gdm.xml 212 KB
Newer Older
1 2 3
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
<!ENTITY legal SYSTEM "legal.xml">
4
<!ENTITY version "2.13.0.4">
5
<!ENTITY date "01/05/2006">
6 7
]>
<article id="index" lang="es">
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
  <articleinfo>
    <title>Manual de referencia del Gestor pantallas de Gnome</title>

    <abstract role="description">
      <para>Manual de referencia del Gnome Display Manager (GDM).</para>
    </abstract>

    <authorgroup>
      <author>
        <firstname>Martin</firstname><othername>K.</othername>
           <surname>Petersen</surname>
        <affiliation>
          <address><email>mkp@mkp.net</email></address>
        </affiliation>
      </author>
      <author>
        <firstname>George</firstname><surname>Lebl</surname>
        <affiliation>
          <address><email>jirka@5z.com</email></address>
        </affiliation>
      </author>
      <author role="maintainer">
        <firstname>Brian</firstname><surname>Cameron</surname>
        <affiliation>
          <address><email>Brian.Cameron@Sun.COM</email></address>
        </affiliation>
      </author>
      <author>
        <firstname>Bill</firstname><surname>Haneman</surname>
        <affiliation>
          <address><email>Bill.Haneman@Sun.COM</email></address>
        </affiliation>
      </author>
41
    </authorgroup>
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
    <copyright>
      <year>1998</year><year>1999</year><holder>Martin K. Petersen</holder>
    </copyright>
    <copyright>
      <year>2001</year><year>2003</year><year>2004</year>
        <holder>George Lebl</holder>
    </copyright>
    <copyright>
      <year>2003</year> <holder>Red Hat, Inc.</holder>
    </copyright>
    <copyright>
      <year>2003</year><year>2004</year><holder>Sun Microsystems, Inc.</holder>
    </copyright><copyright><year>2003, 2005.</year><holder>Francisco Javier F. Serrador (serrador@cvs.gnome.org)</holder></copyright>

      <legalnotice id="legalnotice">
	<para>Se concede permiso para copiar, distribuir o modificar este documento según las condiciones de la GNU Free Documentation License (GFDL), Versión 1.1 o cualquier versión posterior publicada por la Free Software Foundation sin Secciones invariantes, Textos de portada y Textos de contraportada. Encontrará una copia de la GFDL en este <ulink type="help" url="ghelp:fdl">enlace</ulink> o en el archivo COPYING-DOCS distribuido con este manual.</para>
         <para>Este manual forma parte de una colección de documentos de GNOME distribuidos según la GFDL. Si desea distribuir este manual de forma independiente de la colección, puede hacerlo agregando una copia de la licencia al documento, según se describe en la sección 6 de la misma.</para>

	<para>Muchos de los nombres utilizados por las empresas para distinguir sus productos y servicios se consideran marcas comerciales. Cuando estos nombres aparezcan en la documentación de GNOME, y siempre que se haya informado a los miembros del Proyecto de documentación de GNOME de dichas marcas comerciales, los nombres aparecerán en mayúsculas o con las iniciales en mayúsculas.</para>

	<para>ESTE DOCUMENTO Y LAS VERSIONES MODIFICADAS DEL MISMO SE OFRECEN SEGÚN LAS CONDICIONES ESTABLECIDAS EN LA LICENCIA DE DOCUMENTACIÓN LIBRE DE GNU (GFDL) Y TENIENDO EN CUENTA QUE: <orderedlist><listitem><para>EL DOCUMENTO SE ENTREGA "TAL CUAL", SIN GARANTÍA DE NINGÚN TIPO, NI EXPLÍCITA NI IMPLÍCITA INCLUYENDO, SIN LIMITACIÓN, GARANTÍA DE QUE EL DOCUMENTO O VERSIÓN MODIFICADA DE ÉSTE CAREZCA DE DEFECTOS EN EL MOMENTO DE SU VENTA, SEA ADECUADO A UN FIN CONCRETO O INCUMPLA ALGUNA NORMATIVA. TODO EL RIESGO RELATIVO A LA CALIDAD, PRECISIÓN Y UTILIDAD DEL DOCUMENTO O SU VERSIÓN MODIFICADA RECAE EN USTED. SI CUALQUIER DOCUMENTO O VERSIÓN MODIFICADA DE AQUÉL RESULTARA DEFECTUOSO EN CUALQUIER ASPECTO, USTED (Y NO EL REDACTOR INICIAL, AUTOR O AUTOR DE APORTACIONES) ASUMIRÁ LOS COSTES DE TODA REPARACIÓN, MANTENIMIENTO O CORRECCIÓN NECESARIOS. ESTA EXENCIÓN DE RESPONSABILIDAD SOBRE LA GARANTÍA ES UNA PARTE ESENCIAL DE ESTA LICENCIA. NO SE AUTORIZA EL USO DE NINGÚN DOCUMENTO NI VERSIÓN MODIFICADA DE ÉSTE POR EL PRESENTE, SALVO DENTRO DEL CUMPLIMIENTO DE LA EXENCIÓN DE RESPONSABILIDAD;Y</para></listitem><listitem><para>EN NINGUNA CIRCUNSTANCIA NI BAJO NINGUNA TEORÍA LEGAL, SEA POR ERROR (INCLUYENDO NEGLIGENCIA) CONTRATO O DOCUMENTO DE OTRO TIPO, EL AUTOR, EL ESCRITOR INICIAL, EL AUTOR DE APORTACIONES NI NINGÚN DISTRIBUIDOR DEL DOCUMENTO O VERSIÓN MODIFICADA DEL DOCUMENTO, NI NINGÚN PROVEEDOR DE NINGUNA DE ESAS PARTES, SERÁ RESPONSABLE ANTE NINGUNA PERSONA POR NINGÚN DAÑO DIRECTO, INDIRECTO, ESPECIAL, INCIDENTAL O DERIVADO DE NINGÚN TIPO, INCLUYENDO, SIN LIMITACIÓN DAÑOS POR PÉRDIDA DE FONDO DE COMERCIO, PARO TÉCNICO, FALLO INFORMÁTICO O AVERÍA O CUALQUIER OTRO POSIBLE DAÑO O AVERÍA DERIVADO O RELACIONADO CON EL USO DEL DOCUMENTO O SUS VERSIONES MODIFICADAS, AUNQUE DICHA PARTE HAYA SIDO INFORMADA DE LA POSIBILIDAD DE QUE SE PRODUJESEN ESOS DAÑOS.</para></listitem></orderedlist></para>
  </legalnotice>



67
    <releaseinfo>Este manual describe la versión  2.13.0.4 del Gestor de Pantallas de Gnome. Se actualizó por última vez en 01/05/2006.</releaseinfo>  
68 69 70 71 72 73
 
  </articleinfo>

  <sect1 id="preface">
    <title>Términos y convenciones usados en este manual</title>

74
    <para>Este manual describe la versión  2.13.0.4 del Gestor de Pantallas de Gnome. Se actualizó por última vez en 01/05/2006.</para>  
75

76
    <para>Selector- Un programa usado para seleccionar un host remoto para gestionar una pantalla remotamente en la pantalla local (<command>gdmchooser</command>).</para>
77 78

    <para>Configurador - La aplicación de configuración (<command>gdmsetup</command>).</para>
79 80 81 82 83 84 85

    <para>GDM - Gestor de pantallas de Gnome. Se usa para describir el paquete de software como un todo. algunas veces también se refiere a él como GDM2.</para>

    <para>dgm - El demonio del gestor de pantallas (<command>gdm</command>).</para>

    <para>Interfaz de entrada - La venta de de entrada gráfica (<command>gdmlogin</command> o <command>gdmgreeter</command>).</para>

86
    <para>Interfaz GTK+ - La ventana de entrada estándar (<command>gdmlogin</command>).</para>
87

88
    <para>PAM - Mecanismo de autenticación enchufable</para>
89

90
    <para>Interfaz  con temas - La ventana de entrada con temas intercambiables  ( <command>gdmgreeter</command>).</para>
91

92
    <para>XDMCP - X Display Manage Protocol</para>
93

94
    <para>Las rutas que comienzan con una palabra entre los símbolos &lt; y &gt; son relativas al prefijo de instalación. Ej: <filename>&lt;share&gt;/pixmaps/</filename> se refiere a <filename>/usr/share/pixmaps</filename> si GDM se ha configurado con  <command>--prefix=/usr</command>. Normalmente también denota que GDM está instalado con <command>--sysconfigdir=/etc/X11</command>, que quiere decir que cualquier ruta a la que se refiera como  <filename>&lt;etc&gt;/gdm/PreSession</filename> usualmente significa <filename>&lt;etc/X11&gt;/gdm/PreSession</filename>. note que para interoperatibilidad se recomienda que use un --prefix de <filename>/usr</filename> y un directorio de configuración del sistema (--sysconfdir) <filename>/etc/X11</filename>.</para>
95 96 97 98 99 100 101 102
  </sect1>

  <sect1 id="overview">
    <title>Vista general</title>

    <sect2 id="introduction">
      <title>Introducción</title>

103
      <para>GDM es un reemplazo de XDM, el gestor de pantallas de X, a diferencia de sus competidores, (X3DM, KDM, WDM), GDM se escribió desde cero y no contiene nada de código de XDM /X Consortium.</para>
104

105
      <para>For further information about GDM, see the <ulink type="http" url="http://www.gnome.org/projects/gdm/"> the GDM project website</ulink>. Please submit any bug reports or enhancement requests to the "gdm" category in <ulink type="http" url="http://bugzilla.gnome.org/">bugzilla.gnome.org</ulink>.</para>
106 107 108 109 110
    </sect2>

    <sect2 id="daemonov">
      <title>El demonio GDM</title>
      
111
      <para>The GDM daemon is responsible for managing displays on the system. This includes authenticating users, starting the user session, and terminating the user session. GDM is configurable and the ways it can be configured are described in the "Configuring GDM" section of this document. The <filename>Init</filename>, <filename>PostLogin</filename>, <filename>PreSession</filename>, and <filename>PostSession</filename> scripts discussed below are discussed in this "Configuring GDM section".</para>
112

113
      <para>The GDM daemon supports a UNIX domain socket protocol which can be used to control aspects of its behavior and to query information. This protocol is described in the "Controlling GDM" section of this document.</para>
114

115 116 117
      <para>GDM can be asked to manage a display a number of ways. Local displays are always managed when GDM starts and will be restarted when a user's session is finished. Displays can also be requested via XDMCP and flexible displays can be requested by running the <command>gdmflexiserver</command> command, and such displays are not restarted on session exit. These display types are discussed in the next section.</para>
        
      <para>When the GDM daemon is asked to manage a display, it will fork an X server process, then run the <filename>Init</filename> script as the root user, and start the login GUI dialog as a slave process on the display. GDM can be configured to use either <command>gdmgreeter</command> (the default) or <command>gdmlogin</command> as the GUI dialog program. The <command>gdmlogin</command> program supports accessibility while the <command>gdmgreeter</command> program supports greater themeability. The GUI dialog is run as an unpriviledged user/group which is described in the "Security" section below. The GUI dialog communicates with the daemon via a sockets protocol and via standard input/output. The slave, for example passes the username and password information to the GDM daemon via standard input/output so the daemon can handle the actual authentication.</para>
118

119
      <para>The login GUI dialog screen allows the user to select which session they wish to start and which language they wish to use. Sessions are defined by files that end in the .desktop extension and more information about these files can be found in the "Configuration" section. The user enters their name and password and if these successfully authenticate, GDM will start the requested session for the user. It is possible to configure GDM to avoid the authentication process by turning on the Automatic or Timed Login features in the GDM configuration. The login GUI can also be configured to provide additional features to the user, such as the Face Browser; the ability to halt, restart, or suspend the system; and/or edit the login configuration (after entering the root password).</para>
120

121
      <para>GDM, by default, will use Pluggable Authentication Modules (PAM) for authentication, but can also support regular crypt and shadow passwords on legacy systems. After authenticating a user, the daemon runs the <filename>PostLogin</filename> script as root, and forks a slave process to start the requested session. This slave process runs the <filename>PreSession</filename> script as root, sets up the users environment, and starts the requested session. GDM keeps track of the user's default session and language in the user's <filename>~/.dmrc</filename> and will use these defaults if the user did not pick a session or language in the login GUI. On Solaris, GDM (since version 2.8.0.3) uses the SDTLOGIN interface after user authentication to tell the X server to be restarted as the user instead of as root for added security. When the users session exits, the GDM daemon will run the <filename>PostSession</filename> script as root.</para>
122 123 124 125 126
    </sect2>

    <sect2 id="displaytypes">
      <title>Tipos de pantalla diferentes</title>

127
      <para>GDM supports three different display types: static (local) displays, flexible (on-demand) displays, and XDMCP (remote) displays. The "X Server Definitions" and the "Local Static X Display Configuration" subsections of the "Configuration" section explains how these various types of displays are defined in the GDM configuration file.</para>
128

129
      <para>Las pantallas locales estáticas siempre se inician por el demonio, y cuando mueren o son matadas, se reinician. GDM puede además gestionar pantallas que en las cuales él no gestione la entrada, así que GDM puede usarse para soportar terminales X.</para>
130

131
      <para>Flexible, or on demand displays, are started via the socket protocol with the <command>gdmflexiserver</command> command. This feature is only available to users logged in on the console and will display a new login screen. If a flexible display has previously been started on the console, running <command>gdmflexiserver</command> again will display a menu allowing users to switch back to a previous session or start a new flexible session. The <command>gdmflexiserver</command> locks the current session before starting a new flexible display, so the user's password must be entered before returning to an existing session. The <command>gdmflexiserver</command> command can also be used to launch nested <command>Xnest</command> display. These are launched in a window in the user's current session. Nested displays can be started even if not logged into the console and are started by running the <command>gdmflexiserver -n</command> command. Flexible displays are not restarted when the user session ends. Flexbile displays require virtual terminal (VT) support in the kernel, and will not be available if not supported (such as on Solaris). Nested displays require that the X server supports Xnest.</para>
132

133
      <para>The last display type is the XDMCP remote displays which are described in the next section. Remote hosts can connect to GDM and present the login screen if this is enabled. Some things are different for remote sessions. For example, the Actions menu which allows you to shut down, restart, suspend, or configure GDM are not shown.</para>
134 135 136 137 138
    </sect2>

    <sect2 id="xdmcp">
      <title>XDMCP</title>

139 140 141
      <para>The GDM daemon can be configured to listen for and manage X Display Manage Protocol (XDMCP) requests from remote displays. By default XDMCP support is turned off, but can be enabled if desired. If GDM is built with TCP Wrapper support, then the daemon will only grant access to hosts specified in the GDM service section in the TCP Wrappers configuration file.</para>

      <para>GDM includes several measures making it more resistant to denial of service attacks on the XDMCP service. A lot of the protocol parameters, handshaking timeouts etc. can be fine tuned. The defaults should work for most systems, however. Do not change them unless you know what you are doing.</para>
142 143 144 145 146

      <para>GDM escucha en el puerto UDP 177 y responderá a las peticiones QUERY y BROADCAST_QUERY enviando un paquete WILLING al originador.</para>

      <para>GDM también puede configuarse para confiar en solicitudes INDIRECT y presentar un selector de equipos al display remoto. GDM recordará la selección del usuario y reenviará las peticiones subsiguiente al gestor seleccionado. GDM también soporta una extensión al protocolo que hará que se olvide de la redirección una vez que la conexión del usuario tiene éxito. Esta extensión está soportada sólo si ambos demonios son GDM. Es transparente y será ignorada por XDM u otros demonios que implementan XDMCP.</para>

147 148
      <para>Refer to the "Security" section for information about security concerns when using XDMCP.</para>
    </sect2>
149

150 151
    <sect2 id="gtkgreeter">
      <title>El interfaz GTK+</title>
152

153
      <para>El interfaz GTK+ es el interfaz gráfico de usuario que se presenta al usuario. El interfaz contiene un menú en la parte superior, un visor de rostros opcional, un logo opcional y un widget para entrada de texto.</para>
154

155
      <para>El campo de entrada de texto se usa para introducir nombres de usuario, contraseñas, etc. <command>gdmlogin</command> está controlado por un demonio por debajo que es básicamente sin estado. El demonio controla el interfaz a través de un protocolo simple donde puede predir al interfaz una cadena de texto con eco activado o desactivado. Similarmente, el demonio puede cambiar la etiqueta sobre la entrada de texto para corresponder con el valor que el sistema de autenticación quiere que el usuario introduzca.</para>
156

157
      <para>The menu bar in the top of the greeter enables the user to select the requested session type/desktop environment, select an appropriate locale/language, halt/restart/suspend the computer, configure GDM (given the user knows the root password), change the GTK+ theme, or start an XDMCP chooser.</para>
158

159
      <para>El interfaz de entrada puede mostrar opcionalmente un logotipo en la ventana de entrada. La imagen debe estar en un formato legible por la biblioteca gdk-pixbuf (GIF, JPG, PNG, TIFF, XPM y posiblemente otros), y debe tener permiso de lectura para el usuario de GDM. Vea la opción <filename>Logotipo</filename> en la sección de referencia inferior para los detalles.</para>
160 161
    </sect2>

