Provided by: wdm_1.28-24_amd64 bug


       wdm - WINGs Display Manager


       wdm [ options ]


       wdm  is  an  X  display  manager  based  on  the original X11 X Display Manager (xdm).  It
       features numerous functionality improvements, including the ability to reboot or halt  the
       machine  (once  the  proper  password  has  been  supplied)  and  to select from a list of
       available X sessions to start. The look of the login panel is somewhat configurable, too.


       Except for -config, all of these options can be specified as resources.

       -config configuration_file
              Names the configuration file, which specifies resources to control the behavior  of
              wdm. #configdir#/wdm-config is the default.

              Specifies  ``false''  as the value for the DisplayManager.daemonMode resource. This
              suppresses the normal  daemon  behavior,  which  is  for  wdm  to  close  all  file
              descriptors,  disassociate  itself from the controlling terminal, and put itself in
              the background when it first starts up.

       -debug debug_level
              Specifies the numeric value for the DisplayManager.debugLevel resource.  A non-zero
              value  causes  wdm  to  print lots of debugging statements to the terminal; it also
              disables the DisplayManager.daemonMode resource, forcing wdm to run  synchronously.
              To  interpret these debugging messages, a copy of the source code for wdm is almost
              a necessity.  No attempt has been made to rationalize or standardize the output.

       -error error_log_file
              Specifies the  value  for  the  DisplayManager.errorLogFile  resource.   This  file
              contains  errors  from  wdm  as  well  as anything written to stderr by the various
              scripts and programs run during the progress of the session.

       -syslog facility
              Specifies  the  value  for  the  DisplayManager.syslogFacility  resource.  This  is
              factility to use with all messages if log is redirected to syslog.

              Specifies  ``true''  as  the  value for the DisplayManager.useSyslog resource. This
              will   force   all   messages   go   to   syslog   with   facility   specified   by
              DisplayManager.syslogFacility resource.

              Specifies  ``false''  as  the value for the DisplayManager.useSyslog resource. This
              will force all messages go to log  file  specified  by  DisplayManager.errorLogFile

       -resources resource_file
              Specifies the value for the DisplayManager*resources resource.  This file is loaded
              using xrdb to specify configuration parameters for the authentication widget.

       -server server_entry
              Specifies the value for the DisplayManager.servers resource.

       -udpPort port_number
              Specifies the value for the DisplayManager.requestPort  resource.   This  sets  the
              port-number  which  wdm  will  monitor  for  XDMCP  requests.   As  XDMCP  uses the
              registered well-known UDP port 177, this resource should not be changed except  for
              debugging. If set to 0 wdm will not listen for XDMCP or Chooser requests.

       -session session_program
              Specifies  the  value  for the DisplayManager*session resource.  This indicates the
              program to run as the session after the user has logged in.

       -xrm resource_specification
              Allows an arbitrary resource to be specified, as in most X Toolkit applications.


       At many stages the actions of wdm can be controlled through the use of  its  configuration
       file, which is in the X resource format.  Some resources modify the behavior of wdm on all
       displays, while others modify its behavior on a single display.  Where actions relate to a
       specific   display,   the  display  name  is  inserted  into  the  resource  name  between
       ``DisplayManager'' and the final resource name segment.

       For local displays, the resource name and class are as read from the Xservers file.

       For remote displays, the resource name is what the network address of the display resolves
       to.   See the removeDomain resource.  The name must match exactly; wdm is not aware of all
       the network aliases that might reach a given display.  If  the  name  resolve  fails,  the
       address  is  used.   The  resource  class  is  as  sent by the display in the XDMCP Manage

       Because the resource manager uses colons to separate the name of  the  resource  from  its
       value  and dots to separate resource name parts, wdm substitutes underscores for both dots
       and    colons     when     generating     the     resource     name.      For     example,
       DisplayManager.expo_x_org_0.startup  is the name of the resource which defines the startup
       shell file for the ``'' display.

              This resource either specifies a file name full of server entries, one per line (if
              the  value  starts  with a slash), or a single server entry.  See the section Local
              Server Specification for the details.

              This indicates the UDP port number which wdm uses  to  listen  for  incoming  XDMCP
              requests.   Unless  you need to debug the system, leave this with its default value
              of 177.

              Error output is normally directed at the system console.  To redirect it, set  this
              resource  to  a  file  name.   A  method to send these messages to syslog should be
              developed for systems which support it; however, the  wide  variety  of  interfaces
              precludes  any  system-independent  implementation.   This  file  also contains any
              output directed to stderr by the Xsetup, Xstartup, Xsession and Xreset files, so it
              will contain descriptions of problems in those scripts as well.

