dtlogin Command

Purpose

Performs a CDE login service.

Syntax

dtlogin [ -config configuration_file ] [ -daemon ] [ -debug debug_level ] [ -error error_log_file ] [ -nodaemon ] [ -resources resource_file ] [ -server server_entry ] [ -session session_program ] [ -udpPort port_number ]

Description

The dtlogin command supports the following key tasks:

Launching dtgreet login screen for explicitly managed local and remote displays and XDMCP-managed remote displays.
Accessing traditional terminal (character) login from GUI login screen
Authenticating and logging in system-dependent users
Launching the selected session

The dtlogin command provides services similar to those provided by init, getty, and login on character terminals, which include prompting for login and password, authenticating the user, and running a session. A session is defined by the lifetime of a particular process. In the traditional character-based terminal world, a session is the user's login shell process; in the DT context, it is the DT Session Manager. If the DT Session Manager is not used, the typical substitute is either a window manager with an exit option, or a terminal emulator running a shell, where the lifetime of the terminal emulator is the lifetime of the shell process that it is running. This reduces the X session to an emulation of the character-based terminal session. When the session is terminated, dtlogin resets the X server and (optionally) restarts the whole process.

The dtlogin command supports management of remote displays using the X Display Manager Control Protocol, Version 1.0. (XDMCP). When dtlogin receives an indirect query from XDMCP, it can run a chooser process to perform an XDMCP BroadcastQuery (or an XDMCP Query to specified hosts) on behalf of the display and offer a menu of possible hosts that offer XDMCP display management. This feature is useful with X terminals that do not offer a host menu.

Because dtlogin provides the first interface that users see, it is designed to be simple to use and easy to customize according to the needs of a particular site.

Login Window

The Login window allows users to enter a user ID and password, select a startup session, and select a startup locale. Users can also reset the X server or temporarily suspend the X server to access the character login prompt.

The contents of the Login window are as follows:

login field

Provides an entry field in which users enter their IDs.

password field

Provides an entry field in which users enter their passwords (no-echo).

OK button

Authenticates a user and launches a session.

Clear button

Clears login and password fields.

Options

Lets users select a locale name and login session type. It also lets users restart the X server or switch to a character login prompt (for local displays). The contents of the Options menu are as follows:

Languages

Displays the Languages menu. Selecting the language from the login screen Options menu immediately localizes the login screen and sets the LANG variable for the next session. Login screen localization and LANG return to the default value upon conclusion of the session. The contents of this menu can vary depending upon the locales installed on the system. They can be overridden by using the languageList resource. The default locale of C can be overridden using the language resource. The system or languageList locales specified are displayed as menu items in the Languages menu. Alternate text to be displayed can be specified for a given locale name by using the languageName resource.

No-windows

Displays character login prompt (local displays only).

Reload Login

Restarts the X Server and returns to login screen.

Resources

Lists resources to be used.

Sessions

Displays Sessions menu. Allows users to select which session type should be started upon login. Menu items include the following:

DT Session: Starts a regular desktop session (Xsession).
Fail-safe Session: Starts a fail-safe session (Xfailsafe).

Help

Displays help messages.

Controlling the Server

The dtlogin command controls local servers using POSIX signals. The SIGHUP signal is expected to reset the server, closing all client connections and performing other clean up duties. The SIGTERM signal is expected to terminate the server. If these signals do not perform the expected actions, the resetSignal and termSignal resources can specify alternate signals.

To control remote servers that are not using XDMCP, dtlogin searches the window hierarchy on the display and uses the KillClient X protocol request in an attempt to clean up the terminal for the next session. This might not actually kill all of the clients, because only those that have created windows are noticed. XDMCP provides a more sure mechanism; when dtlogin closes its initial connection, the session is over and the terminal is required to close all other connections.

Controlling dtlogin

The dtlogin command responds to two signals: SIGHUP and SIGTERM. When it is sent a SIGHUP, dtlogin rereads the configuration file and the file specified by the servers resource, and determines whether entries have been added or removed. If a new entry has been added, dtlogin starts a session on the associated display. Entries that have been removed are disabled immediately, meaning that any session in progress is terminated without notice, and no new session is started. When sent a SIGTERM, dtlogin terminates all sessions in progress and exits. This can be used when shutting down the system.

Internationalization

All labels and messages are localizable. The dtlogin.cat message catalog contains the localized representations of the default labels and messages. The dtlogin command reads the appropriate message catalog indicated by the LANG environment variable and displays the localized strings. An option on the authentication screen allows the user to override the default language for the subsequent session. If the authentication screen has been localized for the selected language, the screen is redisplayed in that language; otherwise, it is displayed in the default language. In either case, the LANG environment variable is set appropriately for the resulting session.

The resource language is available in the dtlogin configuration file to change the default language for a display. The languageList resource is available in the dtlogin configuration file to override the default set of languages displayed on the authentication screen. The languageName resource is available to provide a mapping from locale names to the text displayed on the Language menu.

Authentication and Auditing

The dtlogin command is a login service enabled by PAM with service name dtlogin. The dtlogin client supports PAM authentication in addition to traditional local UNIX login and auditing. Additional authentication or auditing functions, such as Kerberos or B1 can be added by individual vendors.