162 163
    <sect2 id="themedgreeter">
      <title>El interfaz con temas</title>
164

165
      <para>The Themed Greeter is a greeter interface that takes up the whole screen and is very themable. Themes can be selected and new themes can be installed by the configuration application or by setting the <filename>GraphicalTheme</filename> configuration key. The Themed Greeter is much like the GTK+ Greeter in that it is controlled by the underlying daeon, is stateless, and is controlled by the daemon using the same simple protocol.</para>
166

167
      <para>The look and feel of this greeter is really controlled by the theme and so the user interface elements that are present may be different. The only thing that must always be present is the text entry field as described above in the GTK+ Greeter. The theme can include buttons that allow the user to select an appropriate locale/language, halt/restart/suspend the computer, configure GDM (given the user knows the root password), or start an XDMCP chooser.</para>
168

169
      <para>Puede obtener siempre un menú de las acciones disponibles pulsando la tecla F10. Esto puede ser útil si el tema no proporciona ciertos botones cuando realmente quiere hacer alguna acción.</para>
170 171 172 173 174 175 176
    </sect2>

    <sect2 id="facebrowser">
      <title>El visor de rostros de GDM</title>

      <para>GDM soporta un visor de rostros que mostrará una lista de usuarios que pueden entrar y un icono para cada usuario. Esta característica puede usarse con el interfaz GTK+ si la opción de configuración <filename>Examinador</filename> está establecida a "true". Esta característica puede usarse con el Interfaz con Temas si usa un tema de GDM que incluya un tipo de elemento "userlist", tal como  "happygnome-list"</para>

177
      <para>Por omisión, el visor de rostros está desactivado debido a que revelar nombres de usuario en la pantalla de entrada no es apropiado en muchos sistemas por razones de seguridad y debido a que GDM requiere alguna configuración para especificar qué usuarios deberían ser visibles. La configuración puede hacerse en la solapa «Usuarios» en <command>gdmsetup</command>. Esta característica es más práctica de usar en un sistema con un número pequeño de usuarios.</para>
178 179 180 181 182 183 184 185 186

      <para>Los iconos usados por GDM pueden instalarse globalmente por el administrador del sistema o pueden ser colocados en los directorios personales de los usuarios.. Si se instalan globalmente deberían estar en el directorio <filename>&lt;share&gt;/pixmaps/faces/</filename>  (aunque esto puede configurarse con la opción <filename>GlobalFaceDir</filename>) y el nombre del archivo debería ser el nombre del usuario, opcionalmente con un <filename>.png</filename> agregado. Los iconos de caras colocados en el directorio global de caras deben ser leíbles por el usuario GDM. Sin embargo, el demonio, proximiza las fotografías de los usuarios al interfaz y debido a esto no tienen que ser leíbles por el usuario GDM sino por el root.</para>

      <para>Los usuarios pueden ejecutar el comando <command>gdmphotosetup</command> para configurar la imagen a usar para su id de usuario. Este programa escala apropiadamente el archivo si es más grande que las opciones de configuración  <filename>MaxIconWidth</filename> o <filename>MaxIconHeight</filename> y coloca al icono en un archivo llamado <filename>~/.face</filename>. Aunque <command>gdmphotosetup</command> escala las imágenes del usuario automáticamente, esto no garantiza que esas imágenes de usuario estén escaladas de forma adecuada así que un usuario puede crear su archivo <filename>~/.face</filename> a mano.</para>
        
      <para>GDM primero buscará la imagen de la cara del usuario en <filename>~/.face</filename>. Si no la encuentra, intentará con <filename>~/.face.icon</filename>. Si aún no la encuentra, usará el valor definido para "face/picture=" en el archivo <filename>~/.gnome2/gdm</filename>. Por último intentará con <filename>~/.gnome2/photo</filename> y <filename>~/.gnome/photo</filename> los cuales están obsoletos y se soportan por compatibilidad hacia atrás.</para>

      <para>Si un usuario no tiene una imagen de rostro definida, GDM usará el icono "stock_person" definido en el tema GTK+ actual. Si dicha imagen no está definida, entonces usará la imagen especificada en la opción de configuración <filename>DefaultFace</filename> como resguardo, normalmente /usr/share/pixmaps/nobody.png.</para>
      
187
      <para>Note que cargar y escalar los iconos de rostros situados en los directorios personales de los usuarios puede ser una tarea que consuma mucho tiempo. Debido a que no es práctico cargar imágenes sobre NIS o NFS, GDM no intenta cargar imágenes de rostros desde directorios personales remotos. Además, GDM parará de cargar imágenes de rostros después de 5 segundos de actividad y sólo mostrará los usuarios cuyas imágenes haya obtenido hasta entonces. La opción <filename>Include</filename> de <filename>gdm.conf</filename> puede usarse para especificar un conjunto de usuarios que deberían aparecer en el visor de rostros. Mientras los usuarios a incluir tengan un tamaño razonable, no debería haber ningún problema con GDM siendo incapaz de acceder a las imágenes de rostros. Para evitar estos problemas, se recomienda situar las imágenes de rostros en el directorio especificado por la opción de configuración <filename>GlobalFaceDir</filename>.</para>
188

189
      <para>To control the users who get displayed in the face browser, there are a number of configuration options that can be used. If the <filename>IncludeAll</filename> option is set to true, then the password file will be scanned and all users will be displayed. If <filename>IncludeAll</filename> option is set to false, then the <filename>Include</filename> option should contain a list of users separated by commas. Only the users specified will be displayed. Any user listed in the <filename>Exclude</filename> option and users whose UID's is lower than <filename>MinimalUID</filename> will be filtered out regardless of the <filename>IncludeAll</filename> setting. <filename>IncludeAll</filename> is not is not recommended for systems where the passwords are loaded over a network (such as when NIS is used), since it can be very slow to load more than a small number of users over the network..</para>
190

191
      <para>When the browser is turned on, valid usernames on the computer are inherently exposed to a potential intruder. This may be a bad idea if you don't know who can get to a login screen. This is especially true if you run XDMCP (turned off by default).</para>
192 193
    </sect2>

194 195
    <sect2 id="logging">
      <title>Registro de actividad</title>
196

197
      <para>GDM por sí mismo usará syslog para registrar los errores o el estado. También puede registrar información de depuración, que puede ser útil para encontrar problemas si GDM no funciona apropiadamente. Esto puede activarse en el archivo de configuración.</para>
198

199
      <para>La salida de varios servidores X está almacenada en el directorio de registros de GDM, el cual es configurable, pero normalmente es <filename>/var/log/gdm/</filename>. La salida desde la sesión puede encontrarse en un archivo llamado <filename>&lt;display&gt;.log</filename>. Cuatro archivos más antiguos se almacenan también con  <filename>.1</filename> a <filename>.4</filename> anexado. Éstos se rotarán a medida que se inicien nuevas sesiones en esa pantalla. Puede usar estos registros para ver que decía el servidor X cuando arrancaba.</para>
200

201
      <para>La salida de la sesión de usuario está redirigida a <filename>~/.xsession-errors</filename> incluso antes de se inicie el script <filename>PreSession</filename>. Así que no es realmente necesario redirigir esto otra vez en el script de configuración de la sesión. Tal como se hace normalmente, si la sesión del usuario duró menos de 10 segundos, GDM asume que la sesión reventó y permite al usuario ver este archivo en un diálogo antes de volver a la pantalla de entrada. De esta manera el usuario puede ver los errores de la última sesión y corregir el problema.</para>
202

203
      <para>Puede suprimir la advertencia de los 10 segundos devolviendo un código 66 desde el script <filename>Xsession</filename> desde el binario de la sesión (el script <filename>Xsession</filename> predeterminado propaga esos códigos hacia atrás). Esto es útil si tiene alguna clase de inicios de sesión especiales para los que no es un error retornar menos de esos 10 segundos después, o si configura la sesión para mostrar algún mensaje de error y el mensaje de GDM podría ser confuso y redundante.</para>
204

205
      <para>La salida de la sesión se encauza a través del demonio gdm y así el archivo <filename>~/.xsession-errors</filename> está capado a cerca de 200 Kbytes por GDM para prevenir una posible denegación de servicio en la sesión. Una aplicación podría quizás leer algunos datos erróneos, imprimir advertencias o errores en stderr o stdout. Esto podría quizás llenar el directorio personal del usuario quien tendría que cerrar sesión e iniciar sesión de nuevo para limpiar esto. Esto podría ser especialmente duro si hay cuotas puestas. GDM además atrapa correctamente la señal XFSZ y para de escribir el archivo, lo que podría conducir a sesiones matadas si el archivo fue redirigido en la forma antigua desde el script.</para>
206

207
      <para>Note que algunos distribuidores parecen ignorar la redirección de <filename>~/.xsession-errors</filename> y la hacen ellos mismos en su propio script Xsession (establecido por la clave de configuración <filename>BaseXsession</filename>) que significa que GDM no será capaz de atrapar la salida y cubrir este archivo. Puede también perder datos de salida del script <filename>PreSession</filename> lo que puede hacer la depuración mucho más complicada ya que quizás la salida de lo que está equivocado no se imprimirá. Vea la descripción de la clave de configuración <filename>BaseXsession</filename> para más información, especialmente acerca de cómo manejar múltiples gestores de entrada usando el mismo script.</para>
208

209
      <para>Note que si la sesión es una sesión a prueba de fallos, o si GDM no puede abrir este archivo por alguna razón, entonces se creará un archivo de apoyo en el directorio <filename>/tmp</filename> llamado <filename>/tmp/xses-&lt;user&gt;.XXXXXX</filename> donde <filename>XXXXXX</filename> son caracteres aleatorios.</para>
210

211
      <para>Si ejecuta un sistema sin cuotas activadas, será bueno borrar el archivo <filename>~/.xsession-errors</filename> en el script <filename>PostSession</filename>. Así este archivo de registro no está por medio innecesariamente.</para>
212 213
    </sect2>

214
    <sect2 id="fileaccess">
215
      <title>Acceso a los archivos</title>
216

217
      <para>En general GDM es muy quisquilloso respecto a la lectura/escritura de archivos de usuario (como ~/.dmrc, ~/.face, ~/.xsession-errors, y ~/.Xauthority ). Por ejemplo se niega a acceder a cualquier cosa excepto archivos regulares. Enlaces, sockets y dispositivos se ignoran. El valor del parámetro <filename>RelaxPermissions</filename> determina si GDM debería aceptar archivos escribibles por el grupo del usuario u otros. Éstos se ignoran por omisión.</para>
218

219
      <para>Todas las operaciones en los archivos del usuario se realizan con el id de usuario efectivo del usuario. Si el control de sanidad falla en el archivo <filename>.Xauthority</filename> del usuario, se crea una cookie de recuperación de errores en el directorio especificado por la opción de configuración <filename>UserAuthFBDir</filename> (/tmp por omisión).</para>
220

221
      <para>Finalmente, el administrador del sistema puede especificar el tamaño máximo del archivo que GDM debería aceptar y, en el caso de que el visor de rostros esté activado, se fuerza un tamaño máximo del icono. En sistemas grandes se avisa además que desactive el visor de rostros por razones de rendimiento. Mirar iconos en directorios personales, escalarlos y renderizarlos puede llevar mucho tiempo.</para>
222
    </sect2>
223

224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583
    <sect2 id="performance">
      <title>GDM Performance</title>

      <para>To speed performance it is possible to build GDM so that it will preload libraries when GDM first displays a greeter program. This has been shown to speed first time login since these libraries can be loaded into memory while the user types in their username and password.</para>

      <para>To use this feature, configure GDM with the --with-prefetch option. This will cause GDM to install the gdmprefetch program to the EXPANDED_LIBEXEC directory, install the gdmprefetchlist to the &lt;etc&gt;/gdm directory, and set the PreFetchProgram configuration variable so that the gdmprefetch program is called with the default gdmprefetchlist file. The default gdmprefetchlist file was optimized for a GNOME desktop running on Solaris, so may need fine-tuning on other systems. Alternative prefetchlist files can be contributed to the "gdm" category in <ulink type="http" url="http://bugzilla.gnome.org/">bugzilla.gnome.org</ulink>, so that they can be included in future GDM releases.</para>
    </sect2>
  </sect1>

  <sect1 id="Security">
    <title>Seguridad</title>

    <sect2 id="gdmuser">
      <title>El usuario GDM</title>

      <para>The GDM daemon normally runs as root, as does the slave. However GDM should also have a dedicated user id and a group id which it uses for its graphical interfaces such as <command>gdmgreeter</command> and <command>gdmlogin</command>. You can choose the name of this user and group in the <filename>[daemon]</filename> section of the configuration file.</para>

      <para>El usuario y el grupo GDM, que son normalmente <command>gdm</command> no deberían tener ningún privilegio. La razón para usarlos es tener el interfaz de usuario ejecutándose como un usuario sin privilegios para que en el improbable caso de que alguien encuentre una debilidad en el IGU, no puedan acceder como root a la computadora.</para>

      <para>It should however be noted that the GDM user and group have some privileges that make them somewhat dangerous. For one they have access to the X server authorization directory (the <filename>ServAuthDir</filename>), which contains all the X server authorization files and other private information. This means that someone who gains the GDM user/group privileges can then connect to any session. So you should not, under any circumstances, make this some user/group which may be easy to get access to, such as the user <filename>nobody</filename>.</para>
    </sect2>

    <sect2 id="xauth">
      <title>Esquema de autenticación del servidor X</title>
 
      <para>The X server authorization directory (the <filename>ServAuthDir</filename>) is used for a host of random internal data in addition to the X server authorization files, and the naming is really a relic of history. GDM daemon enforces this directory to be owned by <filename>root.gdm</filename> with the permissions of 1770. This way, only root and the GDM group have write access to this directory, but the GDM group cannot remove the root owned files from this directory, such as the X server authorization files.</para>

      <para>GDM by default doesn't trust the X server authorization directory and treats it in the same way as the temporary directory with respect to creating files. This way someone breaking the GDM user cannot mount attacks by creating links in this directory. Similarly the X server log directory is treated safely, but that directory should really be owned and writable only by root.</para>

      <para>GDM only supports the MIT-MAGIC-COOKIE-1 X server authentication scheme. Normally little is gained from the other schemes, and no effort has been made to implement them so far. Be especially careful about using XDMCP because the X server authentication cookie goes over the wire as clear text. If snooping is possible, then an attacker could simply snoop your authentication password as you log in, regardless of the authentication scheme being used. If snooping is possible and undesirable, then you should use ssh for tunneling an X connection rather then using XDMCP. You could think of XDMCP as a sort of graphical telnet, having the same security issues.</para>

      <para>On the upside, GDM's random number generation is very conservative and GDM goes to extraordinary measures to truly get a 128 bit random number, using hardware random number generators (if available), plus the current time (in microsecond precision), a 20 byte array of pseudorandom numbers, process pid's, and other random information (possibly using <filename>/dev/audio</filename> or <filename>/dev/mem</filename> if hardware random generators are not available) to create a large buffer and then run MD5 digest on this. Obviously, all this work is wasted if you send this cookie over an open network or store it on an NFS directory (see <filename>UserAuthDir</filename> configuration key). So be careful about where you use remote X display.</para>
    </sect2>

    <sect2 id="firewall">
      <title>Seguridad con cortafuegos</title>

      <para>Even though GDM tries to outsmart potential attackers trying to take advantage of XDMCP, it is still advised that you block the XDMCP port (normally UDP port 177) on your firewall unless you really need it. GDM guards against DoS (Denial of Service) attacks, but the X protocol is still inherently insecure and should only be used in controlled environments. Also each remote connection takes up lots of resources, so it is much easier to DoS via XDMCP then a webserver.</para>

      <para>It is also wise to block all of the X Server ports. These are TCP ports 6000 + the display number of course) on your firewall. Note that GDM will use display numbers 20 and higher for flexible on-demand servers.</para>

      <para>X is not a very safe protocol for leaving on the net, and XDMCP is even less safe.</para>
    </sect2>

    <sect2 id="nfssecurity">
      <title>Seguridad de GDM con NFS</title>

      <para>Note that NFS traffic really goes "over the wire" and thus can be snooped. When accessing the user's X authorization file (~/.Xauthority), GDM will try to open the file for reading as root. If it fails, GDM will conclude that it is on an NFS mount and it will automatically use <filename>UserAuthFBDir</filename>, which by default is set to <filename>/tmp</filename>. This behavior can be changed by setting the <filename>NeverPlaceCookiesOnNFS</filename> in the <filename>[security]</filename> section to false.</para>
    </sect2>

    <sect2 id="xdmcpsecurity">
      <title>Seguridad de XDMCP</title>

      <para>Even though your display is protected by cookies, XEvents and thus keystrokes typed when entering passwords will still go over the wire in clear text. It is trivial to capture these.</para>

      <para>XDMCP is primarily useful for running thin clients such as in terminal labs. Those thin clients will only ever need the network to access the server, and so it seems like the best security policy to have those thin clients on a separate network that cannot be accessed by the outside world, and can only connect to the server. The only point from which you need to access outside is the server.</para>

      <para>The above sections "X Server Authentication Scheme" and "Firewall Security" also contain important information about using XDMCP securely. The next section also discusses how to set up XDMCP access control.</para>
    </sect2>

