<para>Ce chapitre documente les fichiers qui contrôlent les fonctionnalités de &tdm;. Certaines de ces fonctionnalités peuvent également être définies depuis le module &kcontrol;.</para>
<title>Fichier de configuration principal de &tdm;</title>
<para>Le format basique du fichier est de type <quote>INI</quote>. </para>
<para>Les lignes commençant par un <literal>#</literal> sont des commentaires; les lignes vides sont simplement ignorées.</para>
<para>Les sections sont dénotées par <literal>[</literal><replaceable>Nom de la Section</replaceable><literal>]</literal>. </para>
<para>Vous pouvez configurer chaque affichage X individuellement.</para>
<para>Chaque affichage a un nom, qui consiste en un nom d'hôte (qui est vide pour les affichages locaux spécifiés dans <option>StaticServers</option> ou <option>ReserveServers</option>), un caractère « : » et un numéro d'affichage. De plus, un affichage appartient à une classe d'affichage (qui peut être ignorée dans la plupart des cas).</para>
<para>Les sections avec des paramètres spécifiques à un affichage ont la syntaxe formelle <literal>[X-</literal> <replaceable>host</replaceable> [ <literal>:</literal> <replaceable>number</replaceable> [ <literal>_</literal> <replaceable>class</replaceable> ] ] <literal>-</literal> <replaceable>sub-section</replaceable> <literal>]</literal> </para>
<para>Toutes les sections avec le même <replaceable>sub-section</replaceable> constituent une classe de section.</para>
<para>Vous pouvez utiliser le caractère joker <literal>*</literal> (n'importe quelle correspondance) pour <replaceable>host</replaceable>, <replaceable>number</replaceable> et <replaceable>class</replaceable>. Vous pouvez omettre des choses en fin de ligne, elles seront alors considérées comme étant <quote>*</quote>. La partie concernant l'hôte peut être une spécification de domaine comme <replaceable>.inf.tu-dresden.de</replaceable> ou le caractère joker <literal>+</literal> (correspondance pour ce qui est non-vide).</para>
<para>La section depuis laquelle la configuration est extraite est déterminée par ces règles:</para>
<para>Une correspondance exacte est prioritaire sur une correspondance partielle (pour la partie hôte), qui à son tour est prioritaire sur un caractère joker (<literal>+</literal> est prioritaire sur <literal>*</literal>).</para>
<para>Les sections communes sont [X-*] (tous les affichages), [X-:*] (tous les affichages locaux) et [X-:0] (le premier affichage local).</para>
<para>Le format pour toutes les clés est <userinput><option><replaceable>clé</replaceable></option> <literal>=</literal> <parameter>valeur</parameter></userinput>. Les clés ne sont valides que dans la classe de section pour laquelle elles ont été définies. Certaines clés ne s'apliquent pas à certains affichages, auquel cas elles sont ignorées. </para>
<para>Si un réglage n'est trouvé dans aucune section, la valeur par défaut est utilisée.</para>
<para>Les caractères spéciaux doivent être échappés par le caractère «antislash» (espaces de début et de fin(<literal>\s</literal>), tabulation (<literal>\t</literal>), fin de ligne (<literal>\n</literal>), retour chariot (<literal>\r</literal>) et le caractère « antislash » lui-même (<literal>\\</literal>)).</para>
<para>Dans les listes, les champs sont séparés par des virgules et n'ont pas d'espace entre eux. </para>
<para>Some command strings are subject to simplified sh-style word splitting: single quotes (<literal>'</literal>) and double quotes (<literal>"</literal>) have the usual meaning; the backslash quotes everything (not only special characters). Note that the backslashes need to be doubled because of the two levels of quoting.</para>
<note><para>Un fichier &tdmrc; primitif est commenté en détail. Tous les commentaires seront perdus si vous modifiez ce fichier via l'interface kcontrol.</para></note>
<para>Cette option existe uniquement pour faire des mises à jour automatiques propres. <emphasis>ne la modifiez pas</emphasis>, vous pourriez interférer avec de futures mises à jour et &tdm; pourrait ne plus fonctionner. </para>
<para>List of displays (&X-Server;s) permanently managed by &tdm;. Displays with a hostname are foreign displays which are expected to be already running, the others are local displays for which &tdm; starts an own &X-Server;; see <option>ServerCmd</option>. Each display may belong to a display class; append it to the display name separated by an underscore. See <xref linkend="tdmrc-xservers"/> for the details. </para>
<para>La valeur par défaut est <quote>:0</quote>.</para>
<para>List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the absolute value is used, and the <acronym>VT</acronym> will be allocated only if the kernel says it is free. If &tdm; exhausts this list, it will allocate free <acronym>VT</acronym>s greater than the absolute value of the last entry in this list. Currently Linux only. </para>
