分类:
2006-12-12 11:48:38
©2003 Daniel Rigal
XDM is the facility that allows a remote client to access a fulldesktop on a Unix or Linux server. The protocol it uses is called XDMCP. GDM and KDM are the Gnome and KDE enhanced versions of XDM respectively. This functionality can be thoughtof as equivalent to Windows Terminal Server or Citrix Metaframeon Windows. The downside is that XDMCP does not compress the data.It is comfortably usable over a 10 or 100 Mbit LAN andtolerable over a good broadband connection (e.g. 1 Mbit) but youreally do not want to be using it over a dial-up connection.XDM is a standard part of all X11 based Unix or Linux systems.To display an XDM desktop the client machine requires an X server.This is supplied as standard with almost all Unix and Linux systems.X servers are also available for Windows and MacOS.
VNC is another system for viewing remote systems. VNC can be installed so that it connects to the XDM and provides an alternative protocol to XDMCP for accessing it. There other ways of using VNC but this is the most user friendly way so this iswhat we will concentrate on in this document. VNC has the advantage of being more compressed than X and XDMCP as well as having a much simpler client program. This compression makes VNC justabout usable over 56 Kbit dial-up although it is still not as good asRDP or ICA (as used by Windows Terminal Server and Citrix Metaframerespectively). VNC is free software. Multiple implementationsexist. Fortunately these are all compatible. VNC clients exist forUnix, Linux, Windows, MacOS, Java and some other systems.
Note: Citrix sells a Metaframe Server forsome Unix systems. It is very expensive, but if you regularly needto share Unix desktops over very low bandwidth connections you mightfind this worthwhile. Try setting up VNC first and if it doesn't meetyour needs then you may have to open your wallet to Citrix.
XFS is the X Font Server. This allows the remote client to getfonts from the Unix or Linux machine. Without this the remotedesktop will be unable to get the fonts it needs and will lookvery odd. Without certain fonts some applications may fail completely. XFS is a standard part of any X11 implementation.
None of these facilities is enabled by default on most Linux versions for security reasons. Last time I checked, XDM and XFS were enabled by default on Solaris.
Important: None of these three protocols is secure! Youshould not allow access to them through your firewall. Ifyou want to deploy VNC over the internet you should tunnel it overSSH or some sort of VPN. Doing this is not covered in this documentwhich assumes you are setting this up for use within your LAN or overa private dial-up service.
/etc/X11/xdm/xdm-config. Comment out the last line saying:DisplayManager.requestPort: 0
by adding an "!" on the front.
/etc/X11/xdm/Xaccess. Uncomment the line: #* #any host can get a login window
by removing the first "#".
/etc/X11/gdm/gdm.conf.For KDM based systems (e.g. SuSE) edit: /usr/share/config/kdm/kdmrc. If unsure, editing both will dono harm.In either case, find the section:
[Xdmcp]Enable=falseChange "false" to "true" or "1".
Underneath this (i.e. somewhere inside the [Xdmcp]section), make sure you have a line which says:
Port=177
If it is commented out then uncomment it. If it says Port=0then change it to say Port=177. If it is missing entirely thenadd it.
init 3; init 5". Notethat this will crash any X desktop you (or any other users) are running on the machineat the time. If you prefer not to do this, you can kill and restart the processes manually./etc/X11/fs/config. Comment out the last line"no-listen = tcp" by putting a "#" on the front.Make sure you have tested XDM and XFS first. VNC won't work without them (at least not the way we are going to set it up).
If you don't have the TightVNC RPM to hand get it from:. We are going to use TightVNC because it has additional compressionfeatures over normal VNC. It is backwards compatible so there won't beany problems with this.
Install the Tight VNC server. Some machines may already havethe standard VNC server. You can install Tight VNC over thetop as an upgrade:
e.g. rpm -Uvh tightvnc-server-1.2.8-1.i386.rpm
I couldn't get any sense out of TightVNC 1.2.8 when I tried tocompile it on Solaris. Instead, I have found RealVNC to be moretractable. RealVNC is compatible with TightVNC and VNC but lacksa few of TightVNC's cleverer features. Chances are nobody will notice the difference.
If you don't have it, get the Solaris binary version of RealVNCfrom:
Note: The binary says it is made for Solaris 2.5 but it works OK onSolaris 8. Unfortunately it is only 32 bit.
Unpack the binary in /opt. You don't need to bother with the install script if you don't want to. I just did the following:
cd /optgunzip vnc-3.3.6-sparc_solaris_2.5.tar.gztar -xvf vnc-3.3.6-sparc_solaris_2.5.tarln -s vnc-3.3.6-sparc_solaris_2.5 vnc
We now need to add VNC services to the machine. Each one willconnect to an XDM display running a fixed resolution and colour depth.To give the users plenty of choice we can make several of these.The users can then connect to whichever port corresponds to theresolution they want.