To use PAM for system-wide authentication, establish root user permissions and modify the value of the auth_type attribute in the usw stanza of the /etc/security/login.cfg file to PAM_AUTH.

The authentication mechanisms used when PAM is enabled depend on the configuration for the login service in /etc/pam.conf. The dtlogin command requires an /etc/pam.conf entry for the auth, account, password, and session module types. The following configuration is recommended in /etc/pam.conf for the dtlogin service:

  dtlogin        auth               required       /usr/lib/security/pam_aix
  dtlogin        account            required       /usr/lib/security/pam_aix
  dtlogin        password           required       /usr/lib/security/pam_aix
  dtlogin        session            required       /usr/lib/security/pam_aix

X Server Security

The X server provides both user-based and host-based access control. By default, dtlogin uses user-based access control to the X server (MIT-MAGIC-COOKIE-1). This level of security allows access control on a per-user basis. It is based on a scheme where if a client passes authorization data that matches what the server has, the client is allowed access. When a user logs in, this authorization data is by default stored and protected in the $HOME/.Xauthority file.

However, using host-based access control mechanisms might be preferable in environments with unsecure networks, because user-based access control allows any host to connect if the host has discovered the private key. Another drawback to user-based access control is that R2 or R3 clients are unable to connect to the server.

The authorize resource controls whether user-based or host-based access control is used by dtlogin. See the xhost, and xauth commands for more information.

Resources

The dtlogin command is controlled by the contents of the dtlogin configuration file, which defaults to /usr/dt/config/Xconfig. Some resources control the behavior of dtlogin in general, and others can be specified for a particular display.

General Resources

The following dtlogin general resources are not display-specific and apply to all displays where appropriate.