<para>This option is for operating systems (<acronym>OS</acronym>s) with support for virtual terminals (<acronym>VT</acronym>s), by both &tdm; and the <acronym>OS</acronym>s itself. Currently this applies only to Linux. </para><para>Lorsque &tdm; bascule en mode console, il commence à surveiller toutes les lignes <acronym>TTY</acronym> listées ici (sans <literal>/dev/</literal> au début). Si aucune d'elle n'est active pendant un certain temps, &tdm; bascule à nouveau vers le login X. </para>
<para>The nom de fichier spécifié sera créé pour contenir une représentation ASCII de l'identifiant de processus du processus &tdm; principal; le PID ne sera pas mémorisé sir le nom de fichier est vide. </para>
<para>Cette option contrôle si &tdm; utilise le verrouillage par fichier pour éviter que de multiples gestionnaires d'affichage soient lancés les uns sur les autres. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>Ceci nomme un répertoire dans lequel &tdm; stocke des fichiers d'autorisation pour &X-Server; lorsqu'il initialise la session. &tdm; s'attend à ce que le système supprime les fichiers périmés de ce répertoire au redémarrage. </para><para>Le fichier d'autorisation à utiliser pour un affichage particulier peut être spécifié avec l'option <option>AuthFile</option> dans [X-*-Core]. </para>
<para>La valeur par défaut est <quote>/var/run/xauth</quote>.</para>
<para>Additional environment variables &tdm; should pass on to all programs it runs. <envar>LD_LIBRARY_PATH</envar> and <envar>XCURSOR_THEME</envar> are good candidates; otherwise, it should not be necessary very often. </para>
<para>If the system has no native entropy source like /dev/urandom (see <option>RandomDevice</option>) and no entropy daemon like EGD (see <option>PrngdSocket</option> and <option>PrngdPort</option>) is running, &tdm; will fall back to its own pseudo-random number generator that will, among other things, successively checksum parts of this file (which, obviously, should change frequently). </para><para>Cette option n'existe pas sur Linux et divers BSDs. </para>
<para>La valeur par défaut est <quote>/dev/mem</quote>.</para>
<para>If the system has no native entropy source like /dev/urandom (see <option>RandomDevice</option>), read random data from a Pseudo-Random Number Generator Daemon, like EGD (http://egd.sourceforge.net) via this UNIX domain socket. </para><para>Cette option n'existe pas sur Linux et divers BSDs. </para>
<para>The path to a character device which &tdm; should read random data from. Empty means to use the system's preferred entropy device if there is one. </para><para>Cette option n'existe pas sur OpenBSD, qui utilise la fonction arc4_random à la place. </para>
<para>The directory in which &tdm; should store persistent working data; such data is, for example, the previous user that logged in on a particular display. </para>
<para>La valeur par défaut est <quote>/var/lib/tdm</quote>.</para>
<para>The directory in which &tdm; should store users' <filename>.dmrc</filename> files. This is only needed if the home directories are not readable before actually logging in (like with AFS). </para>
<para>This indicates the UDP port number which &tdm; uses to listen for incoming &XDMCP; requests. Unless you need to debug the system, leave this with its default value. </para>
<para>La valeur par défaut est <quote>177</quote>.</para>
<para>XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private key to be shared between &tdm; and the terminal. This option specifies the file containing those values. Each entry in the file consists of a display name and the shared key. </para>
<para>To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP; IndirectQuery requests, this file contains a database of hostnames which are either allowed direct access to this machine, or have a list of hosts to which queries should be forwarded to. The format of this file is described in <xref linkend="tdmrc-xaccess"/>. </para>
<para>La valeur par défaut est <quote>${<envar>kde_confdir</envar>}/tdm/Xaccess</quote>.</para>
<para>Number of seconds to wait for the display to respond after the user has selected a host from the chooser. If the display sends an &XDMCP; IndirectQuery within this time, the request is forwarded to the chosen host; otherwise, it is assumed to be from a new session and the chooser is offered again. </para>
<para>La valeur par défaut est <quote>15</quote>.</para>
<para>When computing the display name for &XDMCP; clients, the name resolver will typically create a fully qualified host name for the terminal. As this is sometimes confusing, &tdm; will remove the domain name portion of the host name if it is the same as the domain name of the local host when this option is enabled. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>Utiliser l'adresse <acronym>IP</acronym> de la connexion entrante au lieu du nom d'hôte. Utilisez cette option sur les hôtes possédant plusieurs interfaces réseau (<foreignphrase>multihomed</foreignphrase>). Ceci permet d'éviter de se connecter à la mauvaise interface qui peut ne pas être active à cet instant. </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>This specifies a program which is run (as <systemitem class="username">root</systemitem>) when an &XDMCP; DirectQuery or BroadcastQuery is received and this host is configured to offer &XDMCP; display management. The output of this program may be displayed in a chooser window. If no program is specified, the string <quote>Willing to manage</quote> is sent. </para>
