[7675] in Kerberos
Re: Kerberos 5 Authentication with SGI xdm
daemon@ATHENA.MIT.EDU (Howard M. Kash III)
Thu Jul 25 19:47:12 1996
Date: Thu, 25 Jul 96 18:54:21 EDT
From: "Howard M. Kash III" <hmkash@ARL.MIL>
To: kerberos@MIT.EDU
Mike Muuss asked me to send this message to the list explaining the
modifications I made to the stock X11R6 XDM to support the SGI's here
at the U.S. Army Research Laboratory.
On Thu, 25 Jul 1996 11:12:30 Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
> Unfortunately, since they use xdm, there's not a good way of doing this
> easily. And since SGI has their own "magic" version of XDM, compiling the
> stock X11R6 one and substituting it doesn't work (I tried, believe me).
The big magic in SGI's version is the way they use reaper/endsession to
control when xdm restarts. This "magic" is simply accomplished by
reaper placing a property on the root window (_SGI_SESSION_PROPERTY)
and endsession removing it. So, I just added the following block of
code to the session.c file from the stock X11R6 XDM:
#ifdef sgi
dpy = XOpenDisplay (d->name);
root_win = RootWindow(dpy, DefaultScreen(dpy));
if (root_win != -1)
{
prop = XInternAtom(dpy, "_SGI_SESSION_PROPERTY", 1);
if (prop != None)
{
XSelectInput(dpy, root_win, PropertyChangeMask);
for (;;) {
XNextEvent(dpy, &event);
if (prop == event.xproperty.atom)
break;
}
}
}
else
LogError ("unable to access root window of display\n");
#endif
Some of the other magic consists of reading /etc/default/login,
allowing failsafe login, and parsing %H and %R in the Xresources
file. I didn't bother adding the /etc/default/login capability
but instead hard coded as many of the settings as I easily could
(5 second delay after a failed login attempt, PATH and SUPATH, full
logging, LANG=C). I did implement the failsafe feature although
stock XDM has some other method of doing the same thing, like
pressing F1 after the login name or something. Stock XDM parses
CLIENTHOST in the Xresources file for the hostname instead of %H,
so I just modified the Xresources file.
I believe the only files I ended up modifying were session.c, verify.c,
resource.c, and Makefile. I chose not to use the krb5 stuff that
comes with the stock XDM since we have our own routines.
If anyone would like a copy of the modified code, I can email you a
compressed tar file (~289k). I'm not on the kerberos mailing list so
please send requests to me directly <hmkash@arl.mil>.
Hope this was helpfull.
Howard Kash http://homepage.arl.mil/~hmkash/