Item	Description
accessFile	Class: AccessFile ClassType: String Default: Null Description: To prevent unauthorized XDMCP service and to allow forwarding of XDMCP IndirectQuery requests, this file contains a database of host names that are either allowed direct access to this machine or have a list of hosts to which queries should be forwarded to. Refer to the Xaccess file section for a description of the format. If this resource is not set, all hosts will be allowed XDMCP service.
authDir	Class: AuthDir ClassType: String Default: /var/dt Description: The directory name that dtlogin uses to temporarily store authorization files for displays using XDMCP.
autoRescan	Class: AutoRescan ClassType: Boolean Default: True Description: Controls whether dtlogin rescans the configuration file and server file after a session terminates and the files have changed. You can force dtlogin to reread these files by sending a SIGHUP signal to the main process.
daemonMode	Class: DaemonMode ClassType: Boolean Default: False Description: The dtlogin command can make itself into an unassociated daemon process. This is accomplished by forking and leaving the parent process to exit, then closing file descriptors and releasing the controlling terminal. This is inconvenient when attempting to debug dtlogin. Setting this resource to False disables daemonMode.
debugLevel	Class: DebugLevel ClassType: Int Default: 0 Description: A nonzero value specified for this integer resource enables debugging information to be printed. It also disables daemon mode, which redirects the information into the normally unuseful bit-bucket.
errorLogFile	Class: ErrorLogFile ClassType: String Default: NULL Description: Error output is normally directed at the system console. To redirect it, set this resource to any file name. This file contains any output directed to stderr by Xsetup, Xstartup, and Xreset.
errorLogSize	Class: errorLogSize ClassType: Int Default: 50 Description: This resource specifies the maximum size of the error log file in kilobytes. When the limit is reached, dtlogin deletes the oldest entries in the file until the file size is reduced to 75 percent of the maximum. After the file is truncated, any user who is accessing the error log file (for example, using cat or tail) will need to close the file and reopen it for access in order to see subsequent information that is logged to the file.
exportList	Class: ExportList ClassType: String Default: NULL Description: Contain a set of variable names separated by a space or tab. Each variable named is obtained from the dtlogin environment and loaded into the environment of the server and session. See the Environment section for details.
fontPathHead	Class: FontPathHead ClassType: String Default: NULL Description: Value that is prepended to the default X server font path.
fontPathTail	Class: fontPathTail ClassType: String Default: NULL Description: Value that is appended to the default X server font path.
keyFile	Class: KeyFile ClassType: String Default: /usr/dt/config/Xkeys Description: XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between dtlogin and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, dtlogin does not include support for XDM-AUTHENTICATION-1 because it requires DES, which is not generally distributable.
lockPidFile	Class: LockPidFile ClassType: Boolean Default: True Description: Controls whether dtlogin uses file locking to prevent multiple instances of dtlogin from executing concurrently.
networkDevice	Class: NetworkDevice ClassType: String Default: /dev/dtremote Description: For remote connections, the value for `line` in /etc/utmp must also exist as a device in the /dev directory for commands such as finger to operate properly. This resource specifies the path name of the /dev file dtlogin creates when a remote display connects. For most platforms, the file is created as a symbolic link to /dev/null. The specified value must start with `/dev/`, or else the value is discarded and no file is created.
pidFile	Class: PidFile ClassType: STring Default: NULL Description: The filename specified is created to contain an ASCII representation of the process-ID of the main dtlogin process. This can be used when sending signals to dtlogin. The dtlogin client also uses file locking to attempt to prevent more than one dtlogin from running on the same machine. See the lockPidFile resource for more information.
removeDomainname	Class: RemoveDomainname ClassType: Boolean Default: True Description: When computing the display name for XDMCP clients, dtlogin typically creates a fully qualified host name for the terminal. Because this is sometimes confusing, dtlogin removes the domain name portion of the host name if it is the same as the domain name for the local host when this variable is set.
requestPort	Class: RequestPort ClassType: int Default: 177 Description: Indicates the UDP port number that dtlogin uses to listen for incoming XDMCP requests. Unless the system needs to be debugged the system, the default value for this resource should remain.
servers	Class: Servers ClassType: String Default: :0 Local local /system_dependent_path/X :0 Description: Either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. Each entry indicates a display that should be managed constantly and that is not using XDMCP. The general syntax for each entry is as follows: `DisplayName DisplayClass DisplayType[@ite] [Command [options]]` where: DisplayName A value that can be passed in the -display option to any X program. This string is used in the display-specific resources to specify the particular display, so caution must be taken to match the names. For example, use `:0 local /usr/bin/X11/X :0` instead of `localhost:0 local /usr/bin/X11/X :0` if your other resources are specified as `Dtlogin._0.session`). A asterisk (*) in this field expands to `hostname:0` by dtlogin. DisplayClass The display class portion is also used in the display-specific resources as the class portion of the resource. This is useful if you have a large collection of similar displays (a group of X terminals, for example) and want to set resources for groups of them. When using XDMCP, the display is required to specify the display class. Refer to your X terminal documentation for information on a reasonably standard display class string for your device. DisplayType If specified as `local`, indicates that an X server should be started for this entry. A value of `remote` indicates that an existing X server should be attached. @ite On local bitmaps, the user can choose a Command Line Login option using the login screen, which temporarily suspends the X-server and presents the traditional character `login:` prompt. The user can then log in and perform non-X related tasks. When the user finishes and logs out, the X-server is restarted, and the login screen is redisplayed. In order to support Command Line Login mode, the display must have an associated Internal Terminal Emulator (ITE) device. By default, dtlogin associates the ITE device "console" (/dev/console) with display `:0`. If your configuration does not match this default, specify `@device` for any displays with an associated ITE, and specify `@none` for all other displays listed in the servers file. Command [options] The string that starts the X server. The dtlogin client will always connect to the X server using the DisplayName specified, so you might need to specify an explicit connection number as an option to your X server (`:0` in the preceding example).
sysParmsFile	Class: SysParmsFile ClassType: String Default: /system_dependent_path Description: Specifies a file containing shell commands, one of which sets the time zone environment variable (TZ) for the system. If the time zone is set using the shell syntax `TZ=`, dtlogin can use this information to set the time zone for the user session.
timeZone	Class: TimeZone ClassType: String Default: NULL Description: Specifies the local time zone for dtlogin. It is loaded into the environment of dtlogin as the value of the TZ variable and inherited by all subsequent sessions. Some systems maintain a configuration file that contains the time zone setting (for example, /etc/src.sh). See also the sysParmsFile resource.
wakeupInterval	Class: WakeupInterval ClassType: Int Default: 10 Description: If the user selects Command Line Login mode from the login screen, dtlogin terminates the X-server and allows the traditional character-based login prompt `login:` to become visible. If the user does not log in within 2 times the wakeupInterval seconds, the X-server is restarted. After the user has logged in, dtlogin checks every wakeupInterval seconds to see if the user has logged out. If so, the X-server is restarted and the login screen is redisplayed.

Display Resources

The dtlogin command display resources can be specified for all displays or for a particular display. To specify a particular display, the display name is inserted into the resource name between Dtlogin and the final resource name segment. For example, Dtlogin.expo_0.startup is the name of the resource defining the startup shell file on the expo:0 display. The resource manager separates the name of the resource from its value with colons, and separates resource name parts with dots, so dtlogin uses underscores (_) for the dots (.) and colons (:) when generating the resource name.

Resources can also be specified for a class of displays by inserting the class name instead of a display name. A display that is not managed by XDMCP can have its class affiliation specified in the file referenced by the servers resource. A display using XDMCP supplies its class affiliation as part of the XDMCP packet.

The following dtlogin general resources are not display-specific and apply to all displays where appropriate.