<para>La commande (sujette à être découpée en mots) à lancer pour stopper/éteindre électriquement le système. </para><para>La valeur par défaut est quelque chose qui convenait sur le système sur lequel &tdm; a été compilé, comme par exemple <command>/sbin/shutdown <option>-h</option> <parameter>now</parameter></command>. </para>
<para>La commande (sujette à être découpée en mots) à lancer pour redémarrer le système. </para><para>La valeur par défaut est quelque chose qui convenait sur le système sur lequel &tdm; a été compilé, comme par exemple <command>/sbin/shutdown <option>-r</option> <parameter>now</parameter></command>. </para>
<para>Si on peut ou non annuler des sessions en cours d'exécution lorsqu'on arrête le système via la <acronym>FiFo</acronym> de commande globale. </para><para>Ceci n'aura aucun effet à moins que <option>AllowFifo</option> soit activé. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>These options control the behavior of &tdm; when attempting to open a connection to an &X-Server;. <option>OpenDelay</option> is the length of the pause (in seconds) between successive attempts, <option>OpenRepeat</option> is the number of attempts to make and <option>OpenTimeout</option> is the amount of time to spend on a connection attempt. After <option>OpenRepeat</option> attempts have been made, or if <option>OpenTimeout</option> seconds elapse in any particular connection attempt, the start attempt is considered failed. </para>
<para>La valeur par défaut est <quote>5</quote>.</para>
<para>How many times &tdm; should attempt to start a <literal>foreign</literal> display listed in <option>StaticServers</option> before giving up and disabling it. Local displays are attempted only once, and &XDMCP; displays are retried indefinitely by the client (unless the option <option>-once</option> was given to the &X-Server;). </para>
<para>La valeur par défaut est <quote>4</quote>.</para>
<para>Le nombre de fois que &tdm; doit tenter de démarrer un &X-Server; local. Ceci inclut l'exécution en elle-même, et l'attente pour qu'il démarre effectivement. </para>
<para>La valeur par défaut est <quote>1</quote>.</para>
<para>Cette ligne de commande démarre le &X-Server;, sans numéro d'affichage et sans spécification de VT. Cette chaîne est sujette à être découpée en mots. </para><para>La valeur par défaut est quelque chose qui convenait sur le système sur lequel &tdm; a été compilé, comme par exemple <command>/usr/X11R6/bin/X</command>. </para>
<para>The VT the &X-Server; should run on. <option>ServerVTs</option> should be used instead of this option. Leave it zero to let &tdm; assign a <acronym>VT</acronym> automatically. Set it to <literal>-1</literal> to avoid assigning a <acronym>VT</acronym> alltogether - this is required for setups with multiple physical consoles. Currently Linux only. </para>
<para>This option is for <acronym>OS</acronym>s without support for <acronym>VT</acronym>s, either by &tdm; or the <acronym>OS</acronym> itself. Currently this applies to all <acronym>OS</acronym>s but Linux. </para><para>When &tdm; switches to console mode, it starts monitoring this <acronym>TTY</acronym> line (specified without the leading <literal>/dev/</literal>) for activity. If the line is not used for some time, &tdm; switches back to the X login. </para>
<para>To discover when <emphasis>remote</emphasis> displays disappear, &tdm; regularly pings them. <option>PingInterval</option> specifies the time (in minutes) between the pings and <option>PingTimeout</option> specifies the maximum amount of time (in minutes) to wait for the terminal to respond to the request. If the terminal does not respond, the session is declared dead and terminated. </para><para>If you frequently use X terminals which can become isolated from the managing host, you may wish to increase the timeout. The only worry is that sessions will continue to exist after the terminal has been accidentally disabled. </para>
<para>La valeur par défaut est <quote>5</quote>.</para>
<para>Whether &tdm; should restart the local &X-Server; after session exit instead of resetting it. Use this if the &X-Server; leaks memory or crashes the system on reset attempts. </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>Controls whether &tdm; generates and uses authorization for <emphasis>local</emphasis> &X-Server; connections. For &XDMCP; displays the authorization requested by the display is used; foreign non-&XDMCP; displays do not support authorization at all. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>If <option>Authorize</option> is true, use the authorization mechanisms listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available; XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well, depending on the build configuration. </para>
