
 will fall back to this program.  This program is executed with no
 arguments, but executes using the same environment variables as
 the session would have had (see the section \fBSession Program\fP).
-By default, \fI__projectroot__/bin/xterm\fP is used.
+By default, \fI __projectroot__/bin/xterm\fP is used.
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP"
 .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabTimeout\fP"
 To improve security,
@@ -577,7 +605,7 @@ variable XAUTHORITY at the created file.  It uses \fI/tmp\fP by default.
 First, the
 .I xdm
 configuration file should be set up.
-Make a directory (usually \fI__projectroot__/lib/X11/xdm\fP) to contain all
+Make a directory (usually \fI __projectroot__/lib/X11/xdm\fP) to contain all
 of the relevant files.
 .LP
 Here is a reasonable configuration file, which could be
@@ -632,6 +660,11 @@ it can be followed by the optional ``NOBROADCAST'' keyword.
 This can be used to prevent an xdm server from appearing on
 menus based on Broadcast queries.
 .PP
+To only respond to Direct queries for a host or pattern,
+it can be followed by the optional ``NOBROADCAST'' keyword.
+This can be used to prevent an xdm server from appearing on
+menus based on Broadcast queries.
+.PP
 An Indirect entry also contains a host name or pattern,
 but follows it with a list of
 host names or macros to which indirect queries should be sent.
@@ -686,6 +719,23 @@ extract.lcs.mit.edu	xenon.lcs.mit.edu	#force extract to contact xenon
 !xtra.lcs.mit.edu	dummy	#disallow indirect access
 *.lcs.mit.edu	%HOSTS	#all others get to choose
 .fi
+.PP
+If compiled with IPv6 support, multicast address groups may also be included
+in the list of addresses indirect queries are set to.  Multicast addresses
+may be followed by an optional / character and hop count. If no hop count is
+specified, the multicast hop count defaults to 1, keeping the packet on the
+local network. For IPv4 multicasting, the hop count is used as the TTL.
+.PP
+Examples:
+.LP
+.ta 2.1i 4.5i
+.nf
+rincewind.sample.net	ff02::1	#IPv6 Multicast to ff02::1
+\&		#with a hop count of 1
+ponder.sample.net	CHOOSER 239.192.1.1/16  #Offer a menu of hosts
+\&		#who respond to IPv4 Multicast
+\&		# to 239.192.1.1 with a TTL of 16
+.fi
 .SH CHOOSER
 .PP
 For X terminals that do not offer a host menu for use with Broadcast
@@ -725,6 +775,37 @@ and sends another \fBIndirect\fP XDMCP request.
 \fBDisplayManager.choiceTimeout\fP seconds) and forwards the request
 to the chosen host, which starts a session on that display.
 .\"
+.SH LISTEN
+The following configuration directive is also defined for the Xaccess
+configuration file:
+.IP "\fBLISTEN\fP \fIinterface\fP \fI[list of multicast group addresses]\fP"
+\fIinterface\fP may be a hostname or IP addresss representing a
+network interface on this machine, or the wildcard * to represent all
+available network interfaces.
+.PP
+If one or more LISTEN lines are specified, xdm only listens for XDMCP
+connections on the specified interfaces. If multicast group addresses
+are listed on a listen line, xdm joins the multicast groups on the
+given interface.
+.PP
+If no LISTEN lines are given, the original behavior of listening on
+all interfaces is preserved for backwards compatibility.
+Additionally, if no LISTEN is specified, xdm joins the default XDMCP
+IPv6 multicast group, when compiled with IPv6 support.
+.PP
+To disable listening for XDMCP connections altogther, a line of LISTEN
+with no addresses may be specified, or the previously supported method
+of setting DisplayManager.requestPort to 0 may be used.
+.PP
+Examples:
+.ta 2i 4i
+.nf
+LISTEN * ff02::1	# Listen on all interfaces and to the
+\&	# ff02::1 IPv6 multicast group.
+LISTEN 10.11.12.13	# Listen only on this interface, as long
+\&	# as no other listen directives appear in
+\&	# file.
+.fi
 .SH "LOCAL SERVER SPECIFICATION"
 .PP
 The resource \fBDisplayManager.servers\fP gives a server specification
@@ -781,7 +862,7 @@ it at its authorization data.
 For XDMCP servers, \fIxdm\fP passes the
 authorization data to the server via the \fBAccept\fP XDMCP request.
 .SH RESOURCES FILE
-The \fIXresources\fP file is 
+The \fIXresources\fP file is
 loaded onto the display as a resource database using
 .I xrdb.
 As the authentication
@@ -830,6 +911,15 @@ the following environment variables are passed:
 	SHELL	the value of \fBDisplayManager.\fP\fIDISPLAY\fP\fB.systemShell\fP
 	XAUTHORITY	may be set to an authority file
 .fi
+.IP "\fBxlogin.Login.allowRootLogin\fP"
+If set to ``false'', don't allow root (and any other user with uid = 0) to
+log in directly.
+The default is ``true''.
+.IP "\fBxlogin.Login.allowNullPasswd\fP"
+If set to ``true'', allow an otherwise failing password match to succeed
+if the account does not require a password at all.
+The default is ``false'', so only users that have passwords assigned can
+log in.
 .PP
 Note that since \fIxdm\fP grabs the keyboard, any other windows will not be
 able to receive keyboard input.  They will be able to interact with
@@ -985,7 +1075,7 @@ before doing this.
 .PP
 On some systems (OpenBSD) the user's shell must be listed in
 .I /etc/shells
-to allow login through xdm. The normal password and account expiration 
+to allow login through xdm. The normal password and account expiration
 dates are enforced too.
 .SH "STARTUP PROGRAM"
 .PP
@@ -1025,7 +1115,7 @@ cycle.
 .PP
 The sample \fIXstartup\fP file shown here prevents login while the
 file \fI/etc/nologin\fP
-exists.  
+exists.
 Thus this is not a complete example, but
 simply a demonstration of the available functionality.
 .PP
@@ -1100,7 +1190,7 @@ be executable so we don't have to guess what shell it wants to use.
 \&	#
 \&	# This is the program that is run as the client
 \&	# for the display manager.
-	
+
 	case $# in
 	1)
 		case $1 in
@@ -1109,10 +1199,10 @@ be executable so we don't have to guess what shell it wants to use.
 			;;
 		esac
 	esac
-	
+
 	startup=$HOME/.xsession
 	resources=$HOME/.Xresources
-	
+
 	if [ \-f "$startup" ]; then
 		exec "$startup"
 	else
@@ -1230,7 +1320,7 @@ line:
 .nf
 .ta .5i
 
-	xdm \-server ":0 SUN-3/60CG4 local __projectroot__/bin/X :0"
+	xdm \-server \(lq:0 SUN-3/60CG4 local __projectroot__/bin/X :0\(rq
 
 .fi
 .PP