Item	Description
authorize	ClassClass: Authorize Type: Boolean Default: False Description: Authorize is a Boolean resource that controls whether dtlogin generates and uses authorization for the server connections. Refer also to the authName resource.
authName	ClassClass: AuthName Type: String Default: MIT-MAGIC-COOKIE-1 Description: If the authorize resource is used, authName specifies the type of authorization to be used. Currently, dtlogin supports only MIT-MAGIC-COOKIE-1 authorization. XDM-AUTHORIZATION-1 could be supported, but DES is not generally distributable. XDMCP connections state which authorization types are supported dynamically, so authName is ignored in this case. Refer also to the authorize resource.)
authFile	ClassClass: AuthFile Type: String Default: NULL Description: Communicates the authorization data from dtlogin to the server, using the -auth server command line option. Keep this resource in a write-protected directory to prevent its erasure, which would disable the authorization mechanism in the server. If NULL, dtlogin generates a file name.
chooser	ClassClass: Chooser Type: Default: Description: Specifies the program run to offer a host menu for indirect queries redirected to the special host name `CHOOSER`. The default is /usr/dt/bin/dtchooser. See the Xaccess file section.
cpp	ClassClass: Cpp Type: String Default: system dep. Description: Specifies the path of the C preprocessor that is used by xrdb.
environment	ClassClass: Environment Type: String Default: system dep. Description: Contains a set of name=value pairs separated by a space or tab. Each item is loaded into the environment of the server and session. See the Environment section for more information.
failsafeClient	ClassClass: FailsafeClient Type: String Default: /system_dep./xterm Description: If the default session fails to execute, dtlogin falls back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had.
grabServer	ClassClass: GrabServer Type: Boolean Default: True Description: To improve security, dtlogin grabs the server and keyboard while reading the name and password. The grabServer resource specifies if the server should be held while the name and password is read. When FALSE, the server is ungrabbed after the keyboard grab succeeds; otherwise, the server is grabbed until just before the session begins.
grabTimeout	ClassClass: GrabTimeout Type: Int Default: 3 seconds Description: Specifies the maximum time dtlogin will wait for the grab to succeed. The grab can fail if another client has the server grabbed, or possibly if the network latencies are very high. The grabTimeout resource has a default of 3 seconds; use this resource with care, because a user can be deceived by a look-alike window on the display. If the grab fails, dtlogin kills and restarts the server (if possible) and session. Some X-terminals cannot display their login screens while the server is grabbed. Setting grabServer to FALSE allows the screen to be displayed but opens the possibility that a user's login name can be stolen by copying the contents of the login screen. Because the keyboard is still grabbed and the password is not echoed, the password cannot be stolen.
language	ClassClass: Language Type: String Default: system dep. Description: Specifies the default setting for the LANG environment variable. If the dtlogin screen is localized for that language, it is displayed appropriately; otherwise, it is displayed in the C language The user can temporarily override this setting using an option on the login screen. When the subsequent session terminates, the LANG variable reverts to this setting.
languageList	ClassClass: LanguageList Type: String Default: NULL Description: Allows the user to override the default set of languages displayed in the Language menu of the login screen. It is useful if the set of languages actually used on a particular display is smaller than the set installed on the system. The resource value is a list of valid values for the LANG environment variable. Language values should be separated by one or more spaces or tabs.
languageName	ClassClass: LanguageName Type: String Default: NULL Description: Allows the user to override the default locale name displayed in the Language menu of the login screen with alternate text. This way, instead of users seeing a `En_US` item, they could see an `English (United States)` item instead. This resource is specified as Dtlogin local_name. languageName: text as follows: `DtloginEn_US.languageName: English (United States) Dtlogin*Fr_CA.languageName: French (Canadian)`
openDelay	ClassClass: OpenDelay Type: Int Default: 5 seconds Description: Specifies the duration (in seconds) between successive attempts to open reluctant servers.
openRepeat	ClassClass: OpenRepeat Type: Int Default: 5 seconds Description: Specifies the number of successive attempts to open reluctant servers.
openTimeout	ClassClass: OpenTimeout Type: Int Default: 30 seconds Description: Specifies the amount of time to wait while actually attempting to open reluctant servers. This time is the same as the maximum time spent in the connect system call.
pingInterval	ClassClass: PingInterval Type: Int Default: 5 minutes Description: To discover when remote displays disappear, dtlogin occasionally pings them, using an X connection and sending XSync requests. The pingInterval resource specifies the time (in minutes) between successive ping attempts.
pingTimeout	ClassClass: PingTimeout Type: int Default: 5 minutes Description: Specifies the maximum wait time (in minutes) for the terminal to respond to the request. If the terminal does not respond, the session is terminated. The dtlogin client does not ping local displays. A local session should never be terminated as a result of the server waiting (for remote file system service, for example) and not responding to the ping.
reset	ClassClass: Reset Type: String Default: NULL Description: specifies a program that is run (as root) after the session terminates. If this resource is not set, no program is run. The conventional name is Xreset. See the Xreset File.
resetForAuth	ClassClass: ResetForAuth Type: Boolean Default: False Description: During the original implementation of authorization in the sample server, the authorization file was reread at server reset time instead of when checking the initial connection. Because dtlogin generates the authorization information just before connecting to the display, an old server does not get current authorization information. This resource causes dtlogin to send SIGHUP to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information is read.
resetSignal	ClassClass: Signal Type: Int Default: 1 SIGHUP Description: Specifies the signal dtlogin sends to reset the server.
resources	ClassClass: Resource Type: String Default: NULL Description: Specifies the name of the file to be loaded by xrdb as the resource database onto the root window of screen 0 of the display. This resource database is loaded just before the authentication procedure is started, so it can control the appearance of the login window. See the section on the authentication screen, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but the conventional name is Xresources.
session	ClassClass: Session Type: String Default: /usr/dt/bin/Xsession Description: Specifies the session to be executed for the authenticated user. By default, the /usr/dt/bin/Xsession file is run. The conventional name is Xsession. Refer to the Xsession file.
setup	ClassClass: Setup Type: String Default: NULL Description: Specifies a program that is run (as root) prior to the display of the authentication screen. By default, no program is run. The conventional name is Xsetup. Refer to the Xsetup file.
startAttempts	ClassClass: StartAttempts Type: Int Default: 4 Description: Four numeric resources control the behavior of dtlogin when attempting to open reluctant servers: openDelay, openRepeat, openTimeout, and startAttempts. This resource specifies the number of times the entire process occurs before giving up on the server. After openRepeat attempts have been made, or if openTimeout seconds elapse in any particular attempt, dtlogin terminates and restarts the server, attempting to connect again. This process is repeated startAttempts time, at which point the display is declared dead and disabled.
startup	ClassClass: Startup Type: String Default: NULL Description: Specifies a program that is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is Xstartup. See the Xstartup file section.
systemPath	ClassClass: SystemPath Type: String Default: system_dep._path Description: The dtlogin client sets the PATH environment variable for the startup and reset scripts to the value of this resource. Note the conspicuous absence of "." from this entry. This is a good practice to follow for root because it avoids many system penetration schemes.
systemShell	ClassClass: SystemShell Type: String Default: /bin/sh Description: The dtlogin client sets the SHELL environment variable for the startup and reset scripts to the value of this resource.
terminateServer	ClassClass: TerminateServer Type: Boolean Default: False Description: Specifies whether the X server should be terminated when a session ends (instead of resetting it). This option can be used if the server tends to grow indefinitely over time in order to limit the amount of time the server is run continuously.
termSignal	ClassClass: Signal Type: Int Default: 15 (SIGTERM) Description: Specifies the signal dtlogin sends to terminate the server.
userAuthDir	ClassClass: UserAuthDir Type: String Default: /var/dt Description: When dtlogin cannot write to the usual user authorization file ($HOME/.Xauthority), it creates a unique file name in this directory and points the environment variable XAUTHORITY at the created file.
userPath	ClassClass: UserPath Type: String Default: system_dep._path Description: The dtlogin client sets the PATH environment variable for the session to this value. It should be a colon-separated list of directories.
xdmMode	ClassClass: XdmMode Type: Boolean Default: False Description: If True, the $HOME/.xsession file will be executed from Xsession upon user authentication, rather than from dtsession.
xrdb	ClassClass: Xrdb Type: String Default: /system_dep./xrdb Description: Specifies the program used to load the resources. The authentication screen reads a name-password pair from the keyboard. Because this is a Motif toolkit client, colors, fonts and some layout options can be controlled with resources. General resources for this screen should be put into the file named by the resources resource (Xresources is the default). Specify language-specific values, such as text or fonts, in the Dtlogin app-defaults file.