    <sect2 id="xdmcpaccess">
      <title>Control de acceso XDMCP</title>

      <para>El control de acceso XDMCP se realiza por medio de TCP wrappers. Es posible compilar GDM sin TCP wrappers sin embargo debería probar su configuración y verificar que funciona.</para>

      <para>Debería usar el nombre del demonio <command>gdm</command> en el archivo <filename>&lt;etc&gt;/hosts.allow</filename> y en el archivo <filename>&lt;etc&gt;hosts.deny</filename>. Por ejemplo para denegar la entrada a equipos de <filename>.evil.domain</filename> , añada</para>
      <screen>gdm: .dominio.maligno</screen>
      <para>a <filename>&lt;etc&gt;/hosts.deny</filename>. También necesitará añadir </para>
      <screen>gdm: .su.dominio</screen>
      <para>a su <filename>&lt;etc&gt;/hosts.allow</filename> si normalmente no permite todos los servicios desde todos los equipos. Vea la página del manual <ulink type="help" url="man:hosts.allow">hosts.allow(5)</ulink> para más detalles.</para>
    </sect2>
  </sect1>

  <sect1 id="configuration">
    <title>Configuración</title>

    <para>Esta sección cubrirá la configuración de GDM y el formato de los archivos de configuración de GDM. Puede usar el comando <command>gdmsetup</command> para configurar GDM, pero la aplicación de configuración no le deja configurar cada aspecto de GDM. La información de esta sección le explica en profundidad cómo configurar GDM.</para>

    <para>Los archivos de configuración (especialmente <filename>gdm.conf</filename> y <filename>gdm.conf-custom</filename>) contienen comentarios útiles y ejemplos, así que léalos para más información acerca de cambiar su configuración.</para>

    <para>Algunas claves en el archivo de configuración se entregan comentadas mientras que otras están activadas. Esto se hace para que los predeterminados para algunas claves puedan cambiarse fácilmente en el futuro. GDM considera que las líneas que comienzan con el carácter «#» un comentario,  y estas líneas se ignorarán.</para>

    <para>EL archivo  <filename>gdm.conf</filename> contiene las opciones de configuración predeterminadas para GDM, y no debería ser modificado por el usuario. El archivo <filename>gdm.conf-custom</filename> es donde los usuarios pueden especificar sus opciones de configuración personalizadas. Las opciones de configuración especificadas en el archivo <filename>gdm.conf-custom</filename> toman precedencia sobre los valores en el archivo principal <filename>gdm.conf</filename>. Ejecutar el comando <command>gdmsetup</command> hará que el archivo <filename>gdm.conf-custom</filename> se modifique con las opciones de configuración del usuario y hará que cualquier programa del IGU de GDM se actualice automáticamente. Anteriormente a la versión 2.13.0.4 GDM sólo soportaba el archivo <filename>gdm.conf</filename>, así que si está usando una versión más antigua de GDM tan sólo edite ese archivo directamente.</para>

    <para>GDM puede configurarse para soportar configuración para todo el sistema si se compila con la opción <command>--with-configdir</command>. Esto permite instalar el archivo gdm.conf en un directorio que pueda montarse a través de múltiples sistemas. La opción --config también podría usarse para especificar la ubicación del archivo de configuración. El demonio GDM2 debe reiniciarse para cambiar el archivo de configuración en uso.</para>

    <para><filename>factory-gdm.conf</filename> es el archivo de  configuración tal como se empaqueta con el demonio. Esto puede ser útil si desea volver a la configuración predeterminada.</para>

    <para>Los demás archivos de configuración de GDM se encuentran, por omisión, en la carpeta <filename>&lt;etc&gt;/gdm/</filename> o sus subdirectorios. sin embargo, la ubicación de todos los archivos de configuración pueden definirse en el archivo <filename>gdm.conf</filename>, así que el administrador del sistema puede elegir situar estos archivos en cualquier lugar.</para>

    <para>Esta es una lista de los contenidos del directorio de configuración:</para>

    <screen>
locale.alias
Xsession
XKeepsCrashing
modules/
Init/
PostLogin/
PreSession/
PostSession/
    </screen>

    <para><filename>locale.alias</filename> es un archivo que se parece mucho al archivo de alias regionales del sistema pero no es el mismo. Éstos son los idiomas que están disponibles en su sitema. Todos los idiomas además se prueban para ver si actualmente existen antes de presentárselos al usuario.</para>

    <para><filename>Xsession</filename> es un script que configura una sesión de usuario y después ejecuta la selección de sesión del usuario. Note que el script de sesión se inicia típicamente por el archivo <filename>desktop</filename> asociado con la sesión que el usuario a escogido. Algunas sesiones quizá inicien la sesión del usuario por medio de un mecanismo diferente que el script <filename>Xsession</filename> así que marque el <filename>desktop</filename> apropiado antes de asumir que el problema de inicio está causado por este archivo.</para>

    <para><filename>XKeepsCrashing</filename> es un script que se ejecuta cuando el servidor X continúa colgándose y no se puede recuperar. El script predeterminado incluido funcionará con la mayoría de las distribuciones de Linux y puede ejecutar la aplicación de configuración de X siempre que la persona en la consola conozca la contraseña de root.</para>

    <para>Accessibility modules are configured in the <filename>modules/</filename> subdirectory, and are a separate topic. Read the default files provided, they have adequate documentation. Again normally the default install is given in the files with <filename>factory</filename> in their name, and those files are not read, they are just there for you so you can always revert to default config.</para>

    <para>Files describing available GDM session follow the freedesktop.org desktop file specification and are <filename>.desktop</filename>-style files are installed to <filename>&lt;etc&gt;/X11/sessions/</filename>. This directory is also read by the KDE desktop manager (KDM) for common configuration. Next the directory <filename>&lt;share&gt;/gdm/BuiltInSessions/</filename> is read for GDM specific built-in sessions (KDM hardcodes these at time of this writing). Lastly the default setup will also read <filename>&lt;share&gt;/xsessions/</filename> (which should be <filename>/usr/share/xsessions/</filename> if you really wish to cooperate with KDM) where desktop packages can install their session files. The directories under the <filename>&lt;etc&gt;</filename> should be reserved for configuration. The desktop file specification approach makes it easy for package management systems to install window managers and different session types without requiring the sysadmin to edit files. See the <filename>SessionDesktopDir</filename> configuration key for changing the paths. It used to be that GDM stored its built in sessions in <filename>&lt;etc&gt;/dm/Sessions/</filename> but this is deprecated as of 2.5.90.0. Note that prior to version 2.4.4.2 only the <filename>&lt;etc&gt;/dm/Sessions/</filename> was being read.</para>

    <para>A session can be disabled (if it was installed in <filename>/usr/share/xsessions/</filename>) by adding an identically named <filename>.desktop</filename> to one of the directories earlier in the path (likely <filename>&lt;etc&gt;/X11/sessions</filename>) and using <filename>Hidden=true</filename> in that file.</para>

    <sect2 id="scriptdirs">
      <title>Los directorios de scripts</title>
      
      <para>En esta sección explicaremos los directorios <filename>Init</filename>, <filename>PostLogin</filename>, <filename>PreSession</filename> y <filename>PostSession</filename> ya que son muy similares.</para>

      <para>When the X server has been successfully started, GDM will try to run the script called <filename>Init/&lt;displayname&gt;</filename>. I.e. <filename>Init/:0</filename> for the first local display. If this file is not found, GDM will attempt to to run <filename>Init/&lt;hostname&gt;</filename>. I.e. <filename>Init/somehost</filename>. If this still is not found, GDM will try <filename>Init/XDMCP</filename> for all XDMCP logins or <filename>Init/Flexi</filename> for all on demand flexible displays. If none of the above were found, GDM will run <filename>Init/Default</filename>. The script will be run as root and GDM blocks until it terminates. Use the <filename>Init/*</filename> script for applications that are supposed to run alongside with the GDM login window. xconsole for instance. Commands to set the background etc. goes in this file too.</para>

      <para>It is up to the sysadmin to decide whether clients started by the Init script should be killed before starting the user session. This is controlled with the <filename>KillInitClients</filename> configuration option.</para>

      <para>When the user has been successfully authenticated GDM tries the scripts in the <filename>PostLogin</filename> directory in the same manner as for the <filename>Init</filename> directory. This is done before any session setup is done, and so this would be the script where you might setup the home directory if you need to (though you should use the <filename>pam_mount</filename> module if you can for this). You have the <filename>$USER</filename> and <filename>$DISPLAY</filename> environment variables set for this script, and again it is run as root. The script should return 0 on success as otherwise the user won't be logged in. This is not true for failsafe session however.</para>

      <para>After the user session has been setup from the GDM side of things, GDM will run the scripts in the <filename>PreSession</filename> directory, again in the same manner as the <filename>Init</filename> directory. Use this script for local session management or accounting stuff. The <filename>$USER</filename> environment variable contains the login of the authenticated user and <filename>$DISPLAY</filename> is set to the current display. The script should return 0 on success. Any other value will cause GDM to terminate the current login process. This is not true for failsafe sessions however. Also <filename>$X_SERVERS</filename> environmental variable is set and this points to a fake generated X servers file for use with the sessreg accounting application.</para>

      <para>After this the base <filename>Xsession</filename> script is run with the selected session executable as the first argument. This is run as the user, and really this is the user session. The available session executables are taken from the <filename>Exec=</filename> line in the <filename>.desktop</filename> files in the path specified by <filename>SessionDesktopDir</filename>. Usually this path is <filename>&lt;etc&gt;/X11/sessions/:&lt;etc&gt;/dm/Sessions:/usr/share/xsessions/</filename>. The first found file is used. The user either picks from these sessions or GDM will look inside the file <filename>~/.dmrc</filename> for the stored preference.</para>

      <para>This script should really load the users profile and generally do all the voodoo that is needed to launch a session. Since many systems reset the language selections done by GDM, GDM will also set the <filename>$GDM_LANG</filename> variable to the selected language. You can use this to reset the language environmental variables after you run the users profile. If the user elected to use the system language, then <filename>$GDM_LANG</filename> is not set.</para>

      <para>When the user terminates his session, the <filename>PostSession</filename> script will be run. Again operation is similar to <filename>Init</filename>, <filename>PostLogin</filename> and <filename>PreSession</filename>. Again the script will be run with root privileges, the slave daemon will block and the <filename>$USER</filename> environment variable will contain the name of the user who just logged out and <filename>$DISPLAY</filename> will be set to the display the user used, however note that the X server for this display may already be dead and so you shouldn't try to access it. Also <filename>$X_SERVERS</filename> environmental variable is set and this points to a fake generated X servers file for use with the sessreg accounting application.</para>

      <para>Note that the <filename>PostSession</filename> script will be run even when the display fails to respond due to an I/O error or similar. Thus, there is no guarantee that X applications will work during script execution.</para>

      <para>Except for the <filename>Xsession</filename> script all of these scripts will also have the environment variable <filename>$RUNNING_UNDER_GDM</filename> set to <filename>yes</filename>, so that you could perhaps use similar scripts for different display managers. The <filename>Xsession</filename> will always have the <filename>$GDMSESSION</filename> set to the basename of the session that the user chose to run without the <filename>.desktop</filename> extension. In addition <filename>$DESKTOP_SESSION</filename> is also set to the same value and in fact this will also be set by KDM in future versions.</para>

      <para>Neither of the <filename>Init</filename>, <filename>PostLogin</filename>, <filename>PreSession</filename> or <filename>PostSession</filename> scripts are necessary and can be left out. The <filename>Xsession</filename> script is however required as well as at least one session <filename>.desktop</filename> file.</para>

    </sect2>

    <sect2 id="configfile">
      <title>The Configuration File - <filename>gdm.conf</filename> and <filename>gdm.conf-custom</filename></title>
      
      <para>GDM uses two configuration files: <filename>gdm.conf</filename> and <filename>gdm.conf-custom</filename>. The <filename>gdm.conf</filename> file contains the default configuration choices for GDM, and should not be modified by the user. The <filename>gdm.conf-custom</filename> file is where users may specify their custom configuration choices. Configuration options specified in the <filename>gdm.conf-custom</filename> file override the values in the main <filename>gdm.conf</filename> file. If a configuration option is not defined in either file, GDM will default to the value described in the comments in the <filename>gdm.conf</filename> file.</para>

      <para>Running the <command>gdmsetup</command> command will cause the <filename>gdm.conf-custom</filename> to be modified with the user's configuration choices.</para>

      <para>Previous to GDM 2.13.0.4 only the <filename>gdm.conf</filename> existed. If upgrading to the new version of GDM, install will check to see if your <filename>gdm.conf</filename> file is different than your <filename>factory-gdm.conf</filename> file. If so, your <filename>gdm.conf</filename> file will be automatically copied to <filename>gdm.conf-custom</filename> to preserve your configuration changes.</para>
        
      <para>GDM may be configured to support system-wide configuration if built with the <command>--with-configdir</command> option. This allows the <filename>gdm.conf</filename> file to be installed to a directory that can be mounted across multiple-systems. The GDM --config option may instead be used to specify a configuration file installed to another location. The GDM2 daemon must be restarted to change the configuration file being used.</para>

      <para>Both configuration files are divided into sections each containing variables that define the behavior for a specific part of the GDM suite. Refer to the comments in the <filename>gdm.conf</filename> file for additional information about each configuration setting.</para>

      <para>The <filename>gdm.conf</filename> and <filename>gdm.conf-custom</filename> files follow the standard <filename>.ini</filename> style configuration file syntax. Keywords in brackets define sections, strings before an equal sign (=) are variables and the data after equal sign represents their value. Empty lines or lines starting with the hash mark (#) are ignored. The graphical configurator will try to preserve both comments (lines with a hash mark) and the overall structure of the file so you can intermix using the GUI or hand editing the configuration file.</para>

      <sect3 id="daemonsection">
        <title>Configuración del demonio</title>

        <variablelist>
          <title>[daemon]</title>

          <varlistentry>
            <term>AddGtkModules</term>
                <listitem>
              <synopsis>AddGtkModules=false</synopsis>
              <para>Si es true, entonces activa <command>gdmgreeter</command> o <command>gdmlogin</command> para que se lancen con módulos GTK+ adicionales. esto es útil cuando se requieren características extra como un inicio sesión accesible. Note que sólo deberían usarse los módulos «confiables» para minimizar las cuestiones de seguridad.</para>
              <para>Usualmente esto se usa para los módulos de accesibilidad. Los módulos que se cargan se especifican con la clave <filename>GtkModulesList</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>AlwaysRestartServer</term>
            <listitem>
              <synopsis>AlwaysRestartServer=false</synopsis>
              <para>If true, then gdm never tries to reuse existing X servers by reinitializing them. It will just kill the existing X server and start over. Normally, just reinitializing is a nicer way to go but if the X server memory usage keeps growing this may be a safer option. On Solaris, this value is always true, and this configuration setting is ignored.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>AutomaticLoginEnable</term>
            <listitem>
              <synopsis>AutomaticLoginEnable=false</synopsis>
              <para>If the user given in AutomaticLogin should be logged in upon first bootup. No password will be asked. This is useful for single user workstations where local console security is not an issue. Also could be useful for public terminals, although there see <filename>TimedLogin</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>AutomaticLogin</term>
            <listitem>
              <synopsis>AutomaticLogin=</synopsis>
              <para>This user should be automatically logged in on first bootup. AutomaticLoginEnable must be true and this must be a valid user for this to happen. "root" can never be autologged in however and gdm will just refuse to do it even if you set it up.</para>

              <para>Los siguientes caracteres de control se reconocen dentro del nombre especificado:</para>

              <para>the `' character</para>

              <para>d nombre del display</para>

              <para>h nombre de host del display</para>

              <para>Alternatively, the name may end with a vertical bar |, the pipe symbol. The name is then used as a application to execute which returns the desired username on standard output. If an empty or otherwise invalid username is returned, automatic login is not performed. This feature is typically used when several remote displays are used as internet kiosks, with a specific user to automatically login for each display.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>BaseXsession</term>
            <listitem>
              <synopsis>BaseXsession=&lt;etc&gt;/gdm/Xsession</synopsis>
              <para>This is the base X session file. When a user logs in, this script will be run with the selected session as the first argument. The selected session will be the <filename>Exec=</filename> from the <filename>.desktop</filename> file of the session.</para>

              <para>If you wish to use the same script for several different display managers, and wish to have some of the script run only for GDM, then you can check the presence of the <filename>GDMSESSION</filename> environmental variable. This will always be set to the basename of <filename>.desktop</filename> (without the extension) file that is being used for this session, and will only be set for GDM sessions. Previously some scripts were checking for <filename>GDM_LANG</filename>, but that is only set when the user picks a non-system default language.</para>

