Westward Ho                 
What on Earth is XDMCP
2006-06-20 14:08:53
back to category
  [P][L][E][C][T]
 

This article formed the basis of a 'What on Earth' feature i wrote for linux format and should hopefully help anyone with a basic linux knowledge be able to configure graphical remote access to their linux desktops whilst avoiding the most common pitfalls . I would recommend reading the whole thing before starting as it can be quite a destructive process if done wrong and it may not be what you expect .

What is XDMCP ?
XDMCP is how XDM servers talk to each other , XDM servers manage the X logins that most people use on their unix boxes to control them graphically . By default XDM is usually only configured to manage a single server providing a single local session on VT7 . XDM is capable of hosting several Xservers on a single machine , each running in different VT's . With XDMCP in broadcast mode XDM can find other Xservers on your network and allow you to login to them remotely .

What is XDM ?
When your Linux system has finished loading and presents you with a graphical login , that is XDM . XDM makes sure that an Xserver will always be running on a Linux box displaying either a login screen , a chooser or a logged in Xsession .

What is an Xserver ?
The Xserver is the hardware specific server that provides a generalised interface to your graphics hardware for X windows use . XDM starts your Xserver for you or you can start it directly from the command line by typing 'startx' . Before you try to do anything with XDMCP it is important to have a stable Xserver running . Most modern distros will set this up for you at the end of the setup process .

What can XDMCP do for me ?
XDMCP allows you to use your desktop environment from any another machine on the network even while another person is using it . The machine displaying the output doesn't need to do any of the hard work so can be very old and slow .

Who else uses XDMCP and what do they do with it ?
The Linux Terminal Server Project (LTSP) distro uses XDMCP to manage Xsessions , it goes slightly further by making the client fetch everything fro m the server at boot time . Whilst this usually means that the client machines will not be any use without the server it is possible to select LTSP from a boot menu or to continue into the clients own OS . Some internet cafes are starting to use XDMCP setups to provide the same locked down desktop to a whole group of machines with out having to apply updates to each desktop . XDMCP can easily provide a very cost effective hot-desking solution for Xwindows users and is often used by Stock market traders and Banks. XDMCP has long been a friend of developers who are writing cross platform graphical programs .

Which versions of X does XDMCP work with ?
XDMCP is part of the X standard and should work with anything that claims to be X11 compliant . This includes X.org , Xfree86 , Cygwin , Solaris , IRIX , OSX , AIX , CDE and just about any other unix variant with a graphical desktop . Some X implementations differ and you may experience a few unusual error messages but these shouldn't stop the system from working .

What sort of machines can display XDMCP sessions ?
This article was written on OpenOffice which is running in a remote Xsession displayed on a 150mhz PC laptop , 32MB RAM , 1MB video RAM , 800x600 16bit colour TFT and connected via an 802.11g wireless card to the XServer on my desktop . The laptop is so slow it takes about 10 minutes to boot and load XDM . It is too slow running its own Xsession to be usable but once logged to another machine via XDMCP the applications will run at almost the same speed as if they where run on the 1GHz desktop machine locally . The laptop runs Debian testing and can be used on its on in text mode but it is unusably slow running Xwindows from its own server .

What sort of machines can host XDMCP sessions ?
Any machine that runs X at a usable speed can share an Xsession to another machine via XDMCP . Connecting more clients will require more memory but remember that many applications use shared libraries and so will reuse any existing instantiations where permissions allow . To get the most out of shared libraries try to install dynamically linked applications and avoid the static versions . Given the low price of memory these days providing 128MB of system memory per expected user is a good idea.

Does any X Application work via XDMCP ?
There are many extensions to the X Protocol which allow for more specialist cases than the main specification would normaly accommodate . Some applications assume the display is connected directly to the machine running the process and so will try to write directly into video memory for maximum speed . This will of course not work if the display is on another machine but should fail without causing damage . Luckily most applications don't require these extensions unless they are doing very intensive graphics work . Think 3D games , movie players or high end 3D design programs . If you have gigabit ethernet and a fast server you might be able to stream video with XDMCP but there are more efficient solutions such as VideoLan which will not demand so much bandwidth .

