Red Hat Bugzilla – Bug 3565
xdm Xaccess broken
Last modified: 2008-05-01 11:37:50 EDT
xdm fails to authorize clients specified in Xaccess unless a line with a "*" (all clients authorized) is included. More precisely: 1) we have done a fresh install of RedHat 6.0 followed immediately by an update of the XFree86 packages to release 52. 2) after some trouble we isolated the following minimal set of operation inducing the bug. A) on server.bar.net, set /etc/X11/xdm/Xaccess to x-term.bar.net * CHOOSER server.bar.net and connect with indirect XDMCP to server.bar.net from x-term.bar.net. The displayed host list contains server.bar.net, but the display is not authorized and login is impossible. B) On server.bar.net, set /etc/X11/xdm/Xaccess to * * CHOOSER server.bar.net and connect as before from x-term.bar.net. Now everything works fine.
Can you verify if this problem still exists in XFree86-3.3.3.1-52 (the recent errata release of XFree86)? Thanks ...
As you can see from point 1), we are actually using the -52 release. We have a tcpdump of the request/answer packet of a failing XDCMP session. Anyone interested can ask for a copy...
Jay, can you please verify this in the lab?
you are allowing any host to get a CHOOSER window, and allowing the CHOOSER to display that server1 is a valid computer to log in to, but you are not allowing server1 to respond to XDMCP requests. I.e. you have misconfigured things, because I know it is confusing. when you put x-term.bar.net on a line by itself, you are only saying that the local xdm can allow logins TO that computer, not FROM that computer. You need to remove that line and instead put server.bar.net on a line by itself. Then, because you allow any host to get a CHOOSER (the * part of the chooser line), your x-term will be able to get a chooser on server, and server's chooser will display server as a login option (3rd part of the CHOOSER line), and it will be authorized (the server.bar.net line by itself). Hope that clears things up.