<para>La valeur par défaut est <quote>DEF_AUTH_NAME</quote>.</para>
<para>Some <emphasis>old</emphasis> &X-Server;s re-read the authorization file at &X-Server; reset time, instead of when checking the initial connection. As &tdm; generates the authorization information just before connecting to the display, an old &X-Server; would not get up-to-date authorization information. This option causes &tdm; to send SIGHUP to the &X-Server; after setting up the file, causing an additional &X-Server; reset to occur, during which time the new authorization information will be read. </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>This file is used to communicate the authorization data from &tdm; to the &X-Server;, using the <option>-auth</option> &X-Server; command line option. It should be kept in a directory which is not world-writable as it could easily be removed, disabling the authorization mechanism in the &X-Server;. If not specified, a random name is generated from <option>AuthDir</option> and the name of the display. </para>
<para>This option specifies the name of the file to be loaded by <command>xrdb</command> as the resource database onto the root window of screen 0 of the display. KDE programs generally do not use X-resources, so this option is only needed if the <option>Setup</option> program needs some X-resources. </para>
<para>Le programme <command>xrdb</command> à utiliser pour lire le fichier des ressources X spécifié dans <option>Recources</option>. La commande est sujette à être découpée en mots. </para>
<para>La valeur par défaut est <quote>${<envar>x_bindir</envar>}/xrdb</quote>.</para>
<para>This string is subject to word splitting. It specifies a program which is run (as <systemitem class="username">root</systemitem>) before offering the greeter window. This may be used to change the appearance of the screen around the greeter window or to put up other windows (e.g., you may want to run <command>xconsole</command> here). The conventional name for a program used here is <command>Xsetup</command>. See <xref linkend="tdmrc-xsetup"/>. </para>
<para>This string is subject to word splitting. It specifies a program which is run (as <systemitem class="username">root</systemitem>) after the user authentication process succeeds. The conventional name for a program used here is <command>Xstartup</command>. See <xref linkend="tdmrc-xstartup"/>. </para>
<para>This string is subject to word splitting. It specifies a program which is run (as <systemitem class="username">root</systemitem>) after the session terminates. The conventional name for a program used here is <command>Xreset</command>. See <xref linkend="tdmrc-xreset"/>. </para>
<para>This string is subject to word splitting. It specifies the session program to be executed (as the user owning the session). The conventional name for a program used here is <command>Xsession</command>. See <xref linkend="tdmrc-xsession"/>. </para>
<para>La valeur par défaut est <quote>${<envar>x_bindir</envar>}/xterm -ls -T</quote>.</para>
<para>If the <option>Session</option> program fails to execute, &tdm; will fall back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had (see <xref linkend="tdmrc-xsession"/>). </para>
<para>La valeur par défaut est <quote>${<envar>x_bindir</envar>}/xterm</quote>.</para>
<para>La variable d'environment <envar>PATH</envar> pour les <option>Session</option>s non-<systemitem class="username">root</systemitem>. </para><para>La valeur par défaut dépend du système sur lequel &tdm; a été compilé. </para>
<para>La variable d'environment <envar>PATH</envar> pour tous les programmes sauf les <option>Session</option>s non-<systemitem class="username">root</systemitem>. Notez qu'il est de bonne pratique de ne pas inclure <literal>.</literal> (le répertoire courant) dans cette entrée. </para><para>La valeur par défaut dépend du système sur lequel &tdm; a été compilé. </para>
<para>When &tdm; is unable to write to the usual user authorization file ($<envar>HOME</envar>/.Xauthority), it creates a unique file name in this directory and points the environment variable <envar>XAUTHORITY</envar> at the created file. </para>
<para>La valeur par défaut est <quote>/tmp</quote>.</para>
<para>If enabled, &tdm; will automatically restart a session after an &X-Server; crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this feature opens a security hole: a secured display lock can be circumvented (unless &kde;'s built-in screen locker is used). </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>Si désactivé, ne pas permettre à <systemitem class="username">root</systemitem> (et tout autre utilisateur d'UID égal à 0) de se connecter directement. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>The users that do not need to provide a password to log in. Items which are prefixed with <literal>@</literal> represent all users in the user group named by that item. <literal>*</literal> means all users but <systemitem class="username">root</systemitem> (and any other user with UID = 0). <emphasis>Never</emphasis> list <systemitem class="username">root</systemitem>. </para>