What are the security implications of XDMCP and XDM sessions ?
XDMCP packets are not encrypted when they travel over the network so if you are using sensitive data you should consider taking other security measures or not using XDMCP at all . Most X applications do not take measures to encrypt or hide sensitive data in memory , if in doubt check the source code or ask the authors . Anyone with access to your network and the right knowledge could run a tool like ethereal which with the right pcap filters could log all XDMCP packets going through the network and retrieve passwords or documents with much greater ease than from an entirely local setup . SSH has often been used to secure insecure protocols by wrapping them in an encrypted tunnel , XDMCP however uses the both the TCP and UDP protocols but SSH cannot (AFAICT) tunnel UDP packets . IPSEC or VPN may be a better choice .

What hardware do i need ?
Anything from a single machine that can only just run X with a single screen to an several offices full of networked multiheaded workstations can make use of XDMCP . Having more machines will obviously make this more useful. On a standalone machine you can use Xnest or run another Xdisplay on the next available VT .

Whoa there ! Whats a VT ?
Linux systems usually provide several Virtual Terminals , you will see one of them displayed on the monitor connected to the server . You can switch between them by pressing Ctrl+Alt and the Function key with the same number , e.g. to display VT1 press Ctrl-Alt-F1 , VT7 press Ctrl-Alt_F7 . Xwindows will usually use VT7 but can be configured to run multiple servers which will display on other VT's . VT's are allocated on a first come first serve basis during the boot process with everything happening initially on VT1 . The first 6 VTs are usually text mode shell logins and because the Xserver will usually start last it gets VT7 . When an Xserver starts it will switch the display to show its Virtual Terminal so you can see it .

Why does my Screen go mad when I switch VT ?
VT switching on machines with unusual graphics chips , overlay devices (such as tv cards) or are not well documented by their manufacturer can cause their machines to lockup . To avoid this make sure you have saved any open files before testing this and make sure to tell anyone else who might be accessing the machine to do the same . For some chipsets disabling framebuffers , switching to a lower AGP mode or forcing X to ignore bad areas of video memory can fix the problems for others trying the latest driver might help .

What does Xnest do ?
Xnest wil allow you to run an Xsession inside a window of another Xsession , this can be useful not only for testing but also for remote logins where only ssh X forwarding is allowed by the router or firewall . This can be a usefull workaround if your machine doesn't like VT switching and is good way to test your XDMCP setup before you start blaming the network.

You keep talking about XDM but my system uses GDM or KDM , is that the same ?
Yes , GDM and KDM are different implementations of XDM , they both support XDMCP and are fully interoperable . They were written to allow specific extensions to XDM for Gnome and KDE respectively . XDM is a reference implementation which provides only the basic XDM features . GDM is considered the most fully featured and is able to start both KDE and Gnome sessions so I will focus on GDM as the display manager .

Ok , I like the sound of this , how do i enable XDMCP ?
Its simply a matter of uncommenting a few options in your gdm.conf or running 'gdmsetup' . I would recommend learning the configuration file syntax , if you break your X setup you will not be able to run the GUI based admin tools whereas you should still be able to ssh in and fix the problem. If you edit the files directly you will find the process of copying the setup to other machines and backing it up much easier as well as getting access to far more options.

So what is the syntax for gdm.conf ?
Its almost the same as windows ini files , see this sample : [section] option=value [other_section] option=value2 Section names should be unique in the file but options are specific to their section so the second occurance of 'option' will not override the first . There should be lots of useful comments in the original config file so i would recommend backing this up before you start. The comments can make it hard to read the file quickly so trimming them from your versions of the file might help you out .

Ok so what are the options i need in my gdm.conf ?
At the most basic level all you need is : [xdmcp] Enable=True

I don't believe its that easy there must be more to it than that ?
Yes there is , now you need to decide how you will arrange your system , you might want your machine to load the chooser by default if you have lots of headless machines , you might want to run extra servers to allow several conncurrent X sessions or you might just want to be able to access the chooser as an option from the main login screen .

How do display a chooser on a spare VT ?
To make more use of XDMCP you might want to run a chooser on a second Xserver , this would allow you to use your graphical desktop in a completely normal way but on pressing Ctrl+Alt+F8 you will be presented with a list of available X sessions , edit your /etc/X11/gdm/gdm.conf as follows : [server] 0=Standard 1=Chooser [server-Chooser] name=Chooser server command=/usr/X11R6/bin/X -audit 0 flexible=false chooser=true

How do i make my machine listen for XDMCP requests ?
edit your /etc/X11/xdm/xdm-config and uncomment the following line:
DisplayManager.requestPort: 0
then restart your gdm setup .

