Part 2 of prior commit

1 files changed, 2662 insertions, 0 deletions

diff --git a/tdm/config.def b/tdm/config.def
new file mode 100644
index 000000000..a7ec59076
--- /dev/null
+++ b/tdm/config.def
@@ -0,0 +1,2662 @@
+#
+# Copyright 2010 Timothy Pearson <kb9vqf@pearsoncomputing.net>
+# Copyright 2004-2005 Oswald Buddenhagen <ossi@kde.org>
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation.
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of a copyright holders shall
+# not be used in advertising or otherwise to promote the sale, use or
+# other dealings in this Software without prior written authorization
+# from the copyright holders.
+#
+
+# The contents of this section are copied into config.ci verbatim.
+<code>
+#define RCVERMAJOR 2
+#define RCVERMINOR 3
+
+#define TDMCONF KDE_CONFDIR "/tdm"
+#define TDMDATA KDE_DATADIR "/tdm"
+
+#ifdef _AIX
+# define HALT_CMD	"/usr/sbin/shutdown -h now"
+# define REBOOT_CMD	"/usr/sbin/shutdown -r now"
+#elif defined(BSD)
+# define HALT_CMD	"/sbin/shutdown -h now"
+# define REBOOT_CMD	"/sbin/shutdown -r now"
+#elif defined(__SVR4)
+# define HALT_CMD	"/usr/sbin/halt"
+# define REBOOT_CMD	"/usr/sbin/reboot"
+#else
+# define HALT_CMD	"/sbin/poweroff"
+# define REBOOT_CMD	"/sbin/reboot"
+#endif
+
+#if defined(BSD) || defined(__linux__)
+# define DEF_USER_PATH "/usr/local/bin:/opt/trinity/bin:/usr/bin:/bin:/opt/trinity/games:/usr/games"
+# define DEF_SYSTEM_PATH "/usr/local/sbin:/usr/local/bin:/opt/trinity/sbin:/usr/sbin:/opt/trinity/bin:/usr/bin:/sbin:/bin"
+#else
+# define DEF_USER_PATH "/usr/local/bin:/opt/trinity/bin:/usr/bin:/bin:/opt/trinity/games:/usr/games:/usr/ucb"
+# define DEF_SYSTEM_PATH "/usr/local/sbin:/usr/local/bin:/opt/trinity/sbin:/usr/sbin:/opt/trinity/bin:/usr/bin:/sbin:/bin:/etc:/usr/ucb"
+#endif
+
+#if 0 /*def HASXDMAUTH*/
+# define DEF_AUTH_NAME	"XDM-AUTHORIZATION-1,MIT-MAGIC-COOKIE-1"
+#else
+# define DEF_AUTH_NAME	"MIT-MAGIC-COOKIE-1"
+#endif
+
+#ifdef __linux__
+# define HAVE_VTS
+#elif defined(__sun__)
+# define DEF_SERVER_TTY "console"
+#elif defined(_AIX)
+# define DEF_SERVER_TTY "lft0"
+#else
+# define DEF_SERVER_TTY ""
+#endif
+
+#ifdef _AIX
+# define DEF_SERVER_CMD XBINDIR "/X -T -force"
+#elif defined(__linux__) || defined(__GNU__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
+/* we just assume that any free *nix installation has a recent xfree86/xorg */
+# define DEF_SERVER_CMD XBINDIR "/X -br"
+#else
+# define DEF_SERVER_CMD XBINDIR "/X"
+#endif
+</code>
+
+# The contents of this section are copied mostly verbatim to the
+# default/example configuration file.
+# Everything indented with a space is considered a comment for the output;
+# it is prefixed with a hash mark but otherwise copied verbatim (except
+# for lines consisting of a single underscore, which generate empty comment
+# lines).
+# Section headers are "condensation seeds" for the Instance:s in the key
+# definitions below.
+<tdmrc>
+ &tdm; master configuration file
+ _
+ Please note: Settings in this file are sometimes ignored (overridden).
+ The default TDM startup script /etc/init.d/tdm looks in /etc/default/tdm.d
+ for theme-related settings which, if found, take precedence. The possibly 
+ overridden settings are: UseBackground, BackgroundCfg, UseTheme, Theme.
+ See /usr/share/doc/tdm/README.Debian for details
+ _
+ Definition: the greeter is the login dialog, i.e., the part of &tdm;
+ which the user sees.
+ _
+ You can configure every X-display individually.