Logo Resources

The default logo on the authentication screen can be replaced with a bitmap or pixmap of the user's choice. The resources should be prefaced with the string Dtlogin*logo* when specified.

Item	Description
bitmapFile	ClassClass: BitmapFile Type: String Default: NULL Description: Specifies the absolute path name to the bitmap or pixmap file to be used for the logo.
background	ClassClass: Background Type: Pixel Default: #a8a8a8 Description: Specifies the background color for the logo.
topShadowPixmap	ClassClass: topShadowPixmap Type: String Default: 25_foreground Description: Specifies the pixmap to use for the logo border shadow.

The following resources describe the greeting string used on the login screen. The resources should be prefaced with the string Dtlogin*greeting* when specified.

Item	Description
foreground	ClassClass: Foreground Type: Pixel Default: black Description: Specifies the foreground color for the welcome message.
background	ClassClass: Background Type: Pixel Default: dynamic Description: Specifies the background color for the welcome message. The default is light gray for color systems or white for monochrome systems.
fontlist	ClassClass: FontList Type: FontList Default: --schoolbook-medium-i-normal--18-* Description: Specifies the font to use for the welcome message.
labelString	ClassClass: LabelString Type: String Default: Welcome to %LocalHost% Description: Specifies the string to use for the welcome message. Multiple lines can be specified by including newline characters `(0` in the text. If the token `%LocalHost%` is included in the text, it will be replaced with the name of the host providing login service. If the token `%DisplayName%` is included in the text, it will be replaced with the display name.
perLabelString	ClassClass: LabelString Type: String Default: Welcome %s Description: Specifies the string to use for the personalized welcome message. This is the message displayed after the user name has been entered. The `%`s will be replaced with the user name entered.
alignment	ClassClass: Alignment Type: String Default: ALIGNMENT_CENTER Description: Specifies the string to use for the alignment of the Welcome message. Valid values are ALIGNMENT_BEGINNING, ALIGNMENT_CENTER and ALIGNMENT_END.

Matte Resources

The following resources describe the matte layout used on the login screen. The resources should be prefaced with the Dtlogin*matte. string when specified.

Item	Description
width	ClassClass: Width Type: Int Default: 806 for high-resolution displays 755 for medium-resolution displays 585 for low-resolution displays Description: Specifies the width to use for the login_matte.
height	ClassClass: Height Type: Int Default: 412 for high-resolution displays 385 for medium-resolution displays 300 for low-resolution displays Description: Specifies the height to use for the login_matte.

Label Resources

The following resources describe the fonts layout used on the login screen. The resources should be prefaced with the string Dtlogin*. when specified.