<para>Si ceci est activé, une connexion automatique aura lieu après une déconnexion. Sinon, une connexion automatique aura lieu seulement au démarrage d'une session d'affichage. </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>Le mot de passe pour l'utilisateur à connecter automatiquement. Ce <emphasis>n'</emphasis> est <emphasis>pas</emphasis> obligatoire à moins que l'utilisateur se connecte dans un domaine <acronym>NIS</acronym> ou Kerberos. Si vous utilisez cette option, vous devriez faire un <command>chmod <option>600</option> <filename>tdmrc</filename></command> pour des raisons évidentes. </para>
<para>The file (relative to the user's home directory) to redirect the session output to. One occurrence of <parameter>%s</parameter> in this string will be substituted with the display name. Use <parameter>%%</parameter> to obtain a literal <literal>%</literal>. </para>
<para>La valeur par défaut est <quote>.xsession-errors</quote>.</para>
<para>Specify whether &tdm;'s built-in utmp/wtmp/lastlog registration should be used. If it is not, the tool <command>sessreg</command> should be used in the <option>Startup</option> and <option>Reset</option> scripts, or, alternatively, the pam_lastlog module should be used on <acronym>PAM</acronym>-enabled systems. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>Specify the widget color scheme for the greeter. Empty means to use the built-in default which currently is yellowish grey with some light blue and yellow elements. </para>
<para>What should be shown in the greeter righthand of the input lines (if <option>UserList</option> is disabled) or above them (if <option>UserList</option> is enabled): </para>
<para>The relative coordinates (percentages of the screen size; X,Y) at which the center of the greeter is put. &tdm; aligns the greeter to the edges of the screen it would cross otherwise. </para>
<para>La valeur par défaut est <quote>50,50</quote>.</para>
<para>Le moniteur sur lequel l'écran d'accueil doit être affiché dans une configuration à plusieurs moniteurs et dans les configurations Xinerama. La numérotation débute 0. Pour Xinerama, elle correspond à l'ordre d'énumération dans la section ServerLayout active du fichier XF86Config; -1 signifie d'utiliser l'écran en haut à gauche, -2 signifie d'utiliser l'écran en haut à droite. </para>
<para>Le titre de l'écran d'accueil. Une abscence de valeur signifie aucun titre. </para><para>Les caractères suivants sont remplacés par leur valeur: <variablelist>
<para>This option controls which users will be shown in the user view (<option>UserList</option>) and/or offered for autocompletion (<option>UserCompletion</option>). If it is <literal>Selected</literal>, <option>SelectedUsers</option> contains the final list of users. If it is <literal>NotHidden</literal>, the initial user list contains all users found on the system. Users contained in <option>HiddenUsers</option> are removed from the list, just like all users with a UID greater than specified in <option>MaxShowUID</option> and users with a non-zero UID less than specified in <option>MinShowUID</option>. Items in <option>SelectedUsers</option> and <option>HiddenUsers</option> which are prefixed with <literal>@</literal> represent all users in the user group named by that item. Finally, the user list will be sorted alphabetically, if <option>SortUsers</option> is enabled. </para>
<para>La valeur par défaut est <quote>NotHidden</quote>.</para>
<para>The images can be in any format Qt recognizes, but the filename must match &tdm;'s expectations: <literal>.face.icon</literal> should be a 48x48 icon, while <literal>.face</literal> should be a 300x300 image. Currently the big image is used only as a fallback and is scaled down, but in the future it might be displayed full-size in the logo area or a tooltip. </para>
<para>La valeur par défaut est <quote>AdminOnly</quote>.</para>
<para>If <option>FocusPasswd</option> is enabled and a user was preselected, the cursor is placed in the password input field automatically. </para>
<note><para>Activer la présélection d'utilisateur peut être considéré comme une faille de sécurité, puisqu'elle présente un nom de connexion valide à un attaquant éventuel, et qu'il <quote>n'a alors qu'à</quote> deviner le mot de passe. D'un autre côté, on pourrait positionner <option>DefaultUser</option> à une fausse valeur de nom de connexion.</para></note>
<para>If enabled, &tdm; will automatically start the <command>krootimage</command> program to set up the background; otherwise, the <option>Setup</option> program is responsible for the background. </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>The configuration file to be used by <command>krootimage</command>. It contains a section named <literal>[Desktop0]</literal> like <filename>kdesktoprc</filename> does. Its options are not described herein; guess their meanings or use the control center. </para>