              <para>This script should take care of doing the "login" for the user and so it should source the <filename>&lt;etc&gt;/profile</filename> and friends. The standard script shipped with GDM sources the files in this order: <filename>&lt;etc&gt;/profile</filename> then <filename>~/.profile</filename> then <filename>&lt;etc&gt;/xprofile</filename> and finally <filename>~/.xprofile</filename>. Note that different distributions may change this however. Sometimes users personal setup will be in <filename>~/.bash_profile</filename>, however broken that is.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Chooser</term>
            <listitem>
              <synopsis>Chooser=&lt;bin&gt;/gdmchooser</synopsis>
              <para>Ruta completa y nombre del ejecutable del selector seguido de archumentos opcionales.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Configurator</term>
            <listitem>
              <synopsis>Configurator=&lt;bin&gt;/gdmsetup --disable-sound --disable-crash-dialog</synopsis>
              <para>The pathname to the configurator binary. If the greeter <filename>ConfigAvailable</filename> option is set to true then run this binary when somebody chooses Configuration from the Actions menu. Of course GDM will first ask for root password however. And it will never allow this to happen from a remote display.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ConsoleCannotHandle</term>
            <listitem>
              <synopsis>ConsoleCannotHandle=am,ar,az,bn,el,fa,gu,hi,ja,ko,ml,mr,pa,ta,zh</synopsis>
              <para>These are the languages that the console cannot handle because of font issues. Here we mean the text console, not X. This is only used when there are errors to report and we cannot start X.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ConsoleNotify</term>
            <listitem>
              <synopsis>ConsoleNotify=true</synopsis>
              <para>If false, gdm will not display a message dialog on the console when an error happens.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>DefaultPath</term>
            <listitem>
              <synopsis>DefaultPath=/bin:/usr/bin:/usr/bin/X11:/usr/local/bin</synopsis>
              <para>Specifies the path which will be set in the user's session. This value will be overridden with the value from /etc/default/login if it contains "ROOT=&lt;pathname&gt;". If the /etc/default/login file exists, but contains no value for ROOT, the value as defined in the GDM configuration will be be used.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DefaultSession</term>
            <listitem>
              <synopsis>DefaultSession=gnome.desktop</synopsis>
              <para>The session that is used by default if the user does not have a saved preference and has picked 'Last' from the list of sessions. Note that 'Last' need not be displayed, see the <filename>ShowLastSession</filename> key.</para>
            </listitem>
          </varlistentry>
          
          
          <varlistentry>
            <term>DisplayInitDir</term>
            <listitem>
              <synopsis>DisplayInitDir=&lt;etc&gt;/gdm/Init</synopsis>
              <para>Directory containing the display init scripts. See the ``The Script Directories'' section for more info.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DisplayLastLogin</term>
            <listitem>
              <synopsis>DisplayLastLogin=true</synopsis>
              <para>If true then the last login information is printed to the user before being prompted for password. While this gives away some info on what users are on a system, it on the other hand should give the user an idea of when they logged in and if it doesn't seem kosher to them, they can just abort the login and contact the sysadmin (avoids running malicious startup scripts). This was added in version 2.5.90.0.</para>
              <para>This is for making GDM conformant to CSC-STD-002-85, although that is purely theoretical now. Someone should read that spec and ensure that this actually conforms (in addition to other places in GDM). See <filename>http://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.html</filename> for more info.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DoubleLoginWarning</term>
            <listitem>
              <synopsis>DoubleLoginWarning=true</synopsis>
              <para>If true, GDM will warn the user if they are already logged in on another virtual terminal. On systems where GDM supports checking the X virtual terminals, GDM will let the user switch to the previous login virtual terminal instead of logging in.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DynamicXServers</term>
            <listitem>
              <synopsis>DynamicXServers=false</synopsis>
              <para>If true, the GDM daemon will honor requests to manage displays via the <filename>/tmp/.gdm_socket</filename> socket connection. Displays can be created, started, and deleted with the appropriate commands. The <filename>gdmdynamic</filename> command is a convenient method to send these messages.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>FailsafeXServer</term>
            <listitem>
              <synopsis>FailsafeXServer=</synopsis>
              <para>An X command line in case we can't start the normal X server. should probably be some sort of a script that runs an appropriate low resolution X server that will just work. This is tried before the <filename>XKeepsCrashing</filename> script is run.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>FirstVT</term>
            <listitem>
              <synopsis>FirstVT=7</synopsis>
              <para>On systems where GDM supports automatic VT (virtual terminal) allocation, this is the first vt to try. Usually standard text logins are run on the lower vts. See also <filename>VTAllocation</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>FlexibleXServers</term>
            <listitem>
              <synopsis>FlexibleXServers=5</synopsis>
              <para>The maximum number of allowed flexible displays. These are displays that can be run using the <filename>/tmp/.gdm_socket</filename> socket connection. This is used for both full flexible displays and for Xnest displays.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>FlexiReapDelayMinutes</term>
            <listitem>
              <synopsis>FlexiReapDelayMinutes=5</synopsis>
              <para>After how many minutes of inactivity at the login screen should a flexi display be reaped. This is only in effect before a user logs in. Also it does not affect the Xnest flexiservers. To turn off this behaviour set this value to 0. This was added in version 2.5.90.0.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Greeter</term>
            <listitem>
              <synopsis>Greeter=&lt;bin&gt;/gdmlogin</synopsis>
              <para>Full path and name of the greeter executable followed by optional arguments. This is the greeter used for all displays except for the XDMCP remote displays. See also <filename>RemoteGreeter</filename></para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Group</term>
            <listitem>
              <synopsis>Group=gdm</synopsis>
              <para>The group name under which <command>gdmlogin</command>, <command>gdmgreeter</command>, <command>gdmchooser</command> and the internal failsafe GTK+ dialogs are run. Also see <filename>User</filename>. This user will have access to all the X authorization files, and perhaps to other internal GDM data and it should not therefore be a user such as nobody, but rather a dedicated user. The <filename>ServAuthDir</filename> is owned by this group. The ownership and permissions of <filename>ServAuthDir</filename> should be <filename>root.gdm</filename> and 1770.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>GtkModulesList</term>
            <listitem>
              <synopsis>GtkModulesList=module-1:module-2:...</synopsis>
              <para>A colon separated list of Gtk+ modules that <command>gdmgreeter</command> or <command>gdmlogin</command> will be invoked with if <filename>AddGtkModules</filename> is true. The format is the same as the standard Gtk+ module interface.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>HaltCommand</term>
            <listitem>
              <synopsis>HaltCommand=/sbin/shutdown -h now</synopsis>
584
              <para>Full path and arguments to command to be executed when user selects Shutdown from the Actions menu. This can be a ';' separated list of commands to try. If a value is missing, the shut down command is not available. Note that the default for this value is not empty so to disable shut down you must set this explicitly to an empty value.</para>
585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>KillInitClients</term>
            <listitem>
              <synopsis>KillInitClients=true</synopsis>
              <para>Determines whether GDM should kill X clients started by the init scripts when the user logs in.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Directorio de registro</term>
            <listitem>
              <synopsis>LogDir=&lt;var&gt;/log/gdm</synopsis>
              <para>Directory containing the log files for the individual displays. By default this is the same as the ServAuthDir.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>PidFile</term>
            <listitem>
              <synopsis>PidFile=&lt;var&gt;/run/gdm.pid</synopsis>
              <para>Name of the file containing the <filename>gdm</filename> process id.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>PreFetchProgram</term>
            <listitem>
              <synopsis>PreFetchProgram=command</synopsis>
              <para>Program to be run by the GDM greeter/login program when the initial screen is displayed. The purpose is to provide a hook where files which will be used after login can be preloaded to speed performance for the user. The program will be called once only, the first time a greeter is displayed. The gdmprefetch command may be used. This utility will load any libraries passed in on the command line, or if the argument starts with a "@" character, it will process the file assuming it is an ASCII file containing a list of libraries, one per line, and load each library in the file.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>PostLoginScriptDir</term>
            <listitem>
              <synopsis>PostLoginScriptDir=&lt;etc&gt;/gdm/PostLogin</synopsis>
              <para>Directory containing the scripts run right after the user logs in, but before any session setup is done. See the ``The Script Directories'' section for more info.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>PostSessionScriptDir</term>
            <listitem>
              <synopsis>PostSessionScriptDir=&lt;etc&gt;/gdm/PostSession</synopsis>
              <para>Directory containing the scripts run after the user logs out. See the ``The Script Directories'' section for more info.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>PreSessionScriptDir</term>
            <listitem>
              <synopsis>PreSessionScriptDir=&lt;etc&gt;/gdm/PreSession</synopsis>
              <para>Directory containing the scripts run before the user logs in. See the ``The Script Directories'' section for more info.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>RebootCommand</term>
            <listitem>
              <synopsis>RebootCommand=/sbin/shutdown -r now</synopsis>
              <para>Full path and optional arguments to the command to be executed when user selects Restart from the Actions menu. This can be a ';' separated list of commands to try. If missing, the restart command is not available. Note that the default for this value is not empty so to disable restart you must set this explicitly to an empty value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>RemoteGreeter</term>
            <listitem>
              <synopsis>RemoteGreeter=&lt;bin&gt;/gdmlogin</synopsis>
              <para>Full path and name of the greeter executable followed by optional arguments. This is used for all remote XDMCP sessions. It is useful to have the less graphically demanding greeter here if you use the Themed Greeter for your main greeter. See also the <filename>Greeter</filename> key.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>RootPath</term>
            <listitem>
              <synopsis>RootPath=/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:/usr/local/bin</synopsis>
              <para>Specifies the path which will be set in the root's session and the {Init,PostLogin,PreSession,PostSession} scripts executed by GDM. This value will be overridden with the value from /etc/default/login if it contains "SUROOT=&lt;pathname&gt;". If the /etc/default/login file exists, but contains no value for SUROOT, the value as defined in the GDM configuration will be used.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>ServAuthDir</term>
            <listitem>
              <synopsis>ServAuthDir=&lt;var&gt;/gdm</synopsis>
              <para>Directory containing the X authentication files for the individual displays. Should be owned by <filename>root.gdm</filename> with permissions 1770, where <filename>gdm</filename> is the GDM group as defined by the <filename>Group</filename> option. That is should be owned by root, with <filename>gdm</filename> group having full write permissions and the directory should be sticky and others should have no permission to the directory. This way the GDM user can't remove files owned by root in that directory, while still being able to write its own files there. GDM will attempt to change permissions for you when it's first run if the permissions are not the above. This directory is also used for other private files that the daemon needs to store. Other users should not have any way to get into this directory and read/change it's contents. Anybody who can read this directory can connect to any display on this computer.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>SessionDesktopDir</term>
            <listitem>
              <synopsis>SessionDesktopDir=&lt;etc&gt;/X11/sessions/:&lt;etc&gt;/dm/Sessions/:&lt;/usr/share&gt;/xsessions/</synopsis>
              <para>Directory containing the <filename>.desktop</filename> files which are the available sessions on the system. Since 2.4.4.2 this is treated like a PATH type variable and the first file found is used.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundProgram</term>
            <listitem>
              <synopsis>SoundProgram=/usr/bin/play</synopsis>
              <para>Application to use when playing a sound. Currently used for playing the login sound, see the <filename>SoundOnLoginFile</filename> key. Supported since 2.5.90.0.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>StandardXServer</term>
            <listitem>
              <synopsis>StandardXServer=/usr/X11R6/bin/X</synopsis>
              <para>Full path and arguments to the standard X server command. This is used when gdm cannot find any other definition, and it's used as the default and failsafe fallback in a number of places. This should be able to run some sort of X server.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SuspendCommand</term>
            <listitem>
              <synopsis>SuspendCommand=</synopsis>
              <para>Full path and arguments to command to be executed when user selects Suspend from the Actions menu. If empty there is no such menu item. Note that the default for this value is not empty so to disable suspend you must set this explicitly to an empty value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>TimedLoginEnable</term>
            <listitem>
              <synopsis>TimedLoginEnable=false</synopsis>
              <para>If the user given in <filename>TimedLogin</filename> should be logged in after a number of seconds (set with <filename>TimedLoginDelay</filename>) of inactivity on the login screen. This is useful for public access terminals or perhaps even home use. If the user uses the keyboard or browses the menus, the timeout will be reset to <filename>TimedLoginDelay</filename> or 30 seconds, whichever is higher. If the user does not enter a username but just hits the ENTER key while the login program is requesting the username, then GDM will assume the user wants to login immediately as the timed user. Note that no password will be asked for this user so you should be careful, although if using PAM it can be configured to require password entry before allowing login.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>TimedLogin</term>
            <listitem>
              <synopsis>TimedLogin=</synopsis>
              <para>This is the user that should be logged in after a specified number of seconds of inactivity. This can never be "root" and gdm will refuse to log in root this way. The same features as for <filename>AutomaticLogin</filename> are supported. The same control chars and piping to a application are supported.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>TimedLoginDelay</term>
            <listitem>
              <synopsis>TimedLoginDelay=30</synopsis>
              <para>Este es el retardo antes de que el usuario <filename> TimedLogin</filename> entre en la sesión. Debe ser mayor o igual a 10.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>User</term>
            <listitem>
              <synopsis>User=gdm</synopsis>
              <para>The username under which <command>gdmlogin</command>, <command>gdmgreeter</command>, <command>gdmchooser</command> and the internal failsafe GTK+ dialogs are run. Also see <filename>Group</filename>. This user will have access to all the X authorization files, and perhaps to other internal GDM data and it should not therefore be a user such as nobody, but rather a dedicated user.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>UserAuthDir</term>
            <listitem>
              <synopsis>UserAuthDir=</synopsis>
              <para>The directory where user's <filename>.Xauthority</filename> file should be saved. When nothing is specified the user's home directory is used. This is tilde expanded so you can set it to things like: <filename>~/authdir/</filename>.</para>

              <para>If you do not use the tilde expansion, then the filename created will be random, like in <filename>UserAuthFBDir</filename>. This way many users can have the same authentication directory. For example you might want to set this to <filename>/tmp</filename> when user has the home directory on NFS, since you really don't want cookie files to go over the wire. The users should really have write privileges to this directory, and this directory should really be sticky and all that, just like the <filename>/tmp</filename> directory.</para>

              <para>Normally if this is the users home directory GDM will still refuse to put cookies there if it thinks it is NFS (by testing root-squashing). This can be changed by setting <filename>NeverPlaceCookiesOnNFS</filename> in the <filename>[security]</filename> section to false.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>UserAuthFBDir</term>
            <listitem>
              <synopsis>UserAuthFBDir=/tmp</synopsis>
              <para>If GDM fails to update the user's <filename>.Xauthority</filename> file a fallback cookie is created in this directory.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>UserAuthFile</term>
            <listitem>
              <synopsis>UserAuthFile=.Xauthority</synopsis>
              <para>Name of the file used for storing user cookies.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>VTAllocation</term>
            <listitem>
              <synopsis>VTAllocation=true</synopsis>
              <para>On systems where GDM supports automatic VT (virtual terminal) allocation (currently Linux and FreeBSD only), you can have GDM automatically append the vt argument to the X server executable. This way races that come up from each X server managing it's own vt allocation can be avoided. See also <filename>FirstVT</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>XKeepsCrashing</term>
            <listitem>
              <synopsis>XKeepsCrashing=&lt;etc&gt;/gdm/XKeepsCrashing</synopsis>
              <para>A script to run in case X keeps crashing. This is for running An X configuration or whatever else to make the X configuration work. See the script that came with the distribution for an example. The distributed <filename>XKeepsCrashing</filename> script is tested on Red Hat, but may work elsewhere. Your system integrator should make sure this script is up to date for your particular system.</para>
              <para>En caso de que esté configurado <filename> FailsafeXServer</filename>, ése se intentará primero, y este sólo se usará como un respaldo en el caso de que el servidor X se mantenga colgado.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Xnest</term>
            <listitem>
              <synopsis>Xnest=/usr/bin/X11/Xnest (/usr/openwin/bin/Xnest on Solaris)</synopsis>
              <para>The full path and arguments to the Xnest command. This is used for the flexible Xnest displays. This way the user can start new login screens in a nested window. Of course you must have the Xnest display from your X server packages installed for this to work.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>

