|
|
|
@ -18,9 +18,9 @@
|
|
|
|
<title>The &tdm; Handbook</title>
|
|
|
|
<title>The &tdm; Handbook</title>
|
|
|
|
|
|
|
|
|
|
|
|
<authorgroup>
|
|
|
|
<authorgroup>
|
|
|
|
<author>
|
|
|
|
<corpauthor>
|
|
|
|
&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;
|
|
|
|
The &tde; Documentation Team
|
|
|
|
</author><!--
|
|
|
|
</corpauthor><!--
|
|
|
|
<othercredit role="developer">
|
|
|
|
<othercredit role="developer">
|
|
|
|
&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;
|
|
|
|
&Oswald.Buddenhagen; &Oswald.Buddenhagen.mail;
|
|
|
|
<contrib>Developer</contrib>
|
|
|
|
<contrib>Developer</contrib>
|
|
|
|
@ -49,16 +49,21 @@
|
|
|
|
<holder>&Lauri.Watts;</holder>
|
|
|
|
<holder>&Lauri.Watts;</holder>
|
|
|
|
</copyright>
|
|
|
|
</copyright>
|
|
|
|
|
|
|
|
|
|
|
|
<date>2003-03-01</date>
|
|
|
|
<copyright>
|
|
|
|
<releaseinfo>0.05.02</releaseinfo>
|
|
|
|
<year>&tde-copyright-date;</year>
|
|
|
|
|
|
|
|
<holder>The TDE Documentation Team</holder>
|
|
|
|
|
|
|
|
</copyright>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<date>&tde-release-date;</date>
|
|
|
|
|
|
|
|
<releaseinfo>&tde-release-version;</releaseinfo>
|
|
|
|
|
|
|
|
|
|
|
|
<abstract>
|
|
|
|
<abstract>
|
|
|
|
<para>This document describes &tdm; the &tde; Display Manager. &tdm;
|
|
|
|
<para>This document describes &tdm;, the &tde; Display Manager. &tdm;
|
|
|
|
is also known as the <quote>Login Manager</quote>.</para>
|
|
|
|
is also known as the <quote>Login Manager</quote>.</para>
|
|
|
|
</abstract>
|
|
|
|
</abstract>
|
|
|
|
|
|
|
|
|
|
|
|
<keywordset>
|
|
|
|
<keywordset>
|
|
|
|
<keyword>KDE</keyword>
|
|
|
|
<keyword>TDE</keyword>
|
|
|
|
<keyword>tdm</keyword>
|
|
|
|
<keyword>tdm</keyword>
|
|
|
|
<keyword>xdm</keyword>
|
|
|
|
<keyword>xdm</keyword>
|
|
|
|
<keyword>display manager</keyword>
|
|
|
|
<keyword>display manager</keyword>
|
|
|
|
@ -78,7 +83,7 @@ Display Manager, in a number of ways.</para>
|
|
|
|
</chapter>
|
|
|
|
</chapter>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Chapters to write -->
|
|
|
|
<!-- Chapters to write -->
|
|
|
|
<!-- * Just enough config to get it to run and login to KDE
|
|
|
|
<!-- * Just enough config to get it to run and login to TDE
|
|
|
|
* Adding more session types (GNOME, etc)
|
|
|
|
* Adding more session types (GNOME, etc)
|
|
|
|
* Adding other customizations to XSession (ssh/gpg-agent, etc)
|
|
|
|
* Adding other customizations to XSession (ssh/gpg-agent, etc)
|
|
|
|
* Further customization to TDM (via the kcontrol module, and by
|
|
|
|
* Further customization to TDM (via the kcontrol module, and by
|
|
|
|
@ -164,8 +169,15 @@ through the rest of this manual to find out how to do these things.</para>
|
|
|
|
<chapter id="login">
|
|
|
|
<chapter id="login">
|
|
|
|
<title>The Login Window</title>
|
|
|
|
<title>The Login Window</title>
|
|
|
|
|
|
|
|
|
|
|
|
<para> The user interface to &tdm; consists of two dialog boxes. The main
|
|
|
|
<para>The &tdm; interface consists of two dialog boxes: a login dialog
|
|
|
|
dialog box has these controls:</para>
|
|
|
|
and a shutdown dialog.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<note><para>The &tdm; interface might be protected by the Trinity Secure Access
|
|
|
|
|
|
|
|
Key (SAK) mechanism. When the SAK is enabled, users are prompted to press
|
|
|
|
|
|
|
|
<keycombo action="simul">&Ctrl; &Alt;<keycap>Delete</keycap></keycombo>
|
|
|
|
|
|
|
|
to obtain access to the &tdm; interface.</para></note>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<para>The main login dialog box has these controls:</para>
|
|
|
|
|
|
|
|
|
|
|
|
<itemizedlist>
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
|
|
<listitem>
|
|
|
|
@ -296,16 +308,16 @@ main &tdm; dialog box. </para>
|
|
|
|
<para>This chapter assumes that &tdm; is already up and running on your