Edit /etc/services and add the services you want. e.g:
vnc-640x480x8 5950/tcp # VNC :50 - Recommended for low bandwidth users.vnc-800x600x8 5951/tcp # VNC :51vnc-800x600x16 5952/tcp # VNC :52vnc-800x600x24 5953/tcp # VNC :53vnc-1024x768x8 5954/tcp # VNC :54vnc-1024x768x16 5955/tcp # VNC :55 - Recommended for most users.vnc-1024x768x24 5956/tcp # VNC :56vnc-1152x864x8 5957/tcp # VNC :57vnc-1152x864x16 5958/tcp # VNC :58vnc-1152x864x24 5959/tcp # VNC :59vnc-1280x1024x8 5960/tcp # VNC :60vnc-1280x1024x16 5961/tcp # VNC :61 - Recommended for power users.vnc-1280x1024x24 5962/tcp # VNC :62
Solaris and some Linux versions use the traditional inetd service. Edit /etc/inetd.conf and add entries which correspondto the services you put in /etc/services. e.g:
## VNC Server#vnc-640x480x8 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 640x480 -depth 8vnc-800x600x8 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 8vnc-800x600x16 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 16vnc-800x600x24 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 24vnc-1024x768x8 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1024x768 -depth 8vnc-1024x768x16 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1024x768 -depth 16vnc-1024x768x24 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1024x768 -depth 24vnc-1152x864x8 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1152x864 -depth 8vnc-1152x864x16 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1152x864 -depth 16vnc-1152x864x24 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1152x864 -depth 24vnc-1280x1024x8 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1280x1024 -depth 8vnc-1280x1024x16 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1280x1024 -depth 16vnc-1280x1024x24 stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 1280x1024 -depth 24
Find the process for inetd and kill -HUP it:
ps -ef | grep inetdkill -HUP pid
Note: You should run the VNC services as nobody for the standard security reasons. On Solaris I was unable to make it run as nobody and had to change it to root. If you have the same problem then you will need to decide whether to take this risk.
RedHat and some other Linux systems use the new Xinetd service instead of Inetd. This isfunctionally similar but has a more verbose file format.
Make a new file in /etc/xinetd.d called vnc and put entries init which correspond to the services you put in /etc/services. e.g:
# default: on# description: VNC.service vnc-640x480x8{ protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 640x480 -depth 8}service vnc-800x600x8{ protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 8}service vnc-800x600x16{ protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 16}service vnc-800x600x24{ protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -fp tcp/localhost:7100 -once -geometry 800x600 -depth 24}And so on.......Restart Xinetd:
/etc/init.d/xinetd restartYou may be wondering about the fact that we had to tell VNC toconnect itself to the XDM on the same machine by telling it to querylocalhost. You may be wondering whether you could putother machine names in there. Yes you can, provided that the othermachine is also serving XDMCP sessions. This is pretty cool. It means that you can have a single VNCserver serving VNC sessions for many machines. There are a number ofreasons you might want to do this:
Lets look at a quick example. Suppose that, in addition torunning VNC displays 50 to 62 aimed at itself, we want to makeVNC connections to a second server which is imaginatively titledserverb. Let us assume that serverb is already serving XDMCP.We don't need to do anything with serverb. On the original serverwe add one or more additional services in /etc/serviceseach on a new port number. e.g:
vnc-serverb 5970/tcp # VNC :70
Now we add a corresponding VNC service to inetd or xinetd. e.g:vnc-serverb stream tcp nowait nobody /opt/vnc/Xvnc Xvnc -inetd -query serverb -fp tcp/serverb:7100 -once -geometry 1024x768 -depth 16
Restart inetd or xinetd and that is it. To use it make a VNC connectionto the original server, not serverb. E.g. to access serverb youmight connect to servera:70. Weird maybe, but it works.
You don't want remote users shutting down the machine. Remote VNCusers appear to be local as far as X is concerned and hence will havethe option to shut the machine down from KDE and Gnome. To get round this, you need to stop users other than root shutting down the machine.
Log into KDE as root. Bring up the Control Centre and go to theLogin Manager section. Set it so that only root can shutdown themachine (either locally or remotely).
Finally, to stop users shutting down from Gnome or a shell do:chmod 700 /sbin/shutdown
Note: Replace "hostname" with the name of your server throughoutthis section.
To check whether XDM is working from a Linux workstation run:
X -query hostname :1
This will start a second desktop (assuming that you already havean X desktop running). Swap between them with CTRL-ALT-F7and CRTL-ALT-F8. You can also abort the X displays withCTRL-ALT-Backspace.
To check whether XDM is working from a Solaris workstationdrop out of graphics mode (init 2) and do:
X -query hostname :0
To check whether XDM is working from a Windows PC you will need anX server installed. If you have Cygwin/XFree86 then do:
X -query hostname :0
In any of the above cases, you should see an X desktop appearshowing the login screen of the server in the same way as if youwere using it locally. The fonts may appear odd. Getting the fontsright is the next stage.
Once you have XDM working, you should check the font server.Quit any XDM session left over from before and invoke XDM againbut this time tell it to use the font server:
X -query hostname -fp tcp/hostname:7100 :1or:
X -query hostname -fp tcp/hostname:7100 :0
This should work as before. The fonts should now look more orless correct but may not be perfect. You won't get anti-aliasingand some fonts may appear imperfectly scaled (i.e. blocky). Trylogging in. Run a few applications. They should all be usable.
To test VNC from a Linux or Solaris workstation, make sure thata VNC client is installed and do:
vncviewer hostname:display
where display is one of the VNC display numbers you set up onthe server (i.e. 50 to 62 in our example).
To test from Windows, make sure that the TightVNC client isinstalled and then try connecting to one of the VNC displayswhich you set up on the server using the TightVNC Viewer (FastCompression) option.
If all went well you should now have a usable service. You willneed to install the appropriate VNC clients on all the users' PCs/Workstations and then tell the users which servers and displaysare provided.
Note: VNC and X display names are not related despite their similarformat of "hostname:number". You can have multiple users on each VNCdisplay service. Ifseveral users all connect to VNC display hostname:55 then it will start a newand separate X display for each one (i.e. localhost:1, localhost:2, etc).This means that you can have as many concurrent users as you like providedthe server has enough CPU and RAM.
Dial-up users will find the service sluggish. This can be optimisedwith a few tricks, although it will never be fast:
Latest update: 05/05/2003.
Many thanks to Damian McGuckin for suggesting improvements.