      <sect3 id="securitysection">
        <title>Opciones de seguridad</title>
        
        <variablelist>
          <title>[security]</title>
          
          <varlistentry>
            <term>AllowRoot</term>
            <listitem>
              <synopsis>AllowRoot=true</synopsis>
              <para>Permite al usuario root (usuario privilegiado) entrar a través de GDM. Establezca esta opción a false si quiere no permitir dichas entradas.</para>
              <para>On systems that support PAM, this parameter is not as useful as you can use PAM to do the same thing, and in fact do even more. However it is still followed, so you should probably leave it true for PAM systems.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>AllowRemoteRoot</term>
            <listitem>
              <synopsis>AllowRemoteRoot=false</synopsis>
              <para>Allow root (privileged user) to log in remotely through GDM. This value should be set to true to allow such logins. Remote logins are any logins that come in through the XDMCP.</para>
              <para>On systems that support PAM, this parameter is not as useful since you can use PAM to do the same thing, and do even more.</para>
              <para>This value will be overridden and set to false if the /etc/default/login file exists and contains "CONSOLE=/dev/login", and set to true if the /etc/default/login file exists and contains any other value or no value for CONSOLE.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>AllowRemoteAutoLogin</term>
            <listitem>
              <synopsis>AllowRemoteAutoLogin=false</synopsis>
              <para>Allow the timed login to work remotely. That is, remote connections through XDMCP will be allowed to log into the "TimedLogin" user by letting the login window time out, just like the local user on the first console.</para>
              <para>Note that this can make a system quite insecure, and thus is off by default.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>CheckDirOwner</term>
            <listitem>
              <synopsis>CheckDirOwner=true</synopsis>
              <para>By default GDM checks the ownership of the home directories before writing to them, this prevents security issues in case of bad setup. However in some instances home directories will be owned by a different user and in this case it is necessary to turn this option on. You will also most likely have to turn the <filename>RelaxPermissions</filename> key to at least value 1 since in such a scenario home directories are likely to be group writable. Supported since 2.6.0.4.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DisallowTCP</term>
            <listitem>
              <synopsis>DisallowTCP=true</synopsis>
              <para>If true, then always append <filename>-nolisten tcp</filename> to the command line of local X servers, thus disallowing TCP connection. This is useful if you do not care for allowing remote connections, since the X protocol could really be potentially a security hazard to leave open, even though no known security problems exist.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>NeverPlaceCookiesOnNFS</term>
            <listitem>
              <synopsis>NeverPlaceCookiesOnNFS=true</synopsis>
              <para>Normally if this is true (which is by default), GDM will not place cookies into the users home directory if this directory is on NFS. Well, GDM will consider any filesystem with root-squashing an NFS filesystem. Sometimes however the remote file system can have root squashing and be safe (perhaps by using encryption). In this case set this to 'false'. Note that this option appeared in version 2.4.4.4 and is ignored in previous versions.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>PasswordRequired</term>
            <listitem>
              <synopsis>PasswordRequired=false</synopsis>
              <para>If true, this will cause PAM_DISALLOW_NULL_AUTHTOK to be passed as a flag to pam_authenticate and pam_acct_mgmt, disallowing NULL password. This setting will only take effect if PAM is being used by GDM. This value will be overridden with the value from /etc/default/login if it contains "PASSREQ=[YES|NO]". If the /etc/default/login file exists, but contains no value for PASSREQ, the value as defined in the GDM configuration will be used.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>RelaxPermissions</term>
            <listitem>
              <synopsis>RelaxPermissions=0</synopsis>
              <para>By default GDM ignores files and directories writable to other users than the owner.</para> 
              
              <para>Cambiar el valor de RelaxPermissions hace posible alterar este comportamiento:</para>
              
              <para>0 - Paranoia option. Only accepts user owned files and directories.</para>
              <para>1 - Allow group writable files and directories.</para>
              <para>2 - Allow world writable files and directories.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>RetryDelay</term>
            <listitem>
              <synopsis>RetryDelay=1</synopsis>
              <para>The number of seconds GDM should wait before reactivating the entry field after a failed login.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>UserMaxFile</term>
            <listitem>
              <synopsis>UserMaxFile=65536</synopsis>
              <para>GDM rechazará a leer/escribir archivos mayores que este número (especificado en bytes).</para>
              
              <para>In addition to the size check GDM is extremely picky about accessing files in user directories. It will not follow symlinks and can optionally refuse to read files and directories writable by other than the owner. See the <filename>RelaxPermissions</filename> option for more info.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>

      <sect3 id="xdmcpsection">
        <title>Soporte XDCMP</title>

        <variablelist>
          <title>[xdmcp]</title>
          
          <varlistentry>
            <term>DisplaysPerHost</term>
            <listitem>
              <synopsis>DisplaysPerHost=1</synopsis>
              <para>To prevent attackers from filling up the pending queue, GDM will only allow one connection for each remote computer. If you want to provide display services to computers with more than one screen, you should increase the <filename>DisplaysPerHost</filename> value accordingly.</para>

              <para>Note that the number of connections from the local computer is unlimited. Only remote connections are limited by this number.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Enable</term>
            <listitem>
              <synopsis>Enable=false</synopsis>
              <para>Setting this to true enables XDMCP support allowing remote displays/X terminals to be managed by GDM.</para>
              
              <para><filename>gdm</filename> listens for requests on UDP port 177. See the Port option for more information.</para>
              
              <para>If GDM is compiled to support it, access from remote displays can be controlled using the TCP Wrappers library. The service name is <filename>gdm</filename></para>
              
              <para>You should add <screen>gdm:.my.domain</screen> to your <filename>&lt;etc&gt;/hosts.allow</filename>, depending on your TCP Wrappers configuration. See the <ulink type="help" url="man:hosts.allow">hosts.allow(5)</ulink> man page for details.</para>
              
              <para>Note que XDMCP no es un protocolo particularmente seguro y que es una buena idea bloquear el puerto UDP 177 en su cortafuegos a no ser que realmente lo necesite.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>EnableProxy</term>
            <listitem>
              <synopsis>EnableProxy=false</synopsis>
              <para>Setting this to true enables support for running XDMCP sessions on a local proxy X server. This may improve the performance of XDMCP sessions, especially on high latency networks, as many X protocol operations can be completed without going over the network.</para>
              <para>Note, however, that this mode will significantly increase the burden on the machine hosting the XDMCP sessions</para>
              <para>See the <filename>FlexiProxy</filename> and <filename>FlexiProxyDisconnect</filename> options for further details on how to configure support for this feature.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>HonorIndirect</term>
            <listitem>
              <synopsis>HonorIndirect=true</synopsis>
              <para>Enables XDMCP INDIRECT choosing (i.e. remote execution of <filename>gdmchooser</filename>) for X-terminals which don't supply their own display browser.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxPending</term>
            <listitem>
              <synopsis>MaxPending=4</synopsis>
              <para>To avoid denial of service attacks, GDM has fixed size queue of pending connections. Only MaxPending displays can start at the same time.</para>
              
              <para>Please note that this parameter does *not* limit the number of remote displays which can be managed. It only limits the number of displays initiating a connection simultaneously.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxPendingIndirect</term>
            <listitem>
              <synopsis>MaxPendingIndirect=4</synopsis>
              <para>GDM will only provide <filename>MaxPendingIndirect</filename> displays with host choosers simultaneously. If more queries from different hosts come in, the oldest ones will be forgotten.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxSessions</term>
            <listitem>
              <synopsis>MaxSessions=16</synopsis>
              <para>Determines the maximum number of remote display connections which will be managed simultaneously. I.e. the total number of remote displays that can use your host.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxWait</term>
            <listitem>
              <synopsis>MaxWait=30</synopsis>
              <para>When GDM is ready to manage a display an ACCEPT packet is sent to it containing a unique session id which will be used in future XDMCP conversations.</para>
              
              <para>GDM will then place the session id in the pending queue waiting for the display to respond with a MANAGE request.</para>
              
              <para>If no response is received within MaxWait seconds, GDM will declare the display dead and erase it from the pending queue freeing up the slot for other displays.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxWaitIndirect</term>
            <listitem>
              <synopsis>MaxWaitIndirect=30</synopsis>
              <para>The MaxWaitIndirect parameter determines the maximum number of seconds between the time where a user chooses a host and the subsequent indirect query where the user is connected to the host. When the timeout is exceeded, the information about the chosen host is forgotten and the indirect slot freed up for other displays. The information may be forgotten earlier if there are more hosts trying to send indirect queries then <filename>MaxPendingIndirect</filename>.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Port</term>
            <listitem>
              <synopsis>Port=177</synopsis>
              <para>The UDP port number <filename>gdm</filename> should listen to for XDMCP requests. Don't change this unless you know what you are doing.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>PingIntervalSeconds</term>
            <listitem>
              <synopsis>PingIntervalSeconds=15</synopsis>
              <para>Interval in which to ping the X server in seconds. If the X server doesn't return before the next time we ping it, the connection is stopped and the session ended. This is a combination of the XDM PingInterval and PingTimeout, but in seconds.</para>

              <para>Note that GDM in the past used to have a <filename>PingInterval</filename> configuration key which was also in minutes. For most purposes you'd want this setting to be lower then one minute however since in most cases where XDMCP would be used (such as terminal labs), a lag of more than 15 or so seconds would really mean that the terminal was turned off or restarted and you would want to end the session.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ProxyReconnect</term>
            <listitem>
              <synopsis>FlexiProxyReconnect=</synopsis>
              <para>Setting this option enables experimental support for session migration with XDMCP sessions. This enables users to disconnect from their session and later reconnect to that same session, possibly from a different terminal.</para>
              <para>In order to use this feature, you must have a nested X server available which supports disconnecting from its parent X server and reconnecting to another X server. Currently, the Distributed Multihead X (DMX) server supports this feature to some extent and other projects like NoMachine NX are busy implementing it.</para>
              <para>This option should be set to the path of a command which will handle reconnecting the XDMCP proxy to another backend display. A sample implementation for use with DMX is supplied.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ProxyXServer</term>
            <listitem>
              <synopsis>ProxyXServer=</synopsis>
              <para>The X server command line for a XDMCP proxy. Any nested X server like Xnest, Xephr or Xdmx should work fairly well.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Willing</term>
            <listitem>
              <synopsis>Willing=&lt;etc&gt;/gdm/Xwilling</synopsis>
              <para>When the machine sends a WILLING packet back after a QUERY it sends a string that gives the current status of this server. The default message is the system ID, but it is possible to create a script that displays customized message. If this script doesn't exist or this key is empty the default message is sent. If this script succeeds and produces some output, the first line of it's output is sent (and only the first line). It runs at most once every 3 seconds to prevent possible denial of service by flooding the machine with QUERY packets.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>

      <sect3 id="commonguioptions">
        <title>Common GUI Configuration Options</title>

        <variablelist>
          <title>[gui]</title>

          <varlistentry>
            <term>AllowGtkThemeChange</term>
            <listitem>
              <synopsis>AllowGtkThemeChange=true</synopsis>
              <para>If to allow changing the GTK+ (widget) theme from the greeter. Currently this only affects the standard greeter as the graphical greeter does not yet have this ability. The theme will stay in effect on this display until changed and will affect all the other windows that are put up by GDM. Supported since 2.5.90.2.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>GtkRC</term>
            <listitem>
              <synopsis>GtkRC=</synopsis>
              <para>Path to a <filename>gtkrc</filename> to read when GDM puts up a window. You should really now use the <filename>GtkTheme</filename> key for just setting a theme.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GtkTheme</term>
            <listitem>
              <synopsis>GtkTheme=Default</synopsis>
              <para>A name of an installed theme to use by default. It will be used in the greeter, chooser and all other GUI windows put up by GDM. Supported since 2.5.90.2.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GtkThemesToAllow</term>
            <listitem>
              <synopsis>GtkThemesToAllow=all</synopsis>
              <para>Comma separated list of themes to allow. These must be the names of the themes installed in the standard locations for GTK+ themes. You can also specify 'all' to allow all installed themes. This is related to the <filename>AllowGtkThemeChange</filename> key. Supported since 2.5.90.2.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxIconWidth</term>
            <listitem>
              <synopsis>MaxIconWidth=128</synopsis>
              <para>Specifies the maximum icon width (in pixels) that the face browser will display. Icons larger than this will be scaled. This also affects icons in the XDMCP chooser.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MaxIconHeight</term>
            <listitem>
              <synopsis>MaxIconHeight=128</synopsis>
              <para>Specifies the maximum icon height (in pixels) that the face browser will display. Icons larger than this will be scaled. This also affects icons in the XDMCP chooser.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>
        
      <sect3 id="greetersection">

        <title>Configuración del interfaz</title>

        <variablelist>
          <title>[greeter]</title>

          <varlistentry>
            <term>BackgroundColor</term>
            <listitem>
              <synopsis>BackgroundColor=#76848F</synopsis>
              <para>If the BackgroundType is 2, use this color in the background of the greeter. Also use it as the back of transparent images set on the background and if the BackgroundRemoteOnlyColor is set and this is a remote display. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>BackgroundProgramInitialDelay</term>
            <listitem>
              <synopsis>BackgroundProgramInitialDelay=30</synopsis>
              <para>The background application will be started after at least that many seconds of inactivity.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>RestartBackgroundProgram</term>
            <listitem>
              <synopsis>RestartBackgroundProgram=true</synopsis>
              <para>If set the background application will be restarted when it has exited, after the delay described below has elapsed. This option can be useful when you wish to run a screen saver application when no user is using the computer.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>BackgroundProgramRestartDelay</term>
            <listitem>
              <synopsis>BackgroundProgramRestartDelay=30</synopsis>
              <para>The background application will be restarted after at least that many seconds of inactivity.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>BackgroundImage</term>
            <listitem>
              <synopsis>BackgroundImage=somefile.png</synopsis>
              <para>If the BackgroundType is 1, then display this file as the background in the greeter. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>BackgroundProgram</term>
            <listitem>
              <synopsis>BackgroundProgram=/usr/bin/xeyes</synopsis>
              <para>If set this command will be run in the background while the login window is being displayed. Note that not all applications will run this way, since GDM does not usually have a home directory. You could set up home directory for the GDM user if you wish to run applications which require it. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>BackgroundRemoteOnlyColor</term>
            <listitem>
              <synopsis>BackgroundRemoteOnlyColor=true</synopsis>
              <para>On remote displays only set the color background. This is to make network load lighter. The <filename>BackgroundProgram</filename> is also not run. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>BackgroundScaleToFit</term>
            <listitem>
              <synopsis>BackgroundScaleToFit=true</synopsis>
              <para>Scale background image to fit the screen. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>BackgroundType</term>
            <listitem>
              <synopsis>BackgroundType=2</synopsis>
              <para>El tipo de fondo a establecer. 0 es ninguno, 1 es imagen y color, 2 es color y 3 es imagen. Esto sólo afecta al interfaz GTK+.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>Browser</term>
            <listitem>
              <synopsis>Browser=true</synopsis>
              <para>Set to true to enable the face browser. See the ``The GTK+ Greeter'' section for more information on the face browser. This option only works for the GTK+ Greeter. For the Themed Greeter, the face browser is enabled by choosing a theme which includes a face browser</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ChooserButton</term>
            <listitem>
              <synopsis>ChooserButton=true</synopsis>
              <para>If true, add a chooser button to the Actions menu that will restart the current X server with a chooser. XDMCP does not need to be enabled on the local computer for this to work.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>ConfigAvailable</term>
            <listitem>
              <synopsis>ConfigAvailable=false</synopsis>
              <para>If true, allows the configurator to be run from the greeter. Note that the user will need to type in the root password before the configurator will be started. This is set to false by default for additional security. See the <filename>Configurator</filename> option in the daemon section.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>DefaultFace</term>
            <listitem>
              <synopsis>DefaultFace=&lt;share&gt;/pixmaps/nophoto.png</synopsis>
              <para>If a user has no defined face image, GDM will use the "stock_person" icon defined in the current GTK+ theme. If no such image is defined, the image specified by <filename>DefaultFace</filename> will be used. The image must be in an gdk-pixbuf supported format and the file must be readable to the GDM user.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Include</term>
            <listitem>
              <synopsis>Include=</synopsis>
              <para>Comma separated list of users to be included in the face browser and in the <command>gdmsetup</command> selection list for Automatic/Timed login. See also <filename>Exclude</filename>, <filename>IncludeAll</filename>, and <filename>MinimalUID</filename>.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Exclude</term>
            <listitem>
              <synopsis>Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,...</synopsis>
              <para>Comma separated list of users to be excluded from the face browser and from the <command>gdmsetup</command> selection list for Automatic/Timed login. Excluded users will still be able to log in, but will have to type their username. See also <filename>Include</filename>, <filename>IncludeAll</filename>, and <filename>MinimalUID</filename>.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>IncludeAll</term>
            <listitem>
              <synopsis>IncludeAll=false</synopsis>
              <para>By default, an empty include list means display no users. By setting IncludeAll to true, the password file will be scanned and all users will be displayed aside from users excluded via the Exclude setting and user ID's less than MinimalUID. Scanning the password file can be slow on systems with large numbers of users and this feature should not be used in such environments. See also <filename>Include</filename>, <filename>Exclude</filename>, and <filename>MinimalUID</filename>.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>GlobalFaceDir</term>
            <listitem>
              <synopsis>GlobalFaceDir=&lt;share&gt;/pixmaps/faces/</synopsis>
              <para>Systemwide directory for face files. The sysadmin can place icons for users here without touching their homedirs. Faces are named after their users' logins.</para>
              
              <para>I.e. <filename>&lt;GlobalFaceDir&gt;/johndoe</filename> would contain the face icon for the user ``johndoe''. No image format extension should be specified.</para>
              
              <para>The face images must be stored in gdk-pixbuf supported formats and they must be readable for the GDM user.</para>
              
              <para>A user's own icon file will always take precedence over the sysadmin provided one.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GraphicalTheme</term>
            <listitem>
              <synopsis>GraphicalTheme=circles</synopsis>
              <para>The graphical theme that the Themed Greeter should use. it should refer to a directory in the theme directory set by <filename>GraphicalThemeDir</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GraphicalThemes</term>
            <listitem>
              <synopsis>GraphicalThemes=circles</synopsis>
              <para>The graphical themes that the Themed Greeter should use is the Mode is set on Random Themes. This is a "/:" delimited list. It should refer to a directory in the theme directory set by <filename>GraphicalThemeDir</filename>. This is only used if <filename>GraphicalThemeRand</filename> is set to true.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GraphicalThemeRand</term>
            <listitem>
              <synopsis>GraphicalThemeRand=false</synopsis>
              <para>Whether the graphical greeter will use Only One Theme or Random Theme mode. Only One Theme mode uses themes listed by <filename>GraphicalTheme</filename>, Random Themes mode uses themes listed by <filename>GraphicalThemes</filename>. A value of false sets greeter to use Only One Theme mode, a value of true sets the greeter to use Random Theme mode.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>GraphicalThemeDir</term>
            <listitem>
              <synopsis>GraphicalThemeDir=&lt;share&gt;/gdm/themes/</synopsis>
              <para>The directory where themes for the Themed Greeter are installed.</para>
            </listitem>
          </varlistentry>