|
|
|
|
<para>This chapter assumes that &tdm; is already up and running on your
|
|
|
|
system, and that you simply want to change its behavior in some way.</para>
|
|
|
|
system, and that you simply want to change its behavior in some way.</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>When &tdm; starts up, it reads its configuration from the folder
|
|
|
|
<para>Upon starting, &tdm; reads its configuration from the folder
|
|
|
|
<filename class="directory">$TDEDIR/share/config/tdm/</filename> (this may
|
|
|
|
<filename class="directory">$TDEDIR/share/config/tdm/</filename> (this may
|
|
|
|
be <filename class="directory">/etc/trinity/tdm/</filename> or something else
|
|
|
|
be <filename class="directory">/etc/trinity/tdm/</filename> or something else
|
|
|
|
on your system).</para>
|
|
|
|
on your system).</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>The main configuration file is &tdmrc;; all other files are
|
|
|
|
<para>The main configuration file is &tdmrc;; all other files are
|
|
|
|
referenced from there and could be stored under any name anywhere on
|
|
|
|
referenced from there and could be stored under any name anywhere on
|
|
|
|
the system - but usually that would not make much sense for obvious
|
|
|
|
the system. Usually that would not make much sense for obvious
|
|
|
|
reasons (one particular exception is referencing configuration files
|
|
|
|
reasons (one particular exception is referencing configuration files
|
|
|
|
of an already installed &xdm; - however when a new &tdm; is installed,
|
|
|
|
of an already installed &xdm;. However, when a new &tdm; is installed,
|
|
|
|
it will import settings from those files if it finds an already installed
|
|
|
|
it will import settings from those files if it finds an already installed
|
|
|
|
&xdm;).</para>
|
|
|
|
&xdm;).</para>
|
|
|
|
|
|
|
|
|
|
|
|
@ -313,26 +325,24 @@ it will import settings from those files if it finds an already installed
|
|
|
|
associated with any particular user. Therefore, it is not possible to have
|
|
|
|
associated with any particular user. Therefore, it is not possible to have
|
|
|
|
user-specific configuration files; all users share the common &tdmrc;. It
|
|
|
|
user-specific configuration files; all users share the common &tdmrc;. It
|
|
|
|
follows from this that the configuration of &tdm; can only be altered by
|
|
|
|
follows from this that the configuration of &tdm; can only be altered by
|
|
|
|
those users that have write access to
|
|
|
|
those users who have write access to
|
|
|
|
<filename>$<envar>TDEDIR</envar>/share/config/tdm/tdmrc</filename> (normally
|
|
|
|
<filename>$<envar>TDEDIR</envar>/share/config/tdm/tdmrc</filename> (normally
|
|
|
|
restricted to system administrators logged in as <systemitem
|
|
|
|
restricted to system administrators logged in as <systemitem
|
|
|
|
class="username">root</systemitem>).</para>
|
|
|
|
class="username">root</systemitem>).</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>You can view the &tdmrc; file currently in use on your system, and you
|
|
|
|
<para>You can view the &tdmrc; file currently in use on your system, and you
|
|
|
|
can configure &tdm; by editing this file. Alternatively, you can use the
|
|
|
|
can configure &tdm; by editing that file. Alternately, you can use the
|
|
|
|
graphical configuration tool provided by the &kcontrolcenter; (under
|
|
|
|
graphical configuration tool provided by the &kcontrolcenter; (under
|
|
|
|
<menuchoice><guisubmenu>System Administration</guisubmenu><guimenuitem>Login
|
|
|
|
<menuchoice><guisubmenu>System Administration</guisubmenu><guimenuitem>Login
|
|
|
|
Manager</guimenuitem></menuchoice>), which is described in <ulink
|
|
|
|
Manager</guimenuitem></menuchoice>), which is described in the next section.