              If  the  integer  value  of  this resource is greater than zero, reams of debugging
              information will be printed.  It also disables daemon mode,  which  would  redirect
              the  information  into  the bit-bucket, and allows non-root users to run wdm, which
              would normally not be useful.

              Normally, wdm attempts to make itself into a daemon process unassociated  with  any
              terminal.   This is accomplished by forking and leaving the parent process to exit,
              then closing file descriptors and releasing  the  controlling  terminal.   In  some
              environments  this  is  not  desired (in particular, when debugging).  Setting this
              resource to ``false'' will disable this feature.

              The filename specified will be created to contain an ASCII  representation  of  the
              process-id  of  the  main  wdm process.  Xdm also uses file locking on this file to
              attempt to eliminate multiple daemons running on  the  same  machine,  which  would
              cause quite a bit of havoc.

              This  is the resource which controls whether wdm uses file locking to keep multiple
              display managers from running amok.  On System V, this uses the lockf library call,
              while on BSD it uses flock.

              This   names   a  directory  under  which  wdm  stores  authorization  files  while
              initializing the session.  The default value is #configdir#.  Can be overridden for
              specific displays by DisplayManager.DISPLAY.authFile.

              This  boolean  controls  whether  wdm  rescans  the  configuration, servers, access
              control and authentication keys files after a session terminates and the files have
              changed.   By  default  it is ``true.''  You can force wdm to reread these files by
              sending a SIGHUP to the main process.

              When computing the display name for XDMCP clients, the name resolver will typically
              create  a  fully  qualified  host  name  for  the  terminal.   As this is sometimes
              confusing, wdm will remove the domain name portion of the host name if  it  is  the
              same  as  the  domain name of the local host when this variable is set.  By default
              the value is ``true.''

              XDM-AUTHENTICATION-1 style XDMCP authentication requires  that  a  private  key  be
              shared  between  wdm and the terminal.  This resource specifies the file containing
              those values.  Each entry in the file consists of a display  name  and  the  shared
              key.   By  default,  wdm  does  not include support for XDM-AUTHENTICATION-1, as it
              requires DES which is not generally distributable because of United  States  export

              To   prevent   unauthorized   XDMCP  service  and  to  allow  forwarding  of  XDMCP
              IndirectQuery requests, this file contains a database of hostnames which are either
              allowed  direct  access  to  this machine, or have a list of hosts to which queries
              should be forwarded to.  The format of this file is described in the section  XDMCP
              Access Control.

              A list of additional environment variables, separated by white space, to pass on to
              the Xsetup, Xstartup, Xsession, and Xreset programs.

              A file to checksum to generate the seed of authorization keys.  This  should  be  a
              file that changes frequently.  The default is /dev/urandom.

              On  systems  that  support  a dynamically-loadable greeter library, the name of the
              library.  The default is /usr/lib/X11/xdm/  This not used in Debian.

              Number of seconds to wait for display to respond after user  has  selected  a  host
              from  the  chooser.   If the display sends an XDMCP IndirectQuery within this time,
              the request is forwarded to the chosen host.  Otherwise, it is assumed to be from a
              new session and the chooser is offered again.  Default is 15.

              Use  the  numeric IP address of the incoming connection on multihomed hosts instead
              of the host name. This is to avoid trying to connect on the wrong  interface  which
              might be down at this time.

              This  specifies a program which is run (as) root when an an XDMCP BroadcastQuery is
              received and this host is configured to offer XDMCP display management. The  output
              of  this program may be displayed on a chooser window.  If no program is specified,
              the string Willing to manage is sent.

              This resource specifies the name of the file to be loaded by xrdb as  the  resource
              database  onto the root window of screen 0 of the display.  The Xsetup program, the
              Login widget, and chooser will use the resources set in this file.   This  resource
              data  base is loaded just before the authentication procedure is started, so it can
              control the appearance of the login window.  See the section Authentication Widget,
              which  describes  the various resources that are appropriate to place in this file.
              There is no default value for this  resource,  but  #configdir#/Xresources  is  the
              conventional name.

              Specifies  the  program run to offer a host menu for Indirect queries redirected to
              the special host name CHOOSER.  /usr/lib/X11/xdm/chooser is the default.   See  the
              sections XDMCP Access Control and Chooser.

              Specifies   the  program  used  to  load  the  resources.   By  default,  wdm  uses

              This specifies the name of the C preprocessor which is used by xrdb.

              This specifies a program which is run (as root) before offering the  Login  window.
              This  may be used to change the appearance of the screen around the Login window or
              to put up other windows (e.g., you may want to run xconsole here).  By default,  no
              program  is  run.   The  conventional name for a file used here is Xsetup.  See the
              section Setup Program.