<para>La valeur par défaut est <quote>${<envar>kde_confdir</envar>}/tdm/backgroundrc</quote>.</para>
<para>To improve security, the greeter grabs the &X-Server; and then the keyboard when it starts up. This option specifies if the &X-Server; grab should be held for the duration of the name/password reading. When disabled, the &X-Server; is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is grabbed until just before the session begins. </para>
<note><para>Activer cette option désactive <option>UseBackground</option> et <option>Setup</option>.</para></note>
<para>This option specifies the maximum time &tdm; will wait for the grabs to succeed. A grab may fail if some other X-client has the &X-Server; or the keyboard grabbed, or possibly if the network latencies are very high. You should be cautious when raising the timeout, as a user can be spoofed by a look-alike window on the display. If a grab fails, &tdm; kills and restarts the &X-Server; (if possible) and the session. </para>
<para>La valeur par défaut est <quote>3</quote>.</para>
<para>Spécifie si l'écran d'accueil des affichages locaux soit être démarré en mode sélectionneur d'hôtes (distant) ou connexion (local) et s'il est permis de basculer entre ces deux modes. </para>
<para>Liste d'hôtes séparés par des virgules à ajouter automatiquement au menu de connexion distante. Le nom spécial <parameter>*</parameter> signifie <foreignphrase>broadcast</foreignphrase>, et n'a pas d'effet si <option>LoginMode</option> vaut <literal>LocalOnly</literal>. </para>
<para>La valeur par défaut est <quote>*</quote>.</para>
<para>Use this number as a random seed when forging saved session types, etc. of unknown users. This is used to avoid telling an attacker about existing users by reverse conclusion. This value should be random but constant across the login domain. </para>
<para>Enable &tdm;'s built-in <command>xconsole</command>. Note that this can be enabled for only one display at a time. This option is available only if &tdm; was <command>configure</command>d with <option>--enable-tdm-xconsole</option>. </para>
<para>La valeur par défaut est <quote>false</quote>.</para>
<para>The data source for &tdm;'s built-in <command>xconsole</command>. If empty, a console log redirection is requested from <filename>/dev/console</filename>. Has no effect if <option>ShowLog</option> is disabled. </para>
<para>Specify conversation plugins for the login dialog; the first in the list is selected initially. Each plugin can be specified as a base name (which expands to <filename>$<envar>kde_modulesdir</envar>/kgreet_<replaceable>base</replaceable></filename>) or as a full pathname. </para><para>Conversation plugins are modules for the greeter which obtain authentication data from the user. Currently only the <literal>classic</literal> plugin is shipped with &kde;; it presents the well-known username and password form. </para>
<para>La valeur par défaut est <quote>classic</quote>.</para>
<para>A list of options of the form <replaceable>Key</replaceable><literal>=</literal><replaceable>Value</replaceable>. The conversation plugins can query these settings; it is up to them what possible keys are. </para>
<para>Montre l'action <guilabel>Passer en mode console</guilabel> dans l'écran d'accueil (si <option>ServerTTY</option>/<option>ConsoleTTYs</option> est configuré). </para>
<para>La valeur par défaut est <quote>true</quote>.</para>
<para>Un programme à exécuter lorsque l'écran d'accueil est visible. Dans la mesure du possible, il est supposé être préchargé avant la session qui est sur le point d'être démarrée (le plus probablement). </para>
<title>Spécifier des &X-Server;s permanents</title>
<para>Each entry in the <option>StaticServers</option> list indicates a display which should constantly be managed and which is not using &XDMCP;. This method is typically used only for local &X-Server;s that are started by &tdm;, but &tdm; can manage externally started (<quote>foreign</quote>) &X-Server;s as well, may they run on the local machine or rather remotely.</para>
<para>The formal syntax of a specification is <screen>
</screen> for all &X-Server;s. <quote>Foreign</quote> displays differ in having a host name in the display name, may it be <literal>localhost</literal>.</para>
<para>The <replaceable>display name</replaceable> must be something that can be passed in the <option>-display</option> option to an X program. This string is used to generate the display-specific section names, so be careful to match the names. The display name of &XDMCP; displays is derived from the display's address by reverse host name resolution. For configuration purposes, the <literal>localhost</literal> prefix from locally running &XDMCP; displays is <emphasis>not</emphasis> stripped to make them distinguishable from local &X-Server;s started by &tdm;.</para>
