Man gdmsetup




















An empty [servers] section automatically implies this option. You can use a single dash with this option to preserve compatibility with XDM. This is mostly for debugging purposes. No greeter is shown until the GO message is sent. This is useful for initialization scripts that wish to start X early, but where you do not yet want the user to start logging in: the script sends the GO to the fifo when ready and GDM then continues.

The following options are supported by gdmlogin and gdmgreeter: gnome-std-optionStandard options available for use with most GNOME applications. See gnome-std-options 5 for more information. This option is for running gdmchooser with xdm, and is not used within GDM. The greeter contains a menu at the top, an optional face browser, an optional logo, and a text entry field.

The Standard Greeter corresponds to the executable gdmlogin. The text entry field is used to enter logins, passwords, passphrases, and so on. The field is controlled by the underlying daemon and is basically stateless. The daemon controls the greeter through a simple protocol where the daemon can ask the greeter for a text string with echo turned on or off. Similarly, the daemon can change the label above the text entry field to correspond to the value that the authenti- cation system wants the user to enter.

Optionally, the greeter can provide a face browser that contains icons for all of the users on a system. The icons can be installed glob- ally by the system administrator, or in the user home directories.

Face icons placed in the global face directory must be readable to the GDM user. However, the daemon proxies user pictures to the greeter. Therefore, those do not have to be readable by the GDM user, but must be readable by the root user. Note that loading and scaling face icons located in user home directories can be a very time-consuming task, especially on large systems or systems running NIS.

The browser feature is only intended for systems with relatively few users. Also, if home directories are on an on- demand mounted file system such as AFS, GDM might mount all of the home directories just to check for pictures if the face browser is on. However, GDM will try to give up after 5 seconds of activity, and only display the users whose pictures have been received so far. To filter out unwanted user names in the browser, the "Exclude" parameter in gdm.

The greeter automatically ignores the usernames listed, and excludes users whose UIDs are lower than the "MinimalUID" parameter, which is by default. When the browser is turned on, valid usernames on the machine are exposed to a potential intruder. This might be a bad idea if you do not know who has access to a login screen. The greeter can optionally display a logo in the login window. Graphical Greeter The Graphical Greeter is a greeter interface that is displayed on the whole screen and is themable.

The Graphical Greeter corresponds to the executable gdmgreeter. Themes can be selected and new themes can be installed by running gdmsetup, or by setting the "GraphicalTheme" parameter in gdm.

The location of themes is specified by the "GraphicalThemeDir" parameter. The look and feel of this greeter is controlled by the theme, so the user interface elements that are present might differ. The only item that must always be present is the text entry field, as described in the Standard Greeter section above.

You can display a menu of avail- able actions by pressing the F10 key. This can be useful if the theme does not provide certain buttons when you wish to perform a particu- lar action. The user can also specify a machine by entering its name directly. The Chooser can be launched on the console directly from the Standard or Graphical Greeter. The chooser corresponds to the executable gdmchooser.

See the [xdmcp] section of the gdm. Several protocol parameters, handshaking timeouts, and so on can be fine-tuned. The default values should work for most systems, however. Do not change these values unless you know what you are doing. GDM remembers the user's choice and forwards subsequent requests to the chosen manager.

GDM also supports an extension to the protocol which makes GDM forget the redirection once the user's connection succeeds. This extension is only supported if both daemons are GDM. Because of this, the cookies are transmitted as clear text. Therefore, you should be careful about the network where you use this. Note that if snoop- ing is possible, an attacker could snoop your password as you log in, so a better XDMCP authentication would not help you much anyway. The gdmflexiserver command can be used to communicate with the GDM daemon and to start new flexible on demand servers.

Configuration The gdm. Security GDM is best used with a dedicated user id and group id that GDM uses for graphical interfaces such as gdmgreeter, gdmlogin, and gdmchooser.

You can specify the name of this user and group in the [daemon] section of the gdm. The reason for using the GDM user and group is to have the user interface run as a user without privileges, so that in the unlikely case that someone finds a weak- ness in the GUI, they cannot access root on the machine.