              This specifies a program which is run (as root) after  the  authentication  process
              succeeds.   By  default,  no program is run.  The conventional name for a file used
              here is Xstartup.  See the section Startup Program.

              This specifies the session to be executed  (not  running  as  root).   By  default,
              /usr/bin/x-terminal-emulator  is  run.  The conventional name is Xsession.  See the
              section Session Program.

              This specifies a program which is run (as root) after the session  terminates.   By
              default,  no  program  is  run.   The conventional name is Xreset.  See the section
              Reset Program.




              These numeric resources control  the  behavior  of  wdm  when  attempting  to  open
              intransigent  servers.   openDelay  is the length of the pause (in seconds) between
              successive attempts, openRepeat is the number of attempts to make,  openTimeout  is
              the  amount  of  time to wait while actually attempting the open (i.e., the maximum
              time spent in the connect(2) system call) and startAttempts is the number of  times
              this  entire  process  is  done  before  giving up on the server.  After openRepeat
              attempts have been made,  or  if  openTimeout  seconds  elapse  in  any  particular
              attempt, wdm terminates and restarts the server, attempting to connect again.  This
              process is repeated startAttempts times, at which point  the  display  is  declared
              dead  and  disabled.   Although  this  behavior  may  seem  arbitrary,  it has been
              empirically developed and works quite well on most systems.  The default values are
              5 for openDelay, 5 for openRepeat, 30 for openTimeout and 4 for startAttempts.


              To discover when remote displays disappear, wdm occasionally pings them, using an X
              connection and XSync calls.  pingInterval specifies the time (in  minutes)  between
              each ping attempt, pingTimeout specifies the maximum amount of time (in minutes) to
              wait for the terminal to respond to the request.  If the terminal does not respond,
              the  session  is  declared  dead  and  terminated.   By  default, both are set to 5
              minutes.  If you frequently use X terminals which  can  become  isolated  from  the
              managing  host,  you  may  wish  to  increase  this  value.  The only worry is that
              sessions will continue to exist after the terminal has been accidentally  disabled.
              wdm  will  not  ping  local  displays.   Although  it  would  seem  harmless, it is
              unpleasant when the workstation session is terminated as a  result  of  the  server
              hanging for NFS service and not responding to the ping.

              This  boolean  resource  specifies whether the X server should be terminated when a
              session terminates (instead of resetting it).  This option can  be  used  when  the
              server  tends to grow without bound over time, in order to limit the amount of time
              the server is run.  The default value is ``false.''

              Xdm sets the PATH environment variable for the session to this value.  It should be
              a  colon  separated  list  of  directories;  see  sh(1)  for  a  full  description.
              ``:/bin:/usr/bin:/usr/games'' is a  common  setting.   The  default  value  can  be
              specified at build time in the X system configuration file with DefaultUserPath.

              Xdm  sets  the  PATH  environment variable for the startup and reset scripts to the
              value of this resource.  The default for this resource is specified at  build  time
              by    the    DefaultSystemPath    entry   in   the   system   configuration   file;
              ``/etc:/bin:/usr/bin'' is a common choice.  Note the absence  of  ``.''  from  this
              entry.   This  is  a good practice to follow for root; it avoids many common Trojan
              Horse system penetration schemes.

              Xdm sets the SHELL environment variable for the startup and reset  scripts  to  the
              value of this resource.  It is /bin/sh by default.

              If  the default session fails to execute, wdm will fall back to this program.  This
              program is executed with no arguments, but  executes  using  the  same  environment
              variables  as  the  session  would  have had (see the section Session Program).  By
              default, /usr/bin/x-terminal-emulator is used.


              To improve security, wdm grabs the server and keyboard while reading the login name
              and  password.   The grabServer resource specifies if the server should be held for
              the duration of the name/password reading.  When ``false,'' the server is ungrabbed
              after the keyboard grab succeeds, otherwise the server is grabbed until just before
              the session begins.  The default is ``false.''  The grabTimeout resource  specifies
              the  maximum time wdm will wait for the grab to succeed.  The grab may fail if some
              other client has the server grabbed, or possibly if the network latencies are  very
              high.   This resource has a default value of 3 seconds; you should be cautious when
              raising it, as a user can be spoofed by a look-alike window on the display.  If the
              grab fails, wdm kills and restarts the server (if possible) and the session.