Item	Description
labelFont	ClassClass: LabelFont Type: String Default: --swiss 742-medium-r-normal--140--p-110- for high-resolution displays --swiss 742-bold-r-normal--140--p-100- for low-resolution displays Description: Specifies the labelFont to use for the push buttons and labels.
textFont	ClassClass: TextFont Type: String Default: --prestige-medium-r-normal--128-72-* for high-resolution displays --helvetica-bold-r-normal--100-* for low-resolution displays Description: Specifies the textFont to use for the push buttons and labels.

Flags

All flags, except -config, specify values that can also be specified in the configuration file as resources. Typically, customization is done using the configuration file rather than command line options. These flags are most useful for debugging and one-shot tests.

Item	Description
-config configuration_file	Specifies a resource file that specifies the remaining configuration parameters. This replaces the dtlogin default Xconfig file. See the Xconfig file section for more information.
-daemon	Specifies `true` as the value for the daemonMode resource. This makes dtlogin close all file descriptors, disassociate the controlling terminal, and put itself in the background when it first starts up (just like the host of other daemons).
-debug debug_level	Specifies the numeric value for the debug_level resource. A nonzero value causes dtlogin to print debugging statements to the terminal; it also disables the daemonMode resource, forcing dtlogin to run synchronously.
-error error_log_file	Specifies the value for the error_log_file resource. See the Xerrors file section for more information.
-nodaemon	Specifies `false` as the value for the resources.
-resources resource_file	Specifies the value for the resource_file resource. See the the Xresources file section for more information.
-server server_entry	Specifies the value for the server_entry resource. See the the Xservers file section for more information.
-udpPort port_number	Specifies the value for the requestPort resource. This sets the port number that dtlogin monitors for XDMCP requests. Because XDMCP uses the well-known registered udp port 177, avoid changing this resource except for debugging.
-session session_program	Specifies the value for the session_program resource. See the Xconfig file section for more information.

Environment Variables

The dtlogin command invokes the user's session with the following default environment:

Item	Description
DISPLAY	Set to the associated display name.
EDITOR	Set to /usr/dt/bin/dtpad.
HOME	Set to the home directory of the user.
KBD_LANG	Set to the value of LANG for applicable languages.
LANG	Set to the current NLS language (if any).
LC_ALL	Set to the current NLS language (if any).
LC_MESSAGES	Set to the current NLS language (if any).
LOGNAME	Set to the user name.
MAIL	Set to /usr/mail/$USER (system dependent).
PATH	Set to the value of the userPath resource.
USER	Set to the user name.
SHELL	Set to the user's default shell (from /etc/passwd).
TERM	Set to dtterm.
TZ	Set to the value of the timeZone resource or system default.
XAUTHORITY	Set to authority file.

Adding to the Environment List

Four methods are available to modify or add to the preceding list depending on the desired scope of the resulting environment variable:

The exportList resource is available to allow the export of variables provided to the dtlogin process by its parent. Variables specified by this method are available to both the display's X server process and the user's session, and they override any default settings. The resource accepts a string of name=value separated by at least one space or tab.
The environment resource is available in the dtlogin configuration file to allow setting of environment variables on a global or per-display basis. Variables specified by this method are available to both the display's X server process and the user's session, and they override any default settings. The resource accepts a string of name=value separated by at least one space or tab. The values specified must be constants because no shell is used to parse the string. For example:
```
Dtlogin*environment:MAIL_HOST=blanco MAIL_SERVER=pablo
```
Note: The LANG and TZ environment variables have their own dedicated resources in the configuration file and should not be set by the environment.
Environment variables that require processing by a shell or are dependent on the value of another environment variable can be specified in the startup script Xsession. These variables are loaded into the environment of all users on the display, but not to the X server process. They override any previous settings of the same variable. The Xsession script accepts ksh syntax for setting environment variables. For example:
```
MAIL=/usr/mail/$USER
```
Personal environment variables can be set on a per-user basis in the $HOME/.dtprofile script file. The dtlogin command accepts either sh, ksh, or csh syntax for the commands in this file. The commands should only be those that set environment variables, not any that perform terminal I/O, with the exception of tset or stty. If the first line of .dtprofile is #!/bin/sh, #!/bin/ksh or #!/bin/csh, dtlogin uses the appropriate shell to parse .dtprofile. Otherwise, the user's default shell ($SHELL) is used.

Exit Status

The following exit values are returned:

Item	Description
0	Successful completion.
>0	An error occurred.

Examples

To start the CDE login service as a daemon, enter:
```
/usr/dt/bin/dtlogin -daemon
```
To start the CDE login service in debug mode, enter:
```
/usr/dt/bin/dtlogin -debug 1
```

Location

/usr/dt/bin/dtlogin

Standard Errors

The dtlogin command returns the following error messages:

Login incorrect; please try again.
Unable to change to home directory.
Sorry. Maximum number of users already logged in.
Login error, invalid user ID.
Login error, invalid group ID.
Login error, invalid audit ID.
Login error, invalid audit flag.
Logins are currently disabled.
Your current password has expired.