Note that the GDM user and group have some privileges that make them somewhat dangerous. They have access to the server authorization directory specified by the ServAuthDir parameter in gdm. The server authorization directory ServAuthDir is used for a host of random internal data, in addition to the X server authorization files, and the naming is really a relic of history. The GDM daemon forces this directory to be owned by root:gdm with permissions of This means that only the root user and the GDM group have write access to this directory, but the GDM group cannot remove the root-owned files from this directory, such as the X server authorization files.

By default, GDM does not trust the server authorization directory and treats it in the same way as a temporary directory with respect to creating files. This means that someone breaking the GDM user cannot mount attacks by creating links in this directory. Similarly, the X server log directory is treated safely, but that directory should really be owned and writable only by the root user.

Accessibility GDM supports "Accessible Login" to allow users to log in to their desktop session even if they cannot easily use the screen, mouse, or key- board in the usual way. This also enables the user to change the visual appearance of the login UI before logging in, for example to use a higher-contrast color scheme for better visi- bility. To enable Accessible Login, the system administrator must modify the default login configuration by manually modifying three human-readable configuration files, stored in gdm.

To allow users to change the color and contrast scheme of the login dialog, set the "AllowThemeChange" parameter in gdm. To restrict user changes of the visual appearance to a subset of available themes, the "GtkThemesToAllow" parameter in gdm. Also, the "GtkModulesList" parameter must be uncommented and set to "gail:atk-bridge:dwell- mouselistener:keymouselistener".

System administrators might wish to load only the minimum subset of these modules that is required to support their user base. Depending on the end-user needs, it might not be necessary to load all of the GtkModules: o If a user needs the integrated Screen Reader and Magnifier, you must include "gail" and "atk-bridge".

Including all four modules is suitable for most system configurations. The Onscreen Keyboard can operate without gail and atk-bridge, but with a reduced feature set. For optimum accessibility, we recommend including gail and atk-bridge. When "keymouselistener" or "dwellmouselistener" have been added to the GtkModules loaded by GDM, you can assign user actions to the launch- ing of specific assistive technologies. The gesture format is described in the two files. The AccessKeyMouseEvents file controls the keymouselistener Gesture Listener and is used to define key-press, mouse button, or XInput device sequences that can be used to launch programs needed for accessibility.

The DwellKeyMouseEvents file controls the dwellmouselistener and supports gestures that involve only motion of a pointing device such as the system mouse. Motion of an alternative pointing device such as a head pointer or trackball can also be defined. All gestures are speci- fied by the same syntax, there is no distinction between a 'core mouse' gesture and motion from an alternate input device.

Motion gestures are defined as "crossing events" into and out of the login dialog window. For more on customizing the gdm stuff, see this thread EDIT: I just started one here. Please add to it! Loss of theming is one thing, but not being able to choose a session is worse when you don't run gnome.

Oddly, neither slim nor lxdm would allow me to log into xfce. Good to see that nothing was broken by downgrading just gdm though. A point that might help figuring out the cause is that I don't have gnome installed. Don't know if it's the same for others it doesn't work for or whether other non-gnome users can make it work. For some reason it also reactivates two identical accessibility icons in the tray I manually disabled earlier. It does open that appearance menu. That's part of how you change the appearance of the gdm now..

A logoff fixes that.. That command is opening the Gnome Appearance propertys menu.. As far as changing the Themes goes And from what I can tell, poking around, you will have to install Modules or Apps that plug into GDM to change the appearance beyond the colour and style of the GTK objects. That being said there are also several gconf keys you can play with as the GDM user that might have some impact on it. However I'm yet to actually see any real effect on GDM when changing them. I've been waiting to update from GDM 2.

Am I understanding this right? We can't remove the user list yet? I did the gconf-editor as root but gconf-editor is empty, nothing in it. This sets the gconf setting for the user gdm, rather than root's. With the current simple greeter, you need to then click 'log in' before you can type the username, although that might also be alterable. Other keys which can be set can be found here. Thanks a bunch! Worked like a charm.

Ok, actually I was a little bit too fast. I have recreated my custom. For now Gnome 2. Whats the cause of it? Has anyone else experienced this? What can I do in order to solve the issue? But yeah I tried that after finding it..



0コメント

  • 1000 / 1000