I am sponsoring this case for myself. Since it is a straightforward
upgrade to the latest open source release, with no controversial changes,
I've marked it Approved Automatic, with Patch release binding.
A text output copy of the new man page, and diffs from the old one, are
available in the case directory for reference.
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
xdm 1.1.9 (X11R7)
1.2. Name of Document Author/Supplier:
Author: Alan Coopersmith
1.3 Date of This Document:
24 September, 2009
4. Technical Description
This case replaces the X11R6 based xdm display manager currently shipped
on Solaris in /usr/openwin with an X11R7 based version in /usr.
The xdm software is split out of the previous SUNWxwopt package into the
new SVR4 packages SUNWxdm & SUNWxdm-root (which will be combined into a
single xdm IPS package).
Solaris Citizenship Status:
---------------------------
xdm remains a "resident alien" of Solaris. This case, by following
upstream changes, brings xdm slightly closer to becoming a good, full
citizen of Solaris, but reaching full integration is out of scope for
this case, and must wait for later projects.
Previously implemented in xdm (and not regressed in this case):
- Full PAM conversation support for authentication.
- Control of root login via the CONSOLE parameter in /etc/default/login
Changes made by this case:
- Site-administered configuration files have moved from /usr to /etc
In the SVR4 packages they are type "e", class "preserve".
- Runtime data files & logs have moved from /usr to /var
- Only read-only, non-site-editable files remain in /usr
- Secure-by-default: listening for incoming XDMCP connections is disabled
in the default configuration. Sites wishing to allow remote sessions
via XDMCP will need to edit the configuration files in /etc/X11/xdm to
enable the XDMCP port and adjust the host access list.
Known remaining obstacles to full citizenship:
- SMF integration. No mechanism to start xdm automatically is
currently provided, neither an /etc/rc*.d script nor an SMF
manifest. xdm also does not manipulate process contracts to ensure
that a segfaulting program in a user session does not cause SMF to
kill the entire session and restart the xdm daemon.
- Auditing. xdm does not call the Solaris Audit API's to record
authentication attempts and results.
- Use of logindevperm to set device ownership/permissions.
- Use of the ASARC 1995/390 "dtlogin" pipe to inform the X server of the
user logging in, so it can adopt that user's credentials
There is no schedule at this time for those enhancements, but as xdm has
been shipped in Solaris for over 15 years with some of these deficiencies,
it is not a change to the status quo.
Users needing any of the above missing features, or support for Sun Ray
terminals or accessibility helpers, must continue to use gdm, which
remains the preferred, recommended, and best supported display manager
for Solaris & OpenSolaris - xdm is just an alternative for sites who
prefer it for some reason.
New file layouts:
-----------------
In accordance with PSARC 2009/482, the xdm files are directly integrated
into /usr, not /usr/openwin nor /usr/X11.
As noted above, several files have additionally moved beyond that to
locations better fitting their purpose, and more closely matching the
new locations used in upstream code and other OS'es.
The xdm daemon binary itself is moved to /usr/sbin/xdm.
The xdm configuration files are delivered to /etc/X11/xdm. Copies of the
system-delivered ones (for reference if sites have modified them) are placed
in /usr/lib/X11/xdm.
The scripts that are run at various stages are delivered in /usr/lib/X11/xdm,
along with a README informing sites that they can customize them by copying
a script to /etc/X11/xdm and then changing the path to it in the master
configuration file, /etc/X11/xdm/xdm-config.
The xdmshell utility which was designed for sites which wanted to start in
text console mode, but provide the ability to start xdm on demand by logging
in as an xdm user, is delivered in /usr/lib/X11/xdm/xdmshell, since it is
only intended to be run as a shell in the password database.
The xdm.pid file in which xdm records its process id will be created as
/var/run/xdm/xdm.pid. xauth authentication files for X servers started
by xdm will be created in /var/run/xdm/authdir.
The xdm log file will be created as /var/log/xdm.log.
Backwards compatibility symlinks are left under /usr/openwin to aid in
migration.
Imported interfaces
-------------------
/usr/openwin locations for xdm ? Pre-ARC
IPv6 support for xdm & XDMCP Committed PSARC 2002/443
XDM-AUTHORIZATION-1 in libXdmcp Committed PSARC 2009/362
Exported interfaces
-------------------
/usr/openwin locations for xdm Obsolete
New locations for xdm files Committed
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
X Consolidation / Desktop C-Team
6.5. ARC review type: Automatic
6.6. ARC Exposure: open