         <varlistentry>
            <term>GraphicalThemedColor</term>
            <listitem>
              <synopsis>GraphicalThemedColor=#76848F</synopsis>
              <para>Use this color in the background of the Themed Greeter. This only affects the Themed Greeter.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>InfoMsgFile</term>
            <listitem>
              <synopsis>InfoMsgFile=/path/to/infofile</synopsis>
              <para>If present and /path/to/infofile specifies an existing and readable text file (e.g. &lt;etc&gt;/infomsg.txt) the contents of the file will be displayed in a modal dialog box before the user is allowed to login. This works both with the standard and the themable greeters.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>InfoMsgFont</term>
            <listitem>
              <synopsis>InfoMsgFont=fontspec</synopsis>
              <para>If present and InfoMsgFile (see above) is used, this specifies the font to use when displaying the contents of the InfoMsgFile text file. For example fontspec could be Sans 24 to get a sans serif font of size 24 points. This works both with the standard and the themable greeters.</para>
            </listitem>
          </varlistentry>
          
          
          <varlistentry>
            <term>LocaleFile</term>
            <listitem>
              <synopsis>LocaleFile=&lt;etc&gt;/gdm/locale.alias</synopsis>
              <para>File in format similar to the GNU locale format with entries for all supported languages on the system. The format is described above or in a comment inside that file.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>LockPosition</term>
            <listitem>
              <synopsis>LockPosition=true</synopsis>
              <para>If true the position of the login window of the GTK+ Greeter cannot be changed even if the title bar is turned on.</para>
            </listitem>
          </varlistentry>        
          
          <varlistentry>
            <term>Logo</term>
            <listitem>
              <synopsis>Logo=&lt;share&gt;/pixmaps/gnome-logo-large.png</synopsis>
              <para>Image file to display in the logo box. The file must be in an gdk-pixbuf supported format and it must be readable by the GDM user. If no file is specified the logo feature is disabled. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>

         <varlistentry>
            <term>ChooserButtonLogo</term>
            <listitem>
              <synopsis>ChooserButtonLogo=&lt;share&gt;/pixmaps/gnome-logo-large.png</synopsis>
              <para>Image file to display in the file chooser button in <command>gdmsetup</command>. This key is modified by <command>gdmsetup</command> and should not be manually modified by the user. This only affects the Login Window Preferences (<command>gdmsetup</command>).</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>MinimalUID</term>
            <listitem>
              <synopsis>MinimalUID=100</synopsis>
              <para>The minimal UID that GDM should consider a user. All users with a lower UID will be excluded from the face browser. See also <filename>Include</filename>, <filename>Exclude</filename>, and <filename>IncludeAll</filename>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>PositionX</term>
            <listitem>
              <synopsis>PositionX=200</synopsis>
              <para>The horizontal position of the login window of the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>PositionY</term>
            <listitem>
              <synopsis>PositionY=100</synopsis>
              <para>The vertical position of the login window of the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        
          
          <varlistentry>
            <term>Quiver</term>
            <listitem>
              <synopsis>Quiver=true</synopsis>
              <para>Controls whether <command>gdmlogin</command> should shake the display when an incorrect username/password is entered. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DefaultRemoteWelcome</term>
            <listitem>
              <synopsis>DefaultRemoteWelcome=true</synopsis>
              <para>If set to true, the value "Welcome to %n" is used for the <filename>RemoteWelcome</filename>. This value is translated into the appropriate language for the user. If set to false, the <filename>RemoteWelcome</filename> setting is used. This string can use the same special character sequences as explained in the "Text Node" section of the "Themed Greeter" chapter. This explains the meaning of "%n".</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>RemoteWelcome</term>
            <listitem>
              <synopsis>RemoteWelcome=Welcome to n</synopsis>
              <para>Controls which text to display next to the logo image in the greeter for remote XDMCP sessions. The same expansion is done here as in the <filename>Welcome</filename> string. This string can use the same special character sequences as explained in the "Text Node" section of the "Themed Greeter" chapter. chapter.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>RunBackgroundProgramAlways</term>
            <listitem>
              <synopsis>RunBackgroundProgramAlways=false</synopsis>
              <para>If this is true then the background application is run always, otherwise it is only run when the <filename>BackgroundType</filename> is 0 (None) This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>SetPosition</term>
            <listitem>
              <synopsis>SetPosition=true</synopsis>
              <para>If true the position of the login window of the GTK+ Greeter is determined by <filename>PositionX</filename> / <filename>PositionY</filename>.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>ShowGnomeFailsafeSession</term>
            <listitem>
              <synopsis>ShowGnomeFailsafeSession=true</synopsis>
              <para>Should the greeter show the Gnome Failsafe session in th sessions list.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>ShowLastSession</term>
            <listitem>
              <synopsis>ShowLastSession=true</synopsis>
              <para>Should the greeter show the 'Last' session in the session list. If this is off, then GDM is in the so called 'switchdesk' mode which for example Red Hat uses. That is, the users can't pick the last session and will just then get the default session (see <filename>DefaultSession</filename>) unless then pick something else for this session only. So if this is off, this really circumvents saving of the last session.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>ShowXtermFailsafeSession</term>
            <listitem>
              <synopsis>ShowXtermFailsafeSession=true</synopsis>
              <para>Should the greeter show the Xterm Failsafe session in the sessions list.</para>
            </listitem>
          </varlistentry>        

          <varlistentry>
            <term>SoundOnLogin</term>
            <listitem>
              <synopsis>SoundOnLogin=true</synopsis>
              <para>If true, the greeter will play a sound or beep when it is ready for a login. See also the <filename>SoundOnLoginFile</filename> key. Supported since 2.5.90.0.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundOnLoginSuccess</term>
            <listitem>
              <synopsis>SoundOnLoginSuccess=true</synopsis>
              <para>If true, the greeter will play a sound after a successful login attempt. See also the <filename>SoundOnLoginSuccessFile</filename> key.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundOnLoginFailure</term>
            <listitem>
              <synopsis>SoundOnLoginFailure=true</synopsis>
              <para>If true, the greeter will play a sound after a failed login attempt. See also the <filename>SoundOnLoginFailureFile</filename> key.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundOnLoginFile</term>
            <listitem>
              <synopsis>SoundOnLoginFile=/path/to/sound.wav</synopsis>
              <para>The file that will be played using the specified sound application (by default that is <filename>/usr/bin/play</filename>) instead of a beep when the greeter is ready for a login. See also the <filename>SoundOnLogin</filename> key and the <filename>SoundProgram</filename> key. Supported since 2.5.90.0.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundOnLoginSuccessFile</term>
            <listitem>
              <synopsis>SoundOnLoginSuccessFile=/path/to/sound.wav</synopsis>
              <para>The file that will be played using the specified sound application (by default that is <filename>/usr/bin/play</filename>) after a successful login attempt. See also the <filename>SoundOnLoginSuccess</filename> key and the <filename>SoundProgram</filename> key.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>SoundOnLoginFailureFile</term>
            <listitem>
              <synopsis>SoundOnLoginFailureFile=/path/to/sound.wav</synopsis>
              <para>The file that will be played using the specified sound application (by default that is <filename>/usr/bin/play</filename>) after a failed login attempt. See also the <filename>SoundOnLoginFailure</filename> key and the <filename>SoundProgram</filename> key.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>SystemMenu</term>
            <listitem>
              <synopsis>SystemMenu=true</synopsis>
              <para>Turns the Actions menu (which used to be called System menu) on or off. If this is off then one of the actions will be available anywhere. These actions include Shutdown, Restart, Configure, XDMCP chooser and such. All of those can however be turned off individually. Shutdown, Restart and Suspend can be turned off by just setting the corresponding keys to empty. Note that the actions menu is only shown on local logins as it would not be safe or even desirable on remote logins, so you don't have to worry about remote users having any sort of console privileges.</para>

              <para>Note that if this is off none of the actions will be available even if a theme for a graphical greeter mistakenly shows them. Also note that sometimes a graphical theme may not show all the available actions as buttons and you may have to press F10 to see the menu.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>TitleBar</term>
            <listitem>
              <synopsis>TitleBar=true</synopsis>
              <para>Display the title bar in the greeter. This only affects the GTK+ Greeter.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Use24Clock</term>
            <listitem>
              <synopsis>Use24Clock=auto</synopsis>
              <para>Select the use of 24 hour clock. Some locales do not support 12 hour format (like Finnish, that is <filename>fi_FI</filename>), and in those locales this setting has no effect at all.</para>
              <para>Possible values are "auto" (default), "true", and "false". If this is set to "auto" or left empty, then time format is chosen from locale settings. Locale settings are based on the language in use, thus it is changed by setting environment variables LANGUAGE (GNU extension), LANG, LC_MESSAGES or LC_ALL in the GDM's runtime environment. Priorities between the mentioned environment variables can be found from your system's C library manual.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>UseCirclesInEntry</term>
            <listitem>
              <synopsis>UseCirclesInEntry=false</synopsis>
              <para>Use circles instead of asterisks in the password entry. This may not work with all fonts however.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>UseInvisibleInEntry</term>
            <listitem>
              <synopsis>UseInvisibleInEntry=false</synopsis>
              <para>Do not show any visual feedback is the password entry. This is the standard in console and xdm. Settings this option discards the <filename>UseCirclesInEntry</filename> option.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>DefaultWelcome</term>
            <listitem>
              <synopsis>DefaultWelcome=true</synopsis>
              <para>If set to true, the value "Welcome" is used for the <filename>Welcome</filename>. This value is translated into the appropriate language for the user. If set to false, the <filename>Welcome</filename> setting is used.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Welcome</term>
            <listitem>
              <synopsis>Welcome=Welcome</synopsis>
              <para>Controls which text to display next to the logo image in the standard greeter. The following control chars are supported:</para>
              
              <para>the `' character</para>
              
              <para>d display's hostname</para>
              
              <para>h Fully qualified hostname</para>

              <para>m machine (processor type)</para>

              <para>n Nodename (i.e. hostname without .domain)</para>
              
              <para>r release (OS version)</para>
              
              <para>s sysname (i.e. OS)</para>

              <para>This string is only used for local logins. For remote XDMCP logins we use <filename>RemoteWelcome</filename>.</para>

              <para>In the Themed Greeter the location of this text depends on the theme. Unless the theme uses the stock welcome string somewhere this string will not be displayed at all.</para>
                            
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>XineramaScreen</term>
            <listitem>
              <synopsis>XineramaScreen=0</synopsis>
              <para>If the Xinerama extension is active the login window will be centered on this physical screen (use 0 for the first screen, 1 for the second...).</para>
            </listitem>
          </varlistentry>        

        </variablelist>

      </sect3>

      <sect3 id="choosersection">

        <title>XDCMP Chooser Options</title>

        <variablelist>
          <title>[chooser]</title>

          <varlistentry>
            <term>AllowAdd</term>
            <listitem>
              <synopsis>AllowAdd=true</synopsis>
              <para>If true, allow the user to add arbitrary hosts to the chooser. This way the user could connect to any host that responds to XDMCP queries from the chooser.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Broadcast</term>
            <listitem>
              <synopsis>Broadcast=true</synopsis>
              <para>If true, the chooser will broadcast a query to the local network and collect responses. This way the chooser will always show all available managers on the network. If you need to add some hosts not local to this network, or if you don't want to use a broadcast, you can list them explicitly in the <filename>Hosts</filename> key.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>Multicast</term>
            <listitem>
              <synopsis>Multicast=true</synopsis>
              <para>If true and IPv6 is enabled, the chooser will send a multicast query to the local network and collect responses from the hosts who have joined multicast group. If you don't want to send a multicast, you can specify IPv6 address in the <filename>Hosts </filename> key. The host will respond if it is listening to XDMCP requests and IPv6 is enabled there.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>MulticastAddr</term>
            <listitem>
              <synopsis>MulticastAddr=ff02::1</synopsis>
              <para>This is the Link-local Multicast address and is hardcoded here.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>DefaultHostImage</term>
            <listitem>
              <synopsis>DefaultHostImage=&lt;share&gt;/pixmaps/nohost.png</synopsis>
              <para>File name for the default host icon. This image will be displayed if no icon is specified for a given host. The file must be in an gdk-pixbuf supported format and it must be readable for the GDM user.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>HostImageDir</term>
            <listitem>
              <synopsis>HostImageDir=&lt;share&gt;/hosts</synopsis>
              <para>Repository for host icon files. The sysadmin can place icons for remote hosts here and they will appear in <filename>gdmchooser</filename>.</para>
              
              <para>The file name must match the fully qualified name (FQDN) for the host. The icons must be stored in gdk-pixbuf supported formats and they must be readable to the GDM user.</para>
              
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Hosts</term>
            <listitem>
              <synopsis>Hosts=host1,host2</synopsis>
              <para>The hosts which should be listed in the chooser. The chooser will only list them if they respond. This is done in addition to broadcast (if <filename>Broadcast</filename> is set), so you need not list hosts on the local network. This is useful if your networking setup doesn't allow all hosts to be reachable by a broadcast packet.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>ScanTime</term>
            <listitem>
              <synopsis>ScanTime=4</synopsis>
              <para>Specifies how many seconds the chooser should wait for replies to its BROADCAST_QUERY. Really this is only the time in which we expect a reply. We will still add hosts to the list even if they reply after this time.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>

      <sect3 id="debugsection">

        <title>Configuración de depuración</title>

        <variablelist>
          <title>[debug]</title>

          <varlistentry>
            <term>Enable</term>
            <listitem>
              <synopsis>Enable=false</synopsis>
              <para>Setting to true sends debug ouput to the syslog. This can be useful for tracking down problems with GDM. This output tends to be verbose so should not be turned on for general use.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>Gestures</term>
            <listitem>
              <synopsis>Gestures=false</synopsis>
              <para>Setting to true sends debug ouput concerning the accessibility gesture listeners to the syslog. This can be useful for tracking down problems with them not working properly. This output tends to be verbose so should not be turned on for general use.</para>
            </listitem>
          </varlistentry>
        </variablelist>
        
      </sect3>

      <sect3 id="serverdefs">

        <title>X Server Definitions</title>

        <para>To set up X servers, you need to provide GDM with information about the installed X servers. You can have as many different definitions as you wish, each identified with a unique name. The name <filename>Standard</filename> is required. If you do not specify this server, GDM will assume default values for a 'Standard' server and the path given by <filename>daemon/StandardXServer</filename>. <filename>Standard</filename> is used as the default, in situations when no other server has been defined.</para>

        <para>Servers are defined by sections named <filename>server-</filename> followed by the identifier of this server. This should be a simple ASCII string with no spaces. The GUI configuration program allows users to edit the servers defined in the GDM configuration files but currently does not allow adding or deleting entries. Like normal configuration options, <filename>server-</filename> sections in the <filename>gdm.conf-custom</filename> file override values in the <filename>gdm.conf</filename> file. In other words, if a <filename>server-Standard</filename> section is defined in <filename>gdm.conf-custom</filename>, then that will be used and the section in the <filename>gdm.conf</filename> file will be ignored.</para>
        
        <variablelist>
          <title>[server-Standard]</title>

          <varlistentry>
            <term>name</term>
            <listitem>
              <synopsis>name=Standard server</synopsis>
              <para>The name that will be displayed to the user.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>command</term>
            <listitem>
              <synopsis>command=/usr/bin/X11/X</synopsis>
              <para>The command to execute, with full path to the binary of the X server, and any extra arguments needed.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>flexible</term>
            <listitem>
              <synopsis>flexible=true</synopsis>
              <para>Indicates if this server is available as a choice when a user wishes to run a flexible, on demand server.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>handled</term>
            <listitem>
              <synopsis>handled=true</synopsis>
              <para>Indicates that GDM should run the login window on this server and allow a user to log in. If set to false, then GDM will just run this server and wait for it to terminate. This can be useful to run an X terminal using GDM. When this is done you should normally also add <filename>-terminate</filename> to the command line of the server to make the server terminate after each session. Otherwise the control of the slave will never come back to GDM and, for example, soft restarts won't work. This is because GDM assumes there is a login in progress for the entire time this server is active.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>chooser</term>
            <listitem>
              <synopsis>chooser=false</synopsis>
              <para>Indicates that GDM should instead of a login window run a chooser on this window and allow the user to choose which server to log into.</para>
            </listitem>
          </varlistentry>
        </variablelist>

