> > Apparently the former means "any host can get a chooser but not a > > login window", while the latter means "any host can get a chooser or a > > login window". > > this is disabled by default because it's a security risk and generally > discouraged.
What is discouraged? Allowing a host to get a chooser, or both a chooser and a login window, or xdmcp altogether? What would be the alternative? In our case we've configured the firewall to allow connections to port 177 only for the ip addresses of our terminals. Also our network uses switches instead of hubs, so eavesdropping on clear-text packets is not possible. Is there still a security risk? Thanks, Eric