Files

The dtlogin command is designed to operate in a wide variety of environments and provides a suite of configuration files that can be changed to suit a particular system. The default dtlogin configuration files can be found in /usr/dt/config with the exception of Xsession, which is stored in /usr/dt/bin. They are as follows:

Item	Description
/usr/dt/config/Xconfig	Specifies other dtlogin configuration files and dtlogin behavior.
/usr/dt/config/Xaccess	Controls access from displays requesting XDMCP service.
/usr/dt/config/Xservers	Contains the list of displays for dtlogin to explicitly manage.
/usr/dt/config/Xresources	Contains resource definitions specifying the appearance of the login screen.
/usr/dt/config/Xsetup	A script executed as root prior to display of the login screen.
/usr/dt/config/Xstartup	A script executed as root after the user has successfully authenticated.
/usr/dt/bin/Xsession	A script executed as the authenticated user that starts the user's session.
/usr/dt/config/Xfailsafe	A script executed as the authenticated user that starts a fail-safe session.
/usr/dt/config/Xreset	A script executed as root after the user's session has exited.

The Xconfig File

The Xconfig file contains the general resources for dtlogin and is at the top of the dtlogin configuration file tree. Xconfig specifies the location of other dtlogin configuration and log files and specifies dtlogin behavior. The location of other dtlogin configuration and log files are specified by resource definitions. The defaults are as follows:

Dtlogin.errorLogFile: /var/dt/Xerrors
Dtlogin.pidFile: /var/dt/Xpid
Dtlogin.accessFile: Xaccess
Dtlogin.servers: Xservers
Dtlogin*resources: %L/Xresources
Dtlogin*setup: Xsetup
Dtlogin*startup: Xstartup
Dtlogin*reset: Xreset
Dtlogin*failsafeClient: Xfailsafe
Dtlogin*session: /usr/dt/bin/Xsession

If the path specified for accessFile, servers, resources, setup, startup, reset, failsafeClient, or session is relative, dtlogin will first look for the file in directory /etc/dt/config, then /usr/dt/config.

Note: Some of the resources are specified with * separating the components. These resources can be made unique for each different display, by replacing the * with the display-name. Refer to Display Resources for more information.

The default Xconfig file is /usr/dt/config/Xconfig. A system administrator can customize Xconfig by copying /usr/dt/config/Xconfig to /etc/dt/config/Xconfig and modifying /etc/dt/config/Xconfig. The default Xconfig file contains the preceding configuration and log file entries in addition to a few vendor specific resource definitions and examples.

The Xaccess File

The database file specified by the accessFile resource provides information which dtlogin uses to control access from displays requesting XDMCP service. This file contains three types of entries: entries which control the response to Direct and Broadcast queries, entries which control the response to Indirect queries, and macro definitions.

The format of a Direct entry is either a host name or a pattern. A pattern is distinguished from a host name by the inclusion of one or more meta characters (* matches any sequence of 0 or more characters, and ? matches any single character) which are compared against the host name of the display device. If the entry is a host name, all comparisons are done using network addresses, so any name which converts to the correct network address can be used. For patterns, only canonical host names are used in the comparison, so ensure that you do not attempt to match aliases. Putting an exclamation point (!) character before either a host name or a pattern causes hosts that match that entry to be excluded.

An Indirect entry also contains a host name or pattern, but follows it with a list of host names or macros to which indirect queries should be sent. Indirect entries can also specify to have dtlogin run dtchooser to offer a menu of hosts to which a login screen can be displayed.

A macro definition contains a macro name and a list of host names and other macros that the macro expands to. To distinguish macros from host names, macro names start with a % character. Macros can be nested.

When the access for a particular display host is checked, each entry is scanned in turn and the first matching entry determines the response. Direct and Broadcast entries are ignored when scanning for an Indirect entry and vice-versa. Blank lines are ignored, # is treated as a comment delimiter causing the rest of that line to be ignored, and \newline causes the newline to be ignored, allowing indirect host lists to span multiple lines.

The following example shows an Xaccess file:

#
# Xaccess - XDMCP access control file
#

#
# Direct/Broadcast query entries
#
!xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
bambi.ogi.edu     # allow access from this particular display
*.lcs.mit.edu     # allow access from any display in LCS

#
# Indirect query entries
#

#define %HOSTS macro
%HOSTS                expo.lcs.mit.edu xenon.lcs.mit.edu \
                      excess.lcs.mit.edu kanga.lcs.mit.edu

#force extract to contact xenon
extract.lcs.mit.edu xenon.lcs.mit.edu

#disallow indirect access by xtra
!xtra.lcs.mit.edu   dummy

#all others get to choose among %HOSTS
*.lcs.mit.edu       %HOSTS

If XDMCP access is granted, a temporary file can be created in the directory specified by authDir which contains authorization information for the X-terminal. It is deleted when the session starts.

For X terminals that do not offer a host menu for use with Broadcast or Indirect queries, the chooser program can do this for them. In the Xaccess file, specify CHOOSER as the first entry in the Indirect host list. The chooser program sends a Query request to each of the remaining host names in the list and displays a menu of all the hosts that respond. The list might consist of the word BROADCAST, in which case chooser sends a Broadcast instead, again displaying a menu of all hosts that respond. On some operating systems, UDP packets cannot be broadcast, so this feature will not work.