|
|
|
|
url="help:/kcontrol/login-manager.html">the &kcontrolcenter; help files</ulink>.
|
|
|
|
|
|
|
|
</para>
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>The remainder of this chapter describes configuration of &tdm;
|
|
|
|
<para>The remainder of this chapter describes configuring &tdm;
|
|
|
|
via the &kcontrolcenter; module, and the <link linkend="tdm-files">next
|
|
|
|
using the &kcontrolcenter; module, and the <link linkend="tdm-files">next
|
|
|
|
chapter</link> describes the options available in &tdmrc; itself. If
|
|
|
|
chapter</link> describes the options available in &tdmrc; itself. If
|
|
|
|
you only need to configure for local users, the &kcontrolcenter; module
|
|
|
|
you only need to configure for local users, the &kcontrolcenter; module
|
|
|
|
should be sufficient for your needs. If you need to configure remote
|
|
|
|
should be sufficient for your needs. If you need to configure remote
|
|
|
|
logins, or have multiple &tdm; sessions running, you will need to read
|
|
|
|
logins, or have multiple &tdm; sessions running, you will need to continue reading.</para>
|
|
|
|
on.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<sect1 id="tdm-kcontrol-module">
|
|
|
|
<sect1 id="tdm-kcontrol-module">
|
|
|
|
<sect1info>
|
|
|
|
<sect1info>
|
|
|
|
@ -353,7 +363,8 @@ computer.</para>
|
|
|
|
<note><para>All settings will be written to the configuration file
|
|
|
|
<note><para>All settings will be written to the configuration file
|
|
|
|
&tdmrc;, which in its original state has many comments to help you
|
|
|
|
&tdmrc;, which in its original state has many comments to help you
|
|
|
|
configure &tdm;. Using this &kcontrolcenter; module will strip these
|
|
|
|
configure &tdm;. Using this &kcontrolcenter; module will strip these
|
|
|
|
comments from the file. All available options in &tdmrc; are covered
|
|
|
|
comments from the file. Consider making a backup of &tdmrc; before
|
|
|
|
|
|
|
|
making changes. All available options in &tdmrc; are covered
|
|
|
|
in <xref linkend="tdm-files"/>.</para>
|
|
|
|
in <xref linkend="tdm-files"/>.</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>The options listed in this chapter are cross referenced with
|
|
|
|
<para>The options listed in this chapter are cross referenced with
|
|
|
|
@ -376,7 +387,7 @@ linkend="tdmconfig-convenience"><guilabel>Convenience</guilabel></link>.</para>
|
|
|
|
the window.</para>
|
|
|
|
the window.</para>
|
|
|
|
|
|
|
|
|
|
|
|
<note><para>If you are not currently logged in as a superuser, you
|
|
|
|
<note><para>If you are not currently logged in as a superuser, you
|
|
|
|
will need to click the <guibutton>Administrator Mode...</guibutton>
|
|
|
|
will need to select the <guibutton>Administrator Mode...</guibutton>
|
|
|
|
Button. You will then be asked for a superuser password. Entering a
|
|
|
|
Button. You will then be asked for a superuser password. Entering a
|
|
|
|
correct password will allow you to modify the settings of this
|
|
|
|
correct password will allow you to modify the settings of this
|
|
|
|
module.</para></note>
|
|
|
|
module.</para></note>
|
|
|
|
@ -439,6 +450,49 @@ linkend="option-colorscheme"><option>ColorScheme</option></link> in
|
|
|
|
your login box, corresponding to setting <option>Language</option> in
|
|
|
|
your login box, corresponding to setting <option>Language</option> in
|
|
|
|
&tdmrc;.</para>
|
|
|
|
&tdmrc;.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<para>In this same section &tdm; can be configured to use a <guilabel>Secure