              authorize  is  a  boolean  resource  which  controls whether wdm generates and uses
              authorization for the local server connections.  If authorization is used, authName
              is  a  list  of  authorization  mechanisms to use, separated by white space.  XDMCP
              connections dynamically specify which authorization mechanisms  are  supported,  so
              authName  is  ignored  in  this  case.   When  authorize  is  set for a display and
              authorization is not available, the user is informed by having a different  message
              displayed  in  the  login  widget.  By default, authorize is ``true.''  authName is
              ``MIT-MAGIC-COOKIE-1,''   or,   if   XDM-AUTHORIZATION-1   is   available,   ``XDM-

              This  file  is  used  to communicate the authorization data from wdm to the server,
              using the -auth server command line option.  It should be kept in a directory which
              is  not  world-writable  as it could easily be removed, disabling the authorization
              mechanism  in  the  server.   If  not  specified,  a   name   is   generated   from
              DisplayManager.authDir and the name of the display.

              If  set to ``false,'' disables the use of the unsecureGreeting in the login window.
              See the section Authentication Widget.  The default is ``true.''

              The number of  the  signal  wdm  sends  to  reset  the  server.   See  the  section
              Controlling the Server.  The default is 1 (SIGHUP).

              The  number  of  the  signal  wdm  sends  to terminate the server.  See the section
              Controlling the Server.  The default is 15 (SIGTERM).

              The original implementation of  authorization  in  the  sample  server  reread  the
              authorization  file  at  server  reset  time,  instead of when checking the initial
              connection.  As wdm generates the authorization information just before  connecting
              to  the  display, an old server would not get up-to-date authorization information.
              This resource causes wdm to send SIGHUP to the server after setting  up  the  file,
              causing   an   additional  server  reset  to  occur,  during  which  time  the  new
              authorization information will be read.  The default is ``false,'' which will  work
              for all MIT servers.

              When   wdm   is   unable   to   write   to   the   usual  user  authorization  file
              ($HOME/.Xauthority), it creates a unique file name in this directory and points the
              environment variable XAUTHORITY at the created file.  It uses /tmp by default.

              Specifies the path to wdmLogin(1x)

              Is  a colon separated list of window managers to use as options in the login panel.
              Note that if you include the path to the window manager, it will look ugly. You may
              set this resource to None if you want only NoChange to appear.

              Path  to  the  logo pixmap, several formats are accepted, read wdmLogin(1x) to find
              out more.

              Path to a text file which will be displayed in the help panel, read wdmLogin(1x) to
              find out more.

              a default username which will be used if no username is typed.

              the  clear text password of the default user above. BE VERY CAREFUL when using this
              two resources, and don't forget to do: chmod 600 wdm-config ; chown root.root  wdm-

              Background  specification.  Read the BACKGROUND IMAGE SPECIFICATION section to find
              out about the format.  If this is not specified, then the background is not set.

              Reboot command.

              Halt command.

              If true, verify user's identity for reboot/halt/exit.

              If true, user must be root to exit.

              If true, enable animations consisting of  shaking  the  panel  (if  an  error)  and
              rolling up the panel (when closing it).  If false, animations are disabled.

              LANG  environment  variable  will  be set to value of this resource before starting

              If you have recent version of XFree with support for transparent  cursors  you  can
              select cursor theme to use on login panel.  XCURSOR_THEME environment variable will
              be set to value of this resource before starting wdmLogin.


       The default location of the wdm configuration file is #configdir#/wdm-config

       Here is a reasonable configuration file, which could be named wdm-config:

            DisplayManager.servers:            /usr/lib/X11/xdm/Xservers
            DisplayManager.errorLogFile:       /usr/lib/X11/xdm/xdm-errors
            DisplayManager*resources:          /usr/lib/X11/xdm/Xresources
            DisplayManager*startup:            /usr/lib/X11/xdm/Xstartup
            DisplayManager*session:            /usr/lib/X11/xdm/Xsession
            DisplayManager.pidFile:            /usr/lib/X11/xdm/xdm-pid
            DisplayManager._0.authorize:       true
            DisplayManager*authorize:          false

       Note that this file mostly contains references to other files.  Note also that some of the
       resources are specified with ``*'' separating the components.  These resources can be made
       unique for each different display, by replacing  the  ``*''  with  the  display-name,  but
       normally  this  is  not very useful.  See the Resources section for a complete discussion.
       If the entry is a host name, all comparisons are done using network addresses, so any name
       which  converts  to the correct network address may be used.  For patterns, only canonical
       host names are used in the comparison, so ensure that you do not attempt to match aliases.
       Preceding  either  a  host name or a pattern with a `!' character causes hosts which match
       that entry to be excluded.