      </sect3>

      <sect3 id="localservers">

        <title>Local Static X Display Configuration</title>

        <para>The static display configuration specifies what displays should be always managed by GDM. GDM will restart the X server on the display if it dies, for example. There may be as many static displays that are managed as you wish, although typically each display is associated with a real display. For example, if a machine has two displays (say display ":0" and display ":1"), then this section can be used to specify that a separate login screen be managed for each screen. Each key in the <filename>[servers]</filename> section corresponds to the display number to be managed. Normally there is only one key, which is the key <filename>0</filename>, which corresponds to the display <filename>:0</filename>.</para>

        <para>The GUI configuration program allows users to edit the static display configuration defined in the GDM configuration files and allows the user to add or delete entries. Like normal configuration options, the <filename>[servers]</filename> section in the <filename>gdm.conf-custom</filename> file overrides values in the <filename>gdm.conf</filename> file.</para>

        <variablelist>
          <title>[servers]</title>
          
          <varlistentry>
            <term>&lt;display number&gt;</term>
            <listitem>
              <synopsis>0=Standard</synopsis>
              <para>Control section for local displays. Each line indicates the local display number and the command that needs to be run to start the X server(s).</para>

              <para>The command can either be a path to an X executable, or a name of one of the server definitions. This can be followed by some arguments that should be passed to the X server when executed. The gdm daemon doesn't enforce the numbers to be in order or for them to be "packed". They keyword "inactive" can be used instead of a command to specify that the display should be not managed. This can be used in the <filename>gdm.conf-custom</filename> to turn off a display that is defined in the <filename>gdm.conf</filename> file.</para>
              
              <para>GDM will splice "<filename>-auth &lt;ServAuthDir&gt;/:n.Xauth :n</filename>", where n is the display number. Inside the command line before all other arguments before running the X server.</para>

              <para>On some systems it is necessary for GDM to know on which virtual consoles to run the X server. In this case, (if running XFree86) add "vt7" to the command line, for example, to run on virtual console 7. However on Linux and FreeBSD this is normally done automatically if the <filename>VTAllocation</filename> key is set.</para>

              <para>Normally you do not need to add a <filename>-nolisten tcp</filename> flag as this is added automatically for local X servers when the <filename>DisallowTCP</filename> option is set.</para>
            </listitem>
          </varlistentry>
          
          <varlistentry>
            <term>priority</term>
            <listitem>
              <synopsis>priority=0</synopsis>
              <para>Indicates that the X server should be started at a different process priority. Values can be any integer value accepted by the setpriority C library function (normally between -20 and 20) with 0 being the default. For highly interactive applications, -5 yields good responsiveness. The default value is 0 and the setpriority function is not called if the value is 0.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </sect3>
    </sect2>

    <sect2 id="userconfig">
      <title>Per User Configuration</title>

      <para>There are some per user configuration settings that control how GDM behaves. GDM is picky about the file ownership and permissions of the user files it will access, and will ignore files if they are not owned by the user or files that have group/world write permission. It will also ignore the user if the user's $HOME directory is not owned by the user or if the user's $HOME directory has group/world write permission. files must also be smaller than the <filename>UserMaxFile</filename> value as defined in the GDM configuration. If it seems that GDM is not properly accessing user configuration settings, the problem is most likely caused by one of these checks failing.</para>

      <para>First there is the <filename>~/.dmrc</filename> file. In theory this file should be shared between GDM and KDM, so users only have to configure things once. This is a standard <filename>.ini</filename> style configuration file. It has one section called <filename>[Desktop]</filename> which has two keys: <filename>Session</filename> and <filename>Language</filename>.</para>

      <para>The <filename>Session</filename> key specifies the basename of the session <filename>.desktop</filename> file that the user wishes to normally use (without the <filename>.desktop</filename> extension, in other words). The <filename>Language</filename> key specifies the language that the user wishes to use by default. If either of these keys is missing, the system default is used. The file would normally look as follows:</para>

      <screen>
[Desktop]
Session=gnome
Language=cs_CZ.UTF-8
      </screen>

      <para>Normally GDM will write this file when the user logs in for the first time, and rewrite it if the user chooses to change their default values on a subsequent login.</para>

      <para>If the GDM Face Browser is turned, then the file <filename>$HOME/.face</filename> is accessed. This file should be a standard image that GTK+ can read, such as PNG or JPEG. It also must be smaller than the <filename>MaxIconWidth</filename> and <filename>MaxIconHeight</filename> values defined in the GDM configuration or it will be ignored. Users can run the <command>gdmphotosetup</command> program to specify a face image and it will copy the file to the $HOME/.face location and scale it so its longest dimension is not larger than the <filename>MaxIconWidth</filename> or <filename>MaxIconHeight</filename> values. <command>gdmphotosetup</command> takes care to not change the aspect ratio of the image.</para>

      <para>Face images can also be placed in the global face directory, which is specified by the <filename>GlobalFaceDir</filename> configuration option ( normally <filename>&lt;share&gt;/pixmaps/faces/</filename>) and the filename should be the name of the user, optionally with a <filename>.png</filename>, <filename>.jpg</filename>, etc. appended.</para>
    </sect2>
    
  </sect1>

  <sect1 id="controlling">
    <title>Controlling GDM</title>

    <para>You can control GDM behavior during runtime in several different ways. You can either run certain commands, or you can talk to GDM using either a unix socket protocol, or a FIFO protocol.</para>

    <sect2 id="commands">
      <title>Comandos</title>

      <para>To stop GDM, you can either send the TERM signal to the main daemon or run the <command>gdm-stop</command> command which is in the <filename>&lt;sbin&gt;/</filename> directory. To restart GDM, you can either send the HUP signal to the main daemon or run the <command>gdm-restart</command> command which is also in the <filename>&lt;sbin&gt;/</filename> directory. To restart GDM but only after all the users have logged out, you can either send the USR1 signal to the main daemon or run the <command>gdm-safe-restart</command> command which is in the <filename>&lt;sbin&gt;/</filename> directory as well.</para>

      <para>The <command>gdmflexiserver</command> command can be used to start new flexible (on demand) displays if your system supports virtual terminals. This command will normally lock the current session with a screensaver so that the user can safely walk away from the computer and let someone else log in. If more that two flexible displays have started <command>gdmflexiserver</command> will display a pop-up dialog allowing the user to select which session to continue. The user will normally have to enter a password to return to the session. On session exit the system will return to the previous virtual terminal. Run <command>gdmflexiserver --help</command> to get a listing of possible options.</para>
    </sect2>

    <sect2 id="fifoprot">
      <title>The FIFO protocol</title>

      <para>GDM also provides a FIFO called <filename>.gdmfifo</filename> in the <filename>ServAuthDir</filename> directory (usually <filename>&lt;var&gt;/gdm/.gdmfifo</filename>). You must be root to use this protocol, and it is mostly used for internal GDM chatter. It is a very simple protocol where you just echo a command on a single line to this file. It can be used to tell GDM things such as restart, suspend the computer, or restart all X servers next time it has a chance (which would be useful from an X configuration application).</para>

      <para>Full and up to date documentation of the commands and their use is contained in the GDM source tree in the file <filename>daemon/gdm.h</filename>. Look for the defines starting with <filename>GDM_SOP_</filename>. The commands which require the pid of the slave as an argument are the ones that are really used for internal communication of the slave with the master and should not be used.</para>
    </sect2>

    <sect2 id="socketprot">
      <title>Socket Protocol</title>

      <para>GDM provides a unix domain socket for communication at <filename>/tmp/.gdm_socket</filename>. Using this you can check if GDM is running, the version of the daemon, the current displays that are running and who is logged in on them, and if GDM supports it on your operating system, also the virtual terminals of all the console logins. The <command>gdmflexiserver</command> command uses this protocol, for example, to launch flexible (on-demand) displays.</para>

      <para>gdmflexiserver accepts the following commands with the --command option:</para>

      <screen>
VERSION
AUTH_LOCAL
FLEXI_XSERVER
FLEXI_XNEST
ATTACHED_SERVERS
ALL_SERVERS
GET_SERVER_LIST
GET_SERVER_DETAILS
GET_CONFIG
GET_CONFIG_FILE
UPDATE_CONFIG
GREETERPIDS
QUERY_LOGOUT_ACTION
SET_LOGOUT_ACTION
SET_SAFE_LOGOUT_ACTION
QUERY_VT
SET_VT
CLOSE
      </screen>

      <para>These are described in detail below, including required arguments, response format, and return codes.</para>

      <sect3 id="queryversion">
      <title>VERSION</title>
      <screen>
VERSION: Query GDM version
Supported since: 2.2.4.0
Arguments: None
Answers:
  GDM &lt;gdm version&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="authlocal">
      <title>AUTH_LOCAL</title>
      <screen>
AUTH_LOCAL: Setup this connection as authenticated for
            FLEXI_SERVER.  Because all full blown (non-Xnest)
            displays can be started only from users logged in
            locally, and here GDM assumes only users logged
            in from GDM.  They must pass the xauth
            MIT-MAGIC-COOKIE-1 that they were passed before
            the connection is authenticated.
Note:       The AUTH LOCAL command requires the
            --authenticate option, although only
            FLEXI XSERVER uses this currently.
Note:       Since 2.6.0.6 you can also use a global
            &lt;ServAuthDir&gt;/.cookie, which works for all
            authentication except for SET_LOGOUT_ACTION and
            QUERY_LOGOUT_ACTION and SET_SAFE_LOGOUT_ACTION
            which require a logged in display.
Supported since: 2.2.4.0
Arguments: &lt;xauth cookie&gt;
  &lt;xauth cookie&gt; is in hex form with no 0x prefix
Answers:
  OK
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="flexixserver">
      <title>FLEXI_XSERVER</title>
      <screen>
FLEXI_XSERVER: Start a new X flexible display.  Only supported on
               connection that passed AUTH_LOCAL
Supported since: 2.2.4.0
Arguments: &lt;xserver type&gt;
  If no arguments, starts the standard X server
Answers:
  OK &lt;display&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     1 = No more flexi servers
     2 = Startup errors
     3 = X failed
     4 = X too busy
     6 = No server binary
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="flexixnest">
      <title>FLEXI_XNEST</title>
      <screen>
FLEXI_XNEXT: Start a new flexible Xnest display.
Note:        Supported on older version from 2.2.4.0, later
             2.2.4.2, but since 2.3.90.4 you must supply 4
             arguments or ERROR 100 will be returned.  This
             will start Xnest using the XAUTHORITY file
             supplied and as the uid same as the owner of
             that file (and same as you supply).  You must
             also supply the cookie as the third argument
             for this display, to prove that you indeed are
             this user.  Also this file must be readable
             ONLY by this user, that is have a mode of 0600.
             If this all is not met, ERROR 100 is returned.
Note:        The cookie should be the MIT-MAGIC-COOKIE-1,
             the first one GDM can find in the XAUTHORITY
             file for this display.  If that's not what you
             use you should generate one first.  The cookie
             should be in hex form.
Supported since: 2.3.90.4
Arguments: &lt;display to run on&gt; &lt;uid of requesting user&gt;
           &lt;xauth cookie for the display&gt; &lt;xauth file&gt;
Answers:
  OK &lt;display&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     1 = No more flexi servers
     2 = Startup errors
     3 = X failed
     4 = X too busy
     5 = Xnest can't connect
     6 = No server binary
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="adddynamic">
      <title>ADD_DYNAMIC_DISPLAY</title>
      <screen>
ADD_DYNAMIC_DISPLAY: Create a new server definition that will
                     run on the specified display leaving, it
                     in DISPLAY_CONFIG state.
Supported since: 2.8.0.0
Arguments: &lt;display to run on&gt;=&lt;server&gt;
  Where &lt;server&gt; is either a configuration named in the
  GDM configuration or a literal command name.
Answers:
  OK &lt;display&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     2 = Existing display
     3 = No server string
     4 = Display startup failure
     100 = Not authenticated
     200 = Dynamic Displays not allowed
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="releasedynamic">
      <title>RELEASE_DYNAMIC_DISPLAYS</title>
      <screen>
RELEASE_DYNAMIC_DISPLAYS: Release dynamic displays currently in 
                          DISPLAY_CONFIG state
Supported since: 2.8.0.0
Arguments: None
Answers:
  OK &lt;display&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     100 = Not authenticated
     200 = Dynamic Displays not allowed
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="removedynamic">
      <title>REMOVE_DYNAMIC_DISPLAY</title>
      <screen>
REMOVE_DYNAMIC_DISPLAY: Remove a dynamic display, killing the server
                        and purging the display configuration
Supported since: 2.8.0.0
Arguments: &lt;display to remove&gt;
Answers:
  OK &lt;display&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     1 = Bad display number
     100 = Not authenticated
     200 = Dynamic Displays not allowed
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="attachedservers">
      <title>ATTACHED_SERVERS</title>
      <screen>
ATTACHED_SERVERS: List all attached displays.  Doesn't list XDMCP
                  and xnest non-attached displays.
Note:             This command used to be named CONSOLE_SERVERS,
                  which is still recognized for backwards
                  compatibility. The optional pattern argument
                  is supported as of version 2.8.0.0.
Supported since: 2.2.4.0
Arguments: &lt;pattern&gt; (optional)
  With no argument, all attached displays are returned. The optional
  &lt;pattern&gt; is a string that may contain glob characters '*', '?', and
  '[]'. Only displays that match the pattern will be returned.
Answers:
  OK &lt;server&gt;;&lt;server&gt;;...

  &lt;server&gt; is &lt;display&gt;,&lt;logged in user&gt;,&lt;vt or xnest display&gt;

  &lt;logged in user&gt; can be empty in case no one logged
  in yet, and &lt;vt&gt; can be -1 if it's not known or not
  supported (on non-Linux for example).  If the display is an
  xnest display and is a console one (that is, it is an xnest
  inside another console display) it is listed and instead of
  vt, it lists the parent display in standard form.

  ERROR &lt;err number&gt; &lt;english error description&gt;
     1 = Not implemented
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
     
      <sect3 id="allservers">
      <title>ALL_SERVERS</title>
      <screen>
ALL_SERVERS: List all displays, including console, remote, xnest.
             This can, for example, be useful to figure out if
             the display you are on is managed by the gdm daemon,
             by seeing if it is in the list.  It is also somewhat
             like the 'w' command but for graphical sessions.
Supported since: 2.4.2.96
Arguments: None
Answers:
  OK &lt;server&gt;;&lt;server&gt;;...

  &lt;server&gt; is &lt;display&gt;,&lt;logged in user&gt;

  &lt;logged in user&gt; can be empty in case no one logged in yet

  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="getserverlist">
      <title>GET_SERVER_LIST</title>
      <screen>
GET_SERVER_LIST:  Get a list of the server sections from
                  the configuration file.
Supported since: 2.13.0.4
Arguments: None
Answers:
  OK &lt;value&gt;;&lt;value&gt;;...
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     1 = No servers found
     50 = Unsupported key
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="getserverdetails">
      <title>GET_SERVER_DETAILS</title>
      <screen>
GET_SERVER_DETAILS:  Get detail information for a specific server.
Supported since: 2.13.0.4
Arguments: &lt;server&gt; &lt;key&gt;
  Key values include:
    NAME      - Returns the server name
    COMMAND   - Returns the server command
    FLEXIBLE  - Returns "true" if flexible, "false"
                otherwise
    CHOOSABLE - Returns "true" if choosable, "false"
                otherwise
    HANDLED   - Returns "true" if handled, "false"
                otherwise
    CHOOSER   - Returns "true" if chooser, "false"
                otherwise
    PRIORITY  - Returns process priority
Answers:
  OK &lt;value&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     1 = Server not found
     2 = Key not valid
     50 = Unsupported key
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="getconfig">
      <title>GET_CONFIG</title> 
      <screen>
GET_CONFIG:  Get configuration value for key.  Useful so
             that other applications can request configuration
             information from GDM.  Any key defined as GDM_KEY_*
             in gdm.h is supported.  Starting with version 2.13.0.2
             translated keys (such as "greeter/GdmWelcome[cs]" are
             supported via GET_CONFIG.  Also starting with version
             2.13.0.2 it is no longer necessary to include the
             default value (i.e. you can use key "greeter/IncludeAll"
             instead of having to use "greeter/IncludeAll=false".  
Supported since: 2.6.0.9
Arguments: &lt;key&gt;
Answers:
  OK &lt;value&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     50 = Unsupported key
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="getconfigfile">
      <title>GET_CONFIG_FILE</title> 
      <screen>
GET_CONFIG_FILE:  Get config file location being used by
                  the daemon.  If the GDM daemon was started
                  with the --config option, it will return
                  the value passed in via the argument.
Supported since: 2.8.0.2
Arguments: None
Answers:
  OK &lt;full path to GDM configuration file&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="updateconfig">
      <title>UPDATE_CONFIG</title> 
      <screen>
UPDATE_CONFIG: Tell the daemon to re-read a key from the 
               GDM configuration file.   Any user can request
               that values are re-read but the daemon will
               only do so if the file has been modified
               since GDM first read the file.  Only users
               who can change the GDM configuration file
               (normally writable only by the root user) can
               actually modify the GDM configuration.  This
               command is useful to cause the GDM to update
               itself to recognize a change made to the GDM
               configuration file by the root user.