|
|
|
|
|
|
|
|
Attention Key</guilabel> (SAK). A Secure Attention Key is a special key press
|
|
|
|
|
|
|
|
to which only certain privileged applications are able to respond, such as the
|
|
|
|
|
|
|
|
login and screen unlock dialogs. This mechanism prevents a malevolent user
|
|
|
|
|
|
|
|
from creating an exact copy of the login screen to "sniff" or "phish" passwords
|
|
|
|
|
|
|
|
or other sensitive information. The unprivileged copy is unable to detect the
|
|
|
|
|
|
|
|
SAK key press, thereby providing a visible difference in operation to the
|
|
|
|
|
|
|
|
user.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<para>When the Trinity SAK is enabled, users are prompted to press
|
|
|
|
|
|
|
|
<keycombo action="simul">&Ctrl; &Alt;<keycap>Delete</keycap></keycombo>
|
|
|
|
|
|
|
|
before sensitive information is requested.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<screenshot>
|
|
|
|
|
|
|
|
<screeninfo>The Trinity Secure Attention Key dialog</screeninfo>
|
|
|
|
|
|
|
|
<mediaobject>
|
|
|
|
|
|
|
|
<imageobject>
|
|
|
|
|
|
|
|
<imagedata fileref="tsak.png" format="PNG"/>
|
|
|
|
|
|
|
|
</imageobject>
|
|
|
|
|
|
|
|
<textobject><phrase>The Trinity Secure Attention Key dialog</phrase>
|
|
|
|
|
|
|
|
</textobject>
|
|
|
|
|
|
|
|
</mediaobject>
|
|
|
|
|
|
|
|
</screenshot>
|
|
|
|
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<para>When SAK is enabled, and the
|
|
|
|
|
|
|
|
<keycombo action="simul">&Ctrl; &Alt;<keycap>Delete</keycap></keycombo>
|
|
|
|
|
|
|
|
dialog does not appear before sensitive information is requested, someone might
|
|
|
|
|
|
|
|
be attempting to "phish" for that information. A prudent course of action would
|
|
|
|
|
|
|
|
be to terminate the active X11 session via <keycombo action="simul">&Ctrl; &Alt;
|
|
|
|
|
|
|
|
<keycap>Backspace</keycap></keycombo> or any other distribution-specific key press
|
|
|
|
|
|
|
|
for this action, thereby restoring control to the kernel and base system.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<para>Generally, using the Trinity SAK is a good idea when supporting many
|
|
|
|
|
|
|
|
graphical login accounts on a machine. For example, in enterprise environments
|
|
|
|
|
|
|
|
or computer laboratories. When only one graphical login account is used, or
|
|
|
|
|
|
|
|
only a few accounts in a controlled environment, such as with a home computer,
|
|
|
|
|
|
|
|
Trinity SAK will not provide tangible benefits over the standard login
|
|
|
|
|
|
|
|
methods.</para>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<note><para>Trinity SAK requires evdev to be running and the Linux uinput kernel
|
|
|
|
|
|
|
|
module to be loaded.</para></note>
|
|
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
|
|
<sect2 id="tdmconfig-font">
|
|
|
|
<sect2 id="tdmconfig-font">
|
|
|
|
@ -844,11 +898,11 @@ appropriate runlevel for console mode on your system.</para>
|
|
|
|
<para>If your system uses Pluggable Authentication Modules
|
|
|
|
<para>If your system uses Pluggable Authentication Modules
|
|
|
|
(<abbrev>PAM</abbrev>), which is normal with recent &Linux; and &Solaris;
|
|
|
|
(<abbrev>PAM</abbrev>), which is normal with recent &Linux; and &Solaris;
|
|
|
|
systems, you should check that your <abbrev>PAM</abbrev> configuration permits
|
|
|
|
systems, you should check that your <abbrev>PAM</abbrev> configuration permits
|
|
|
|
login through the service named <literal>kde</literal>. If you previously used
|
|
|
|