       To only respond to Direct queries for a host  or  pattern,  it  can  be  followed  by  the
       optional  ``NOBROADCAST''  keyword.   This  can  be  used  to  prevent  an wdm server from
       appearing on menus based on Broadcast queries.

       An Indirect entry also contains a host name or pattern, but follows it with a list of host
       names or macros to which indirect queries should be sent.

       A  macro  definition  contains a macro name and a list of host names and other macros that
       the macro expands to.  To distinguish macros from hostnames, macro names start with a  `%'
       character.  Macros may be nested.

       Indirect  entries  may  also  specify  to have wdm run chooser to offer a menu of hosts to
       connect to.  See the section Chooser.

       When checking access for a particular display host, each entry is scanned in turn and  the
       first  matching  entry  determines the response.  Direct and Broadcast entries are ignored
       when scanning for an Indirect entry and vice-versa.

       Blank lines are ignored, `#' is treated as a comment delimiter causing the  rest  of  that
       line  to  be  ignored,  and `\newline' causes the newline to be ignored, allowing indirect
       host lists to span multiple lines.

       Here is an example Xaccess file:

       # Xaccess - XDMCP access control file

       # Direct/Broadcast query entries

       !   # disallow direct/broadcast service for xtra       # allow access from this particular display
       *       # allow access from any display in LCS

       *        NOBROADCAST         # allow only direct access
       *                                # allow direct and broadcast

       # Indirect query entries

       %HOSTS     \
                    #force extract to contact xenon
       !   dummy               #disallow indirect access
       *       %HOSTS              #all others get to choose


       The Xresources file is loaded onto the display as a resource database using xrdb.  As  the
       authentication  widget  reads  this  database  before  starting  up,  it  usually contains
       parameters for that widget:

            xlogin*login.translations: #override\
                 Ctrl<Key>R: abort-display()\n\
                 <Key>F1: set-session-argument(failsafe) finish-field()\n\
                 <Key>Return: set-session-argument() finish-field()
            xlogin*borderWidth: 3
            xlogin*greeting: CLIENTHOST
            #ifdef COLOR
            xlogin*greetColor: CadetBlue
            xlogin*failColor: red

       Please note the translations entry; it specifies a few new  translations  for  the  widget
       which allow users to escape from the default session (and avoid troubles that may occur in
       it).  Note that if #override is not specified, the default translations  are  removed  and
       replaced  by  the  new value, not a very useful result as some of the default translations
       are quite useful (such as ``<Key>: insert-char ()'' which responds to normal typing).

       This file may also contain resources for the setup program and chooser.


       The Xsetup file is run after the server is reset, but before the Login window is  offered.
       The  file  is  typically  a  shell  script.  It is run as root, so should be careful about
       security.  This is the place to change the root background or bring up other windows  that
       should appear on the screen along with the Login widget.

       In  addition  to  any  specified  by  DisplayManager.exportList, the following environment
       variables are passed:

            DISPLAY        the associated display name
            PATH           the value of DisplayManager.DISPLAY.systemPath
            SHELL          the value of DisplayManager.DISPLAY.systemShell
            XAUTHORITY     may be set to an authority file

       Note that since wdm grabs the keyboard, any other windows will  not  be  able  to  receive
       keyboard  input.   They  will  be  able  to  interact  with  the mouse, however; beware of
       potential security holes here.  If DisplayManager.DISPLAY.grabServer is set,  Xsetup  will
       not  be able to connect to the display at all.  Resources for this program can be put into
       the file named by DisplayManager.DISPLAY.resources.

       Here is a sample Xsetup script:

            # Xsetup_0 - setup script for one workstation
            xcmsdb < /usr/local/lib/monitors/alex.0
            xconsole -geometry 480x130-0-0 -notify -verbose -exitOnFail &


       There are several possible ways of specifying a background image. The  generic  format  is
       type:image. type can be any of:

       none   The backgound is not set.

       solid  it renders a solid background, and image is a color name

       hgradient, vgradient, dgradient
              a  gradient  (either  horizontal,  vertical or diagonal) will be rendered. image is
              comma separated of color names, and any number of colors can be specified.

       pixmap a pixmap will be used for the background. image is the full path to an  image  file
              (tiff, png, jpeg and xpm allowed) and it will be scaled to use the full screen.




       wdm  was  written  by  Gene Czarcinski <>. wdm is based on work by Tom
       Rothamel and xdm, (c) 1988 X Consortium

       This man page was  written  by  Marcelo  Magallon  <>  and  extensively
       modified  by  Noah Meyerhans <>.  Much of the content was taken from xdm's
       manual page.

                                            July 2002                                     wdm(1x)