               Starting with version 2.13.0.0, all GDM keys are
               supported except for the following:

                      daemon/PidFile
                      daemon/ConsoleNotify
                      daemon/User
                      daemon/Group
                      daemon/LogDir
                      daemon/ServAuthDir
                      daemon/UserAuthDir
                      daemon/UserAuthFile
                      daemon/UserAuthFBDir

               GDM also supports the following Psuedokeys:

               xdmcp/PARAMETERS (2.3.90.2) updates the following:
                      xdmcp/MaxPending
                      xdmcp/MaxSessions
                      xdmcp/MaxWait
                      xdmcp/DisplaysPerHost
                      xdmcp/HonorIndirect
                      xdmcp/MaxPendingIndirect
                      xdmcp/MaxWaitIndirect
                      xdmcp/PingIntervalSeconds (only affects new connections)

                xservers/PARAMETERS (2.13.0.4) updates the following:
                      all [server-foo] sections.

                Supported keys for previous versions of GDM:

                      security/AllowRoot (2.3.90.2)
                      security/AllowRemoteRoot (2.3.90.2)
                      security/AllowRemoteAutoLogin (2.3.90.2)
                      security/RetryDelay (2.3.90.2)
                      security/DisallowTCP (2.4.2.0)
                      daemon/Greeter (2.3.90.2)
                      daemon/RemoteGreeter (2.3.90.2)
                      xdmcp/Enable (2.3.90.2)
                      xdmcp/Port (2.3.90.2)
                      daemon/TimedLogin (2.3.90.3)
                      daemon/TimedLoginEnable (2.3.90.3)
                      daemon/TimedLoginDelay (2.3.90.3)
                      greeter/SystemMenu (2.3.90.3)
                      greeter/ConfigAvailable (2.3.90.3)
                      greeter/ChooserButton (2.4.2.0)
                      greeter/SoundOnLoginFile (2.5.90.0)
                      daemon/AddGtkModules (2.5.90.0)
                      daemon/GtkModulesList (2.5.90.0)
Supported since: 2.3.90.2
Arguments: &lt;key&gt;
  &lt;key&gt; is just the base part of the key such as
  "security/AllowRemoteRoot"
Answers:
  OK
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     50 = Unsupported key
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="greeterpids">
      <title>GREETERPIDS</title>
      <screen>
GREETERPIDS: List all greeter pids so that one can send HUP
             to them for config rereading.  Of course one
             must be root to do that.
Supported since: 2.3.90.2
Arguments: None
Answers:
  OK &lt;pid&gt;;&lt;pid&gt;;...
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>

      <sect3 id="querylogoutaction">
      <title>QUERY_LOGOUT_ACTION</title>
      <screen>
QUERY_LOGOUT_ACTION: Query which logout actions are possible
                     Only supported on connections that passed
                     AUTH_LOCAL.
Supported since: 2.5.90.0
Answers:
  OK &lt;action&gt;;&lt;action&gt;;...
     Where action is one of HALT, REBOOT or SUSPEND.  An
     empty list can also be returned if no action is possible.
     A '!' is appended to an action if it was already set with
     SET_LOGOUT_ACTION or SET_SAFE_LOGOUT_ACTION.  Note that
     SET_LOGOUT_ACTION has precedence over
     SET_SAFE_LOGOUT_ACTION.
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="setlogoutaction">
      <title>SET_LOGOUT_ACTION</title>
      <screen>
SET_LOGOUT_ACTION: Tell the daemon to halt/restart/suspend after
                   slave process exits.  Only supported on
                   connections that passed AUTH_LOCAL.
Supported since: 2.5.90.0
Arguments: &lt;action&gt;
  NONE           Set exit action to 'none'
  HALT           Set exit action to 'halt'
  REBOOT         Set exit action to 'reboot'
  SUSPEND        Set exit action to 'suspend'
Answers:
  OK
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     7 = Unknown logout action, or not available
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="setsafelogoutaction">
      <title>SET_SAFE_LOGOUT_ACTION</title>
      <screen>
SET_SAFE_LOGOUT_ACTION:  Tell the daemon to halt/restart/suspend
                         after everybody logs out.  If only one
                         person logs out, then this is obviously
                         the same as the SET_LOGOUT_ACTION.  Note
                         that SET_LOGOUT_ACTION has precedence
                         over SET_SAFE_LOGOUT_ACTION if it is set
                         to something other then NONE.  If no one
                         is logged in, then the action takes effect
                         effect immediately.  Only supported on
                         connections that passed AUTH_LOCAL.
Supported since: 2.5.90.0
Arguments: &lt;action&gt;
  NONE           Set exit action to 'none'
  HALT           Set exit action to 'halt'
  REBOOT         Set exit action to 'reboot'
  SUSPEND        Set exit action to 'suspend'
Answers:
  OK
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     7 = Unknown logout action, or not available
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="queryvt">
      <title>QUERY_VT</title>
      <screen>
QUERY_VT:  Ask the daemon about which VT we are currently on.
           This is useful for logins which don't own
           /dev/console but are still console logins.  Only
           supported on Linux currently, other places will
           just get ERROR 8.  This is also the way to query
           if VT support is available in the daemon in the
           first place.  Only supported on connections that
           passed AUTH_LOCAL.
Supported since: 2.5.90.0
Arguments: None
Answers:
  OK &lt;vt number&gt;
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     8 = Virtual terminals not supported
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="setvt">
      <title>SET_VT</title>
      <screen>
SET_VT:  Change to the specified virtual terminal.
         This is useful for logins which don't own /dev/console
         but are still console logins.  Only supported on Linux
         currently, other places will just get ERROR 8.
         Only supported on connections that passed AUTH_LOCAL.
Supported since: 2.5.90.0
Arguments: &lt;vt&gt;
Answers:
  OK
  ERROR &lt;err number&gt; &lt;english error description&gt;
     0 = Not implemented
     8 = Virtual terminals not supported
     9 = Invalid virtual terminal number
     100 = Not authenticated
     200 = Too many messages
     999 = Unknown error
      </screen>
      </sect3>
      
      <sect3 id="close">
      <title>CLOSE</title>
      <screen>
CLOSE: Close sockets connection
Supported since: 2.2.4.0
Arguments: None
Answers: None
      </screen>
      </sect3>
    </sect2>
  </sect1>

  <!-- ============= GDM Commands ============================= -->

  <sect1 id="binaries">
    <title>GDM Commands</title>

    <sect2 id="bindir_binaries">
      <title>GDM User Commands</title>

      <para>The GDM package provides the following different commands in EXPANDED_BINDIR intended to be used by the end-user:</para>

      <sect3 id="gdmxnestchoosercommandline">
        <title><command>gdmXnestchooser</command> and <command>gdmXnest</command> Command Line Options</title>

        <para>The <command>gdmXnestchooser</command> command automatically gets the correct display number, sets up access, and runs <command>Xnest</command> with -indirect localhost. This way you get an XDMCP chooser provided by your computer. You can also supply as an argument the hostname whose chooser should be displayed, so <command>gdmXnestchooser somehost</command> will run the XDMCP chooser from host <command>somehost</command> inside an Xnest session. You can make this command do a direct query instead by passing the <command>-d</command> option as well. In addition to the following options, this command also supports standard GNOME options.</para>

        <variablelist>
        <title><command>gdmXnestchooser</command> Command Line Options</title>

          <varlistentry>
            <term>-x, --xnest=STRING</term>
            <listitem>
              <para>Xnest command line, default is "Xnest"</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-o, --xnest-extra-options=OPTIONS</term>
            <listitem>
              <para>Extra options for Xnest, default is no options.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-n, --no-query</term>
            <listitem>
              <para>Just run Xnest, no query (no chooser)</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-d, --direct</term>
            <listitem>
              <para>Do direct query instead of indirect (chooser)</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-B, --broadcast</term>
            <listitem>
              <para>Run broadcast instead of indirect (chooser)</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-b, --background</term>
            <listitem>
              <para>Run in background</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--no-gdm-check</term>
            <listitem>
              <para>Don't check for running GDM</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </sect3>

      <sect3 id="gdmflexichoosercommandline">
        <title><command>gdmflexichooser</command> Command Line Options</title>

        <para>The <command>gdmflexiserver</command> command provides three features. It can be used to run flexible (on demand) X displays, to run a flexible display via Xnest, and to send commands to the GDM daemon process.</para>

        <para>Starting a flexible X display will normally lock the current session with a screensaver and will redisplay the GDM login screen so a second user can log in. This feature is only available on systems that support virtual terminals and have them enabled. This feature is useful if you are logged in as user A, and user B wants to log in quickly but user A does not wish to log out. The X server takes care of the virtual terminal switching so it works transparently. If there is more than one running display defined with flexible=true, then the user is shown a dialog that displays the currently running sessions. The user can then pick which session to continue and will normally have to enter the password to unlock the screen.</para>

        <para>Flexible displays started via Xnest works on systems that do not support virtual terminals. This option starts a flexible display in a window in the current session. This does not lock the current session, so is not as secure as a flexible server started via virtual terminals.</para>

        <para>The <command>gdmflexiserver --command</command> option provides a way to send commands to the GDM daemon and can be used to debug problems or to change the GDM configuration.</para>

        <para>In addition to the following options, <command>gdmflexiserver</command> also supports standard GNOME options.</para>

        <variablelist>
        <title><command>gdmflexichooser</command> Command Line Options</title>

          <varlistentry>
            <term>-c, --command=COMMAND</term>
            <listitem>
              <para>Enviar el comando de protocolo especificado a GDM</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-n, --xnest</term>
            <listitem>
              <para>Start a flexible X display in Xnest mode</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-l, --no-lock</term>
            <listitem>
              <para>No bloquear la pantalla actual</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-d, --debug</term>
            <listitem>
              <para>Activar salida de depuración para enviarla a syslog. Lo mismo que cuadno se activa la depuración en el archivo de configuración.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-a, --authenticate</term>
            <listitem>
              <para>Autenticar antes de ejecutar --command</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-s, --startnew</term>
            <listitem>
              <para>Starts a new flexible display without displaying a dialog asking the user if they wish to continue any existing sessions.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </sect3>

      <sect3 id="gdmdynamiccommandline">
        <title>Opciones de línea de comandos de <command>gdmdynamic</command></title>

        <para>The <command>gdmdynamic</command> command which creates, runs, and removes displays (X servers) on demand.</para>

        <para>Some environments need the ability to tell GDM to create and manage new displays on the fly, where it is not possible to list the possible displays in GDM configuration files. The <command>gdmdynamic</command> command can be used to create a new display on a particular display number, run all newly created displays, or remove a display. The <command>gdmdynamic</command> command can also be used to list all attached displays, or only attached displays that match a pattern.</para>

        <variablelist>
          <title>Opciones de línea de comandos de <command>gdmdynamic</command></title>

          <varlistentry>
            <term/>
            <listitem>
            <para><emphasis>Una de las siguientes opciones pueden usarse por instancia:</emphasis></para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-a display=server</term>
            <listitem>
              <para>Add a new display configuration. For example, <command>"-a 2=StandardServerTwo"</command><command>"-a 3=/usr/X11R6/bin/X -dev /dev/fb2"</command></para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-r</term>
            <listitem>
              <para>Release (run) all displays waiting in the DISPLAY_CONFIG state.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-d display</term>
            <listitem>
              <para>Delete a display, killing the X server and purging the display configuration. For example, "-d 3".</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-l [pattern]</term>
            <listitem>
              <para>List displays via the ATTACHED_SERVERS command. Without a pattern lists all attached displays. With a pattern will match using glob characters '*', '?', and '[]'. For example: <command>"-l Standard*"</command><command>"-l *Xorg*"</command></para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term/>
            <listitem>
            <para><emphasis>These options can be added to the above:</emphasis></para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-v</term>
            <listitem>
              <para>Verbose mode. Prinr diagnostic messages about each message sent to GDM.</para>
            </listitem>
          </varlistentry>
        
          <varlistentry>
            <term>-b</term>
            <listitem>
              <para>Background mode. Fork child to do the work and return immediately.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </sect3>

      <sect3 id="gdmphotosetupcommandline">
        <title><command>gdmphotosetup</command> Command Line Options</title>

        <para>Allows the user to select an image that will be used as the user's photo by GDM's face browser, if enabled by GDM. The selected file is stored as ~/.face. This command accepts standard GNOME options.</para>
      </sect3>

      <sect3 id="gdmthemetestercommandline">
        <title><command>gdmthemetester</command> Command Line Options</title>

        <para><command>gdmthemetester</command> takes two parameters. The first parameter specifies the environment and the second parameter specifies the path name or the name of a theme to view. This is a tool for viewing a theme outside of GDM. It is useful for testing or viewing themes. <command>gdmthemetester</command> requires that the system support <command>gdmXnest</command>. Note that themes can display differently depending on the theme's "Show mode". <command>gdmthemetester</command> allows viewing the themes in different modes via the environment option. Valid environment values and their meanings follow: <screen>
console       - In console mode.
console-timed - In console non-flexi mode.
flexi         - In flexi mode.
xdmcp         - In remote (XDMCP) mode.
remote-flexi  - In remote (XDMCP) &amp; flexi mode.
         </screen></para>
      </sect3>
    </sect2>

    <sect2 id="sbindir_binaries">
      <title>GDM Root User Commands</title>

      <para>The GDM package provides the following different commands in EXPANDED_SBINDIR intended to be used by the root user:</para>

      <sect3 id="gdmcommandline">
        <title><command>gdm</command> and <command>gdm-binary</command> Command Line Options</title>

        <para>The <command>gdm</command> command is really just a script which runs the <command>gdm-binary</command>, passing along any options. Before launching <command>gdm-binary</command>, the gdm wrapper script will source the <filename>&lt;etc&gt;/profile</filename> file to set the standard system environment variables. In order to better support internationalization, it will also set the LC_MESSAGES environment variable to LANG if neither LC_MESSAGES or LC_ALL are set. If you really need to set some additional environment before launching GDM, you can do so in this script.</para>

        <variablelist>
          <title><command>gdm</command> and <command>gdm-binary</command> Command Line Options</title>

          <varlistentry>
            <term>--help</term>
            <listitem>
              <para>Gives a brief overview of the command line options.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>-nodaemon</term>
            <listitem>
              <para>If this option is specified, then GDM does not fork into the background when run. You can use just a single dash with this option to preserve compatibility with XDM.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--no-console</term>
            <listitem>
              <para>Tell the daemon that it should not run anything on the console. This means that none of the local servers from the <filename>[servers]</filename> section will be run, and the console will not be used for communicating errors to the user. An empty <filename>[servers]</filename> section automatically implies this option.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--config=CONFIGFILE</term>
            <listitem>
              <para>Specify an alternative configuration file.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--preserve-ld-vars</term>
            <listitem>
              <para>When clearing the environment internally, preserve all variables starting with LD_. This is mostly for debugging purposes.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--version</term>
            <listitem>
              <para>Print the version of the GDM daemon.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--wait-for-go</term>
            <listitem>
              <para>If started with this option, gdm will init, but only start the first local display and then wait for a GO message in the fifo protocol. No greeter will be shown until the GO message is sent. Also flexiserver requests will be denied and XDMCP will not be started until GO is given. This is useful for initialization scripts which wish to start X early, but where you don't yet want the user to start logging in. So the script would send the GO to the fifo once it is ready and GDM will then continue. This functionality was added in version 2.5.90.0.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </sect3>

      <sect3 id="gdmsetupcommandline">
        <title><command>gdmsetup</command> Command Line Options</title>

        <para><command>gdmsetup</command> runs a graphical application for modifying the GDM configuration file. Normally on systems that support the PAM userhelper, this is setup such that when you run <command>gdmsetup</command> as an ordinary user, it will first ask you for your root password before starting. Otherwise, this application may only be run as root. This application supports standard GNOME options.</para>
      </sect3>

      <sect3 id="gdmrestartcommandline">
        <title><command>gdm-restart</command> Command Line Options</title>

        <para><command>gdm-restart</command> stops and restarts GDM by sending the GDM daemon a HUP signal. This command will immediately terminate all sessions and log out users currently logged in with GDM.</para>
      </sect3>

      <sect3 id="gdmsaferestartcommandline">
        <title><command>gdm-safe-restart</command> Command Line Options</title>
  
        <para><command>gdm-safe-restart</command> stops and restarts GDM by sending the GDM daemon a USR1 signal. GDM will be restarted as soon as all users log out.</para>
      </sect3>

      <sect3 id="gdmstopcommandline">
        <title><command>gdm-stop</command> Command Line Options</title>

        <para><command>gdm-stop</command> stops GDM by sending the GDM daemon a TERM signal.</para>
      </sect3>
    </sect2>

    <sect2 id="libexecdir_binaries">
      <title>Comandos internos de GDM</title>

      <para>The GDM package provides the following different commands in EXPANDED_LIBEXECDIR intended to be used by the gdm daemon process.</para>

      <sect3 id="gdmgreeterlogincommandline">
        <title><command>gdmchooser</command> and <command>gdmlogin</command> Command Line Options</title>

        <para>The <command>gdmgreeter</command> and <command>gdmlogin</command> are two different login applications, either can be used by GDM. <command>gdmgreeter</command> is themeable with GDM themes while <command>gdmlogin</command> is themable with GTK+ themes. These applications are normally executed by the GDM daemon. Both commands support standard GNOME options.</para>