<para>The <replaceable>display class</replaceable> portion is also used in the display-specific sections. This is useful if you have a large collection of similar displays (such as a corral of X terminals) and would like to set options for groups of them. When using &XDMCP;, the display is required to specify the display class, so the manual for your particular X terminal should document the display class string for your device. If it does not, you can run &tdm; in debug mode and <command>grep</command> the log for <quote>class</quote>.</para>
<para>The displays specified in <option>ReserveServers</option> will not be started when &tdm; starts up, but when it is explicitly requested via the command socket (or <acronym>FiFo</acronym>). If reserve displays are specified, the &kde; menu will have a <guilabel>Start New Session</guilabel> item near the bottom; use that to activate a reserve display with a new login session. The monitor will switch to the new display, and you will have a minute to login. If there are no more reserve displays available, the menu item will be disabled.</para>
<para>When &tdm; starts a session, it sets up authorization data for the &X-Server;. For local servers, &tdm; passes <command><option>-auth</option> <filename><replaceable>filename</replaceable></filename></command> on the &X-Server;'s command line to point it at its authorization data. For &XDMCP; displays, &tdm; passes the authorization data to the &X-Server; via the <quote>Accept</quote> &XDMCP; message.</para>
<para>The file specified by the <option>AccessFile</option> option provides information which &tdm; uses to control access from displays requesting service via &XDMCP;. The file contains four types of entries: entries which control the response to <quote>Direct</quote> and <quote>Broadcast</quote> queries, entries which control the response to <quote>Indirect</quote> queries, macro definitions for <quote>Indirect</quote> entries, and entries which control on which network interfaces &tdm; listens for &XDMCP; queries. Blank lines are ignored, <literal>#</literal> is treated as a comment delimiter causing the rest of that line to be ignored, and <literal>\</literal> causes an immediately following newline to be ignored, allowing indirect host lists to span multiple lines. </para>
<para>The format of the <quote>Direct</quote> entries is simple, either a host name or a pattern, which is compared against the host name of the display device. Patterns are distinguished from host names by the inclusion of one or more meta characters; <literal>*</literal> matches any sequence of 0 or more characters, and <literal>?</literal> matches any single character. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct network address may be used. Note that only the first network address returned for a host name is used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Host names from &XDMCP; queries always contain the local domain name even if the reverse lookup returns a short name, so you can use patterns for the local domain. Preceding the entry with a <literal>!</literal> character causes hosts which match that entry to be excluded. To only respond to <quote>Direct</quote> queries for a host or pattern, it can be followed by the optional <literal>NOBROADCAST</literal> keyword. This can be used to prevent a &tdm; server from appearing on menus based on <quote>Broadcast</quote> queries.</para>
<para>An <quote>Indirect</quote> entry also contains a host name or pattern, but follows it with a list of host names or macros to which the queries should be forwarded. <quote>Indirect</quote> entries can be excluding as well, in which case a (valid) dummy host name must be supplied to make the entry distinguishable from a <quote>Direct</quote> entry. If compiled with IPv6 support, multicast address groups may also be included in the list of addresses the queries are forwarded to. If the indirect host list contains the keyword <literal>CHOOSER</literal>, <quote>Indirect</quote> queries are not forwarded, but instead a host chooser dialog is displayed by &tdm;. The chooser will send a <quote>Direct</quote> query to each of the remaining host names in the list and offer a menu of all the hosts that respond. The host list may contain the keyword <literal>BROADCAST</literal>, to make the chooser send a <quote>Broadcast</quote> query as well; note that on some operating systems, UDP packets cannot be broadcast, so this feature will not work. </para>
<para>When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response. <quote>Direct</quote> and <quote>Broadcast</quote> entries are ignored when scanning for an <quote>Indirect</quote> entry and vice-versa.</para>
<para>A macro definition contains a macro name and a list of host names and other macros that the macro expands to. To distinguish macros from hostnames, macro names start with a <literal>%</literal> character.</para>
<para>The last entry type is the <literal>LISTEN</literal> directive. The formal syntax is <screen>