login through the service named <literal>tde</literal>. If you previously used
|
|
|
|
&xdm; successfully, you should not need to make any
|
|
|
|
&xdm; successfully, you should not need to make any
|
|
|
|
changes to your <abbrev>PAM</abbrev> configuration in order to use
|
|
|
|
changes to your <abbrev>PAM</abbrev> configuration in order to use
|
|
|
|
&tdm;. <filename>/etc/pam.conf</filename> or
|
|
|
|
&tdm;. <filename>/etc/pam.conf</filename> or
|
|
|
|
<filename>/etc/pam.d/kde</filename>. Information on configuring
|
|
|
|
<filename>/etc/pam.d/tde</filename>. Information on configuring
|
|
|
|
<abbrev>PAM</abbrev> is beyond the scope of this handbook, but
|
|
|
|
<abbrev>PAM</abbrev> is beyond the scope of this handbook, but
|
|
|
|
<abbrev>PAM</abbrev> comes with comprehensive documentation (try looking in
|
|
|
|
<abbrev>PAM</abbrev> comes with comprehensive documentation (try looking in
|
|
|
|
<filename>/usr/share/doc/*pam*/html/</filename>).</para>
|
|
|
|
<filename>/usr/share/doc/*pam*/html/</filename>).</para>
|
|
|
|
@ -870,7 +924,7 @@ libraries.</para>
|
|
|
|
<para>For example:</para>
|
|
|
|
<para>For example:</para>
|
|
|
|
|
|
|
|
|
|
|
|
<screen><command>export
|
|
|
|
<screen><command>export
|
|
|
|
<option>TDEDIR=<replaceable>/opt/kde</replaceable></option></command>
|
|
|
|
<option>TDEDIR=<replaceable>/opt/tde</replaceable></option></command>
|
|
|
|
<command>export
|
|
|
|
<command>export
|
|
|
|
<option>QTDIR=<replaceable>/usr/lib/qt2</replaceable></option></command>
|
|
|
|
<option>QTDIR=<replaceable>/usr/lib/qt2</replaceable></option></command>
|
|
|
|
<command>export
|
|
|
|
<command>export
|
|
|
|
@ -892,7 +946,7 @@ replace &xdm; by &tdm;. Again, this is distribution-dependent.</para>
|
|
|
|
line:</para>
|
|
|
|
line:</para>
|
|
|
|
<screen>x:5:respawn:/usr/X11/bin/xdm -nodaemon</screen>
|
|
|
|
<screen>x:5:respawn:/usr/X11/bin/xdm -nodaemon</screen>
|
|
|
|
<para>and replace with:</para>
|
|
|
|
<para>and replace with:</para>
|
|
|
|
<screen>x:5:respawn:/opt/kde/bin/tdm</screen>
|
|
|
|
<screen>x:5:respawn:/opt/tde/bin/tdm</screen>
|
|
|
|
<para>This tells <command>init</command>(8) to respawn &tdm; when the
|
|
|
|
<para>This tells <command>init</command>(8) to respawn &tdm; when the
|
|
|
|
system is in run level 5. Note that &tdm; does not need the
|
|
|
|
system is in run level 5. Note that &tdm; does not need the
|
|
|
|
<option>-nodaemon</option> option.</para>
|
|
|
|
<option>-nodaemon</option> option.</para>
|
|
|
|
@ -1079,8 +1133,8 @@ addressing and security; the sockets all have the file name
|
|
|
|
<literal>rw-rw-rw-</literal> (0666). This is because some systems don't care
|
|
|
|
<literal>rw-rw-rw-</literal> (0666). This is because some systems don't care
|
|
|
|
for the file permission of the socket files.</para>
|
|
|
|
for the file permission of the socket files.</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>There are two types of sockets: the global one (dmctl) and the
|
|
|
|
<para>There are two types of sockets: the global one (tdmctl) and the
|
|
|
|
per-display ones (dmctl-<display>).</para>
|
|
|
|
per-display ones (tdmctl-<display>).</para>
|
|
|
|
|
|
|
|
|
|
|
|
<para>The global one's subdir is owned by root, the subdirs of the per-display
|
|
|
|
<para>The global one's subdir is owned by root, the subdirs of the per-display
|
|
|
|
ones' are owned by the user currently owning the session (root or the
|
|
|
|
ones' are owned by the user currently owning the session (root or the
|
|
|
|
|
Timothy Pearson
12 years ago