An example of an Xaccess file using the chooser program is as follows:

#offer a menu of these hosts to extract
extract.lcs.mit.edu CHOOSER %HOSTS

#offer a menu of all hosts to xtra
xtra.lcs.mit.edu    CHOOSER BROADCAST

The program to use for chooser is specified by the chooser resource. Resources for this program can be put into the file named by resources. The default Xaccess file is /usr/dt/config/Xaccess. A system administrator can customize Xaccess by copying /usr/dt/config/Xaccess to /etc/dt/config/Xaccess and then modifying /etc/dt/config/Xaccess. The default Xaccess file contains no entries.

The Xservers File

The Xservers file contains the list of displays to manage. The default Xservers file is /usr/dt/config/Xservers. A system administrator can customize Xservers by copying /usr/dt/config/Xservers to /etc/dt/config/Xservers and then modifying /etc/dt/config/Xservers. The default Xservers file contains an entry for one local display.

The Xresources File

The Xservers file contains the resource definitions specifying the appearance of the login screen. The default Xresources file is /usr/dt/config/Xresources. A system administrator can customize Xresources by copying /usr/dt/config/Xresources to /etc/dt/config/Xresources and then modifying /etc/dt/config/Xresources.

The Xsetup File

The Xsetup file typically a shell script. Only root users can run it, and they should be very careful about security. This script is run before the login screen is displayed. No arguments of any kind are passed to the script. The dtlogin command waits until this script exits before displaying the login screen.

The default Xsetup file is /usr/dt/config/Xsetup. A system administrator can customize Xsetup by copying /usr/dt/config/Xsetup to /etc/dt/config/Xsetup and then modifying /etc/dt/config/Xsetup. The default Xsetup file contains vendor specific code but typically contains code that sets up the X server prior to the display of the login screen, such as setting up keyboard maps.

The Xstartup File

The Xstartup file typically a shell script. Only root users can run it, and they should be very careful about security. This is the place to put commands that display the message of the day or do other system-level functions on behalf of the user. The following environment variables are set for the use of this script:

DISPLAY: Set to the associated display name.
HOME: Set to the home directory of the user.
PATH: Set to the value of the systemPath resource.
USER: Set to the user name.
SHELL: Set to the value of the systemShell resource.

No arguments of any kind are passed to the script. The dtlogin command waits until this script exits before starting the user session. If the exit value of this script is nonzero, dtlogin discontinues the session immediately and starts another authentication cycle.

The default Xstartup file is /usr/dt/config/Xstartup. A system administrator can customize Xstartup by copying /usr/dt/config/Xstartup to /etc/dt/config/Xstartup and then modifying /etc/dt/config/Xstartup. The default Xstartup file contains code to change ownership of /dev/console to the user whose session is running on the console.

The Xsession File

The Xsession script initializes a user's session and invokes the desktop session manager. It is run with the permissions of the authorized user, and has several environment variables preset. See Environment Variables for a list of the preset variables.

The default Xsession file is /usr/dt/bin/Xsession. A system administrator can customize Xsession by copying /usr/dt/bin/Xsession to /etc/dt/config/Xsession and then modifying /etc/dt/config/Xsession. The session resource defined in Xconfig must also be changed to reference the customized Xsession file. See The Xconfig File for information on how to update the Xconfig file. The default Xsession file contains session initialization code. It does contain some vendor specific code, but its general function is as follows:

Sources the user's $HOME/.dtprofile
Sources any /etc/dt/config/Xsession.d/* scripts
Sources any /usr/dt/config/Xsession.d/* scripts
Launches the desktop welcome client, dthello, in the background
Sources the application search path setup script, dtsearchpath
Launches the help setup client, dthelpgen, in the background
Launches the application manager directory setup client, dtappgather, in the background
Execs the desktop session manager, dtsession

System administrators are discouraged from customizing the Xsession file.

The Xreset File

Symmetrical with Xstartup, the Xreset script is run after the user session has terminated. Because it is run by a root user, the Xreset script should contain commands that undo the effects of commands in Xstartup, such as unmounting directories from file servers. The collection of environment variables that were passed to Xstartup are also given to Xreset.

The default Xreset file is /usr/dt/config/Xreset. A system administrator can customize Xreset by copying /usr/dt/config/Xreset to /etc/dt/config/Xreset and then modifying /etc/dt/config/Xreset. The default Xreset file contains code change ownership of /dev/console back to root.

The Xerrors File

The Xerrors script contains error messages from dtlogin and anything output to stderr by Xsetup, Xstartup or Xreset. The system administrator can use the contents of this file for dtlogin troubleshooting. The errorLogSize resource limits the size of the Xerrors file and can prevent it from growing without bound. If the file does grow larger than the requested size and is truncated by dtlogin, any user who is accessing the file (for example, using cat or tail) will need to close the file (after the file is truncated) and reopen it for access in order to see subsequent information that is logged to the file.

A system administrator can change the path name of the Xerrors by setting the errorLogFile resource in the Xconfig file.

The Xpid File

The Xpid script contains the process ID of the master dtlogin process, which can be used when sending signals to dtlogin. A system administrator can change the path name of the Xpid by setting the pidFile resource in the Xconfig file.