</screen> If one or more <literal>LISTEN</literal> lines are specified, &tdm; listens for &XDMCP; requests only on the specified interfaces. <replaceable>interface</replaceable> may be a hostname or IP address representing a network interface on this machine, or the wildcard <literal>*</literal> to represent all available network interfaces. If multicast group addresses are listed on a <literal>LISTEN</literal> line, &tdm; joins the multicast groups on the given interface. For IPv6 multicasts, the IANA has assigned ff0<replaceable>X</replaceable>:0:0:0:0:0:0:12b as the permanently assigned range of multicast addresses for &XDMCP;. The <replaceable>X</replaceable> in the prefix may be replaced by any valid scope identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and so on (see IETF RFC 2373 or its replacement for further details and scope definitions). &tdm; defaults to listening on the Link-Local scope address ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior. If no <literal>LISTEN</literal> lines are given, &tdm; listens on all interfaces and joins the default &XDMCP; IPv6 multicast group (when compiled with IPv6 support). To disable listening for &XDMCP; requests altogether, a <literal>LISTEN</literal> line with no addresses may be specified, but using the <literal>[Xdmcp]</literal> <option>Enable</option> option is preferred. </para>
<para>Les programmes de configuration, de démarrage et de réinitialisation sont exécutés en tant que <systemitem class="username">root</systemitem>, ils doivent donc faire attention à propos des problèmes de sécurité. Leur premier argument est <literal>auto</literal> si la session résulte d'une connexion automatique; sinon, aucun argument ne leur est transmis. </para>
<para>Le programme <filename>Xsetup</filename> est exécuté après le démarrage ou la réinitialisation du &X-Server;, mais avant que l'écran d'accueil ne soit affiché. C'est l'endroit où changer l'arrière plan de base (si <option>UseBackground</option> est désactivé) ou faire surgir d'autres fenêtres qui doivent apparaître sur le moniteur avec l'écran d'accueil. </para>
<para>En sus de toutes celles qui peuvent être spécifiées dans <option>ExportList</option>, les variables d'environment suivantes sont transmises:</para>
<para>Note that since &tdm; grabs the keyboard, any other windows will not be able to receive keyboard input. They will be able to interact with the mouse, however; beware of potential security holes here. If <option>GrabServer</option> is set, <filename>Xsetup</filename> will not be able to connect to the display at all. Resources for this program can be put into the file named by <option>Resources</option>. </para>
<para>The <filename>Xstartup</filename> program is run as <systemitem class="username">root</systemitem> when the user logs in. This is the place to put commands which add entries to <filename>utmp</filename> (the <command>sessreg</command> program may be useful here), mount users' home directories from file servers, or abort the session if some requirements are not met (but note that on modern systems, many of these tasks are already taken care of by <acronym>PAM</acronym> modules).</para>
<para>En sus de toutes celles qui peuvent être spécifiées dans <option>ExportList</option>, les variables d'environment suivantes sont transmises:</para>
<para>&tdm; waits until this program exits before starting the user session. If the exit value of this program is non-zero, &tdm; discontinues the session and starts another authentication cycle.</para>
<para>The <filename>Xsession</filename> program is the command which is run as the user's session. It is run with the permissions of the authorized user. One of the keywords <literal>failsafe</literal>, <literal>default</literal> or <literal>custom</literal>, or a string to <command>eval</command> by a Bourne-compatible shell is passed as the first argument.</para>
<para>En sus de toutes celles qui peuvent être spécifiées dans <option>ExportList</option>, les variables d'environment suivantes sont transmises:</para>
<listitem><para>la valeur de <option>UserPath</option> (ou <option>SystemPath</option> pour les sessions utilisateur de <systemitem class="username">root</systemitem>)</para>
<listitem><para>will contain a comma-separated list of parameters the session might find interesting, like the location of the command <acronym>FiFo</acronym> and its capabilities, and which conversation plugin was used for the login</para>
<para>Symmetrical with <filename>Xstartup</filename>, the <filename>Xreset</filename> program is run after the user session has terminated. Run as <systemitem class="username">root</systemitem>, it should contain commands that undo the effects of commands in <filename>Xstartup</filename>, removing entries from <filename>utmp</filename> or unmounting directories from file servers.</para>
<para>Les variables d'environment qui ont été transmises à <filename>Xstartup</filename> le sont aussi à <filename>Xreset</filename>. </para>