The command line scares me , is there an easier way to do this ?
You can use gdmsetup to teach you how to configure the file by comparing its output with a backup of the original file , try this : cd /etc/X11/gdm # move to the right director y cp gdm.conf gdm.conf.original # make a backup of the configuration file gdmsetup # run the graphical configuration program diff gdm.conf gdm.conf.original # show are differences The differences between the old and the new configurations will then be listed , lines starting with < are from the current file and lines begining with > are from the new file . The numbers refer to the line number where the difference occurred . gdmsetup is robust and reliable but if you break your X configuration you will not be able to use it so its worth learning how to do this by hand .

How do i restart GDM ?
Sending USR1 signal to gdm will make it re-read the config after all users log out . To do this run the following as root : kill -USR1`cat /var/run/gdm.pid` To restart the server immediately send a HUP instead of a USR1 e.g. 'kill -HUP `cat /var/run/gdm.pid`'

That still hasn't worked , is there anything else i can try ?
If you are not sure Whether your xdm is restarting switching runlevels to make it restart . Most distros run xdm in runlevel 5 , if this is the case for you then run the following as root : telinit 4 && telinit 5 This will switch to runlevel 4 and then back to runlevel 5 . This should only be done from a console as this will forceably logout all X users without allowing them time to save data .

What is a Chooser ?
The chooser is a graphical program that XDM uses to list the available hosts offering XDMCP sessions on the network . Any host within the current subnet that is configured to broadcast its existance will be listed , you can then double click it to load a session from it .

What is Broadcast mode ?
Broadcast if configured in the [chooser] section of gdm.conf , this mode allows query packets to be sent to every host in a subnet and is configured as follows: Broadcast=True Broadcast=192.168.1.0 Specifiying True will broadcast to the systems specified subnet but only systems configured to respond to broadcast packets will respond . XDMCP uses this method to find out what other servers are

What is Direct mode ?
Direct mode does not try to find hosts but will allow you to specify which one you wish to use as long as you know its IP Address or hostname . This is most commonly used by people who start X manually from the command line . To do this run startx --query server.to.connect.to

What is Indirect mode ?
Indirect mode is when you ask another machine to provide a chooser for you , this is usefull in larger networks with multiple servers . Having a single machine keeping track of which servers reduces the load on the network and it could also provide centralised font serving .

Why is it going so slowly ?
There are a number of factors that can slow down an XDMCP connection . These can be low bandwidth , bad routing , slow DNS resolution or a heavily loaded server . The throughput of the network will define how quick the Xsession feels so try to avoid busy networks or use QoS packet shaping . DNS resolution can often be sped up by implimenting a caching DNS server on your local network instead of using just your ISP's DNS servers . On a machine used exclusively as an XDMCP server a bit of 'renicing' to enforce higher priorities for key applications such as X and GDM may also help.

Why does the chooser say my remote host is busy when its not ?
XDMCP servers can sometimes take a while to reset after a failed connection , this should only last for a minute or two . You should still be able to connect but expect a few time-outs on busy networks

How does XDMCP work with multihead setups ?
There should be no difference between a multihead setup and a single headed setup as far as XDMCP is concered , a multihead setup will only run a single Xserver . If you log on with a multiheaded machine you will simply have a larger desktop .

Can i do multihead across machines with XDMCP ?
XDMX is an externsion which allows multiple XDMCP clients to appear as parts of the same XINERAMA screen . This will allow you to have two machines with side by side desktops where you can drag applications between them . XDMX will support huge grids of displays allowing you to turn a pile of old machines into a video wall or just freak out your collegues but also allowing the machines to be used seperately . At the time of writing XDMX is not fully integrated into XDMCP . To make XDMX work you will need to create a new Xsession file to start X through XDMX . see http://www.xfree86.org/snapshot/Xdmx.1.html

How does XDMCP work with XGL or AIXGL ?
Seemlessly in my experience , additionally xnest is handy for less destructive testing of XGL configurations without having to logout and in again. Remember that you won't be able to take advantage of another machines 3d acceleration for XGL but your local card will accelerate the display of remote apps on your screen , as long as they are well behaved.

Can i use XDMCP sessions from windows ?
Yes , there are several commercial Xwindows clients available . The Cygwin environment is a free unix like environment for windows which includes an Xserver with full XDMCP support .