+ Every display has a display name, which consists of a host name
+ (which is empty for local displays specified in {Static|Reserve}Servers),
+ a colon, and a display number. Additionally, a display belongs to a
+ display class (which can be ignored in most cases; the control center
+ does not support this feature at all).
+ Sections with display-specific settings have the formal syntax
+ "[X-" host [":" number [ "_" class ]] "-" sub-section "]"
+ You can use the "*" wildcard for host, number, and class. You may omit
+ trailing components; they are assumed to be "*" then.
+ The host part may be a domain specification like ".inf.tu-dresden.de".
+ It may also be "+", which means non-empty, i.e. remote displays only.
+ From which section a setting is actually taken is determined by these
+ rules:
+ - an exact match takes precedence over a partial match (for the host part),
+   which in turn takes precedence over a wildcard ("+" taking precedence
+   over "*")
+ - precedence decreases from left to right for equally exact matches
+ Example: display name "myhost:0", class "dpy".
+ [X-myhost:0_dpy] precedes
+ [X-myhost:0_*] (same as [X-myhost:0]) precedes
+ [X-myhost:*_dpy] precedes
+ [X-myhost:*_*] (same as [X-myhost]) precedes
+ [X-+:0_dpy] precedes
+ [X-*:0_dpy] precedes
+ [X-*:0_*] (same as [X-*:0]) precedes
+ [X-*:*_*] (same as [X-*])
+ These sections do NOT match this display:
+ [X-hishost], [X-myhost:0_dec], [X-*:1], [X-:*]
+ If a setting is not found in any matching section, the default is used.
+ _
+ Every comment applies to the following section or key. Note that all
+ comments will be lost if you change this file with the kcontrol frontend.
+ The defaults refer to &tdm;'s built-in values, not anything set in this file.
+ _
+ Special characters need to be backslash-escaped (leading and trailing
+ spaces (\\s), tab (\\t), linefeed (\\n), carriage return (\\r) and the
+ backslash itself (\\\\)).
+ In lists, fields are separated with commas without whitespace in between.
+ Some command strings are subject to simplified sh-style word splitting:
+ single quotes (') and double quotes (") have the usual meaning; the backslash
+ quotes everything (not only special characters). Note that the backslashes
+ need to be doubled because of the two levels of quoting.
+
+[General]
+
+[Xdmcp]
+
+[Shutdown]
+
+ Rough estimations about how many seconds &tdm; will spend at most on
+ - opening a connection to the X-server (OpenTime) if the attempt
+   - times out: OpenTimeout
+   - is refused: OpenRepeat * OpenDelay
+ - starting a local X-server (ServerTime):
+   ServerAttempts * (ServerTimeout + OpenDelay)
+ - starting a display:
+   - local display: ServerTime + OpenTime
+   - foreign display: StartAttempts * OpenTime
+   - &XDMCP; display: OpenTime (repeated indefinitely by client)
+
+ Core config for all displays
+[X-*-Core]
+
+ Greeter config for all displays
+[X-*-Greeter]
+
+ Core config for local displays
+[X-:*-Core]
+
+ Greeter config for local displays
+[X-:*-Greeter]
+
+ Core config for 1st local display
+[X-:0-Core]
+
+ Greeter config for 1st local display
+[X-:0-Greeter]
+</tdmrc>
+
+# The contents of this section are copied into tdmrc-ref.docbook.
+# The macro %REF% is replaced with the accumulated Description:s from the key
+# definitions below.
+<docu>
+<chapter id="tdm-files">
+<title>The Files &tdm; Uses for Configuration</title>
+
+<para>This chapter documents the files that control &tdm;'s behavior.
+Some of this can be also controlled from the &kcontrol; module, but
+not all.</para>
+
+<sect1 id="tdmrc">
+<title>&tdmrc; - The &tdm; master configuration file</title>
+
+<para>The basic format of the file is <quote>INI-like</quote>.
+Options are key/value pairs, placed in sections.
+Everything in the file is case sensitive.
+Syntactic errors and unrecognized key/section identifiers cause &tdm; to
+issue non-fatal error messages.</para>
+
+<para>Lines beginning with <literal>#</literal> are comments; empty lines
+are ignored as well.</para>
+
+<para>Sections are denoted by
+<literal>[</literal><replaceable>Name of Section</replaceable><literal>]</literal>.
+</para>
+
+<para>You can configure every X-display individually.</para>
+<para>Every display has a display name, which consists of a host name
+(which is empty for local displays specified in <option>StaticServers</option>
+or <option>ReserveServers</option>), a colon, and a display number.