Does XDMCP do a nice user list like WindowsXP ?
Yes , to enable it you will need to add the following to your /etc/X11/gdm/gdm.conf [greeter] Browser=True

How do i add my face picture to the user list ?
GDM will source the face images from a file called .face in each users home dir this can be configured by a program called 'gdmphotosetup'. Some GDM themes do not display the Face browser so test with a several themes .

How do exclude users from the user list ?
Users can be filtered with the Exclude statement in gdm.conf e.g. Exclude Root,Wheel,Mail,Apache or by UID where it is lower than specified in the MinimalUID statement e.g. MinimalUID 500

The standard greeter is really boring what can i do to make it more interesting ?
The standard greeter as as vanilla as it comes , this guarantees it will work on old machines that can't display enough colours for interesting pictures . To get a more interesting look try using the graphical greeter . To enable it user the following configuration options for gdm.conf : [greeter] GraphicalTheme=theme-name GraphicalThemeDir=/usr/share/gdm/themes/ You can put the system themes directory anywhere you like , but remember to sync the contents of the default dir to it so you can continue to use any distro supplied themes

Where can i get more themes for the graphical greeter ?
There are lots of sites where you can download GDM themes , two of the most popular are http://themes.freshmeat.net/browse/991/ and http://art.gnome.org/themes/gdm_greeter/ . Themes are distributed as tar.gz files which you simply copy to the dir you have setup as your 'GraphicalThemeDir' .

How do i make my own theme for the greeter ?
GDM Themes are easy to make , the easiest way to learn is to modify an existing theme to suit your tastes . The main configuration is done in an XML file and is very easy to understand . For a detailed tag reference see http://www.jirka.org/gdm-documentation/x1259.html . You don't need to log out to test your theme , simply run 'gdmthemetester mode theme' where mode is xdmcp , flexi , remote-flexi , console , console-themed and theme is the name of your theme .

What does those modes mean and why are they important ?
GDM allows its themes to recogonise different modes of operation and to adjust the availalable options accordingly , it is possible to configure gdm to allow reconfiguration by local users (but not by remote users) from its login screens . The recognised modes are :

XDMCP is the coolest thing , can i share it over my broadband connection or office lan ?
Danger Will Robinson ! Neither XDMCP nor X are secure protocols and shouldn't be sent over unsecured networks . But if really want to do this then backup everything first , test your backups and review your network security . Then open UDP port 177 and TCP port 6000 on your firewall and forward them to the ip of a designated XDMCP server , if you run a chooser on this server by default users will be able to access any machine running XDMCP . You should restrict this port forwarding to a particular IP address or range , allowing anyone to connect is asking for a DOS attack . Using IPSec will increase the security by making the packets harder to sniff but as with any public internet service the logs should be monitored and the packages kept up to date . VPN will certainly add enough security but don't expect a snappy desktop with out serious bandwidth.

Can i block certain IP's from connecting to my servers ?
Yes , if your GDM has TCP Wrappers compiled in , which most do , you can simply add lines to /etc/hosts.allow and /etc/hosts.deny as follows :
/etc/hosts.allow gdm: someone.good.com /etc/hosts.deny gdm: someone.nasty.com For more information on the TCP Wrappers syntax read 'man 5 hosts.allow' .

Why can't i hear any audio from my programs anymore ?
XDMCP and X do not have support for redirecting sound output so the sound is most likely being played out of the servers soundcard . If you want to play the sound locally you will need to stream it back to your machine with Artsd or esd .

Do i have to have a full X install on each system ?
Not necessarily , the easiest things to cut out are fonts. The X11 protocol allows the use of remote font servers for any Xsession , if you have multiple machines on your network you can save a lot of diskspace by configuring all the machines to use the same font server which could be your main XDMCP server or one of the faster machines with more storage space . Xsessions will not start if they can't find certain fonts so you might wish to keep a copy of your distros core X fonts package installed locally so that your local Xserver will still work if your network fails . Having a central font server can be useful even if you are not using XDMCP but have many machines on the same local network running X.


If you need any further clarification then please leave a comment or email me .

 
Add a comment

  
The following comments on this article where made by users of this site :
 
I appreciate you sharing this blog. Cool.
Thanks a lot for the article post. Cool.
by CanuOi
 
 
Interesting post
Hello, it really interesting, thanks
by assenceBeks
 
This site and contents are copyright Amias Channer , see also www.amias.net