+Additionally, a display belongs to a
+display class (which can be ignored in most cases).</para>
+
+<para>Sections with display-specific settings have the formal syntax
+<literal>[X-</literal>&nbsp;<replaceable>host</replaceable>&nbsp;[&nbsp;<literal>:</literal>&nbsp;<replaceable>number</replaceable>&nbsp;[&nbsp;<literal>_</literal>&nbsp;<replaceable>class</replaceable>&nbsp;]&nbsp;]&nbsp;<literal>-</literal>&nbsp;<replaceable>sub-section</replaceable>&nbsp;<literal>]</literal>
+</para>
+<para>All sections with the same <replaceable>sub-section</replaceable>
+make up a section class.</para>
+
+<para>You can use the wildcard <literal>*</literal> (match any) for
+<replaceable>host</replaceable>, <replaceable>number</replaceable>, 
+and <replaceable>class</replaceable>. You may omit trailing components;
+they are assumed to be <literal>*</literal> then. The host part may be a
+domain specification like <replaceable>.inf.tu-dresden.de</replaceable>
+or the wildcard <literal>+</literal> (match non-empty).</para>
+
+<para>From which section a setting is actually taken is determined by
+these rules:</para>
+
+<itemizedlist>
+<listitem>
+<para>An exact match takes precedence over a partial match (for the
+host part), which in turn takes precedence over a wildcard
+(<literal>+</literal> taking precendence over <literal>*</literal>).</para>
+</listitem>
+
+<listitem>
+<para>Precedence decreases from left to right for equally exact matches.</para>
+</listitem>
+
+<listitem>
+
+<para>
+Example: display name <quote>myhost.foo:0</quote>, class <quote>dpy</quote>
+</para>
+<itemizedlist>
+<listitem>
+<para>[X-myhost.foo:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:0_*] (same as [X-myhost.foo:0]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:*_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-myhost.foo:*_*] (same as [X-myhost.foo]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-.foo:*_*] (same as [X-.foo]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-+:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:0_dpy] precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:0_*] (same as [X-*:0]) precedes</para>
+</listitem>
+<listitem>
+<para>[X-*:*_*] (same as [X-*]).</para>
+</listitem>
+<listitem>
+<para>These sections do <emphasis>not</emphasis> match this display:</para>
+<para>[X-hishost], [X-myhost.foo:0_dec], [X-*:1], [X-:*]</para>
+</listitem>
+</itemizedlist>
+
+</listitem>
+
+</itemizedlist>
+
+<para>Common sections are [X-*] (all displays), [X-:*] (all local displays)
+and [X-:0] (the first local display).</para>
+
+<para>The format for all keys is
+<userinput><option><replaceable>key</replaceable></option>&nbsp;<literal>=</literal>&nbsp;<parameter>value</parameter></userinput>.
+Keys are only valid in the section class they are defined for.
+Some keys do not apply to particular displays, in which case they are ignored.
+</para>
+
+<para>If a setting is not found in any matching section, the default
+is used.</para>
+
+<para>Special characters need to be backslash-escaped (leading and trailing
+spaces (<literal>\s</literal>), tab (<literal>\t</literal>), linefeed
+(<literal>\n</literal>), carriage return (<literal>\r</literal>) and the
+backslash itself (<literal>\\</literal>)).</para>
+<para>In lists, fields are separated with commas without whitespace in between.
+</para>
+<para>Some command strings are subject to simplified sh-style word splitting:
+single quotes (<literal>'</literal>) and double quotes (<literal>"</literal>)
+have the usual meaning; the backslash quotes everything (not only special
+characters). Note that the backslashes need to be doubled because of the
+two levels of quoting.</para>
+
+<note><para>A pristine &tdmrc; is very thoroughly commented.
+All comments will be lost if you change this file with the
+kcontrol frontend.</para></note>
+
+%REF%
+
+</sect1>
+
+<sect1 id="tdmrc-xservers">
+<title>Specifying permanent &X-Server;s</title>
+
+<para>Each entry in the <option>StaticServers</option> list indicates a
+display which should constantly be
+managed and which is not using &XDMCP;. This method is typically used only for
+local &X-Server;s that are started by &tdm;, but &tdm; can manage externally
+started (<quote>foreign</quote>) &X-Server;s as well, may they run on the 
+local machine or rather remotely.</para>
+
+<para>The formal syntax of a specification is
+<screen>
+<userinput><replaceable>display&nbsp;name</replaceable>&nbsp;[<literal>_</literal><replaceable>display&nbsp;class</replaceable>]</userinput>
+</screen>
+for all &X-Server;s. <quote>Foreign</quote> displays differ in having
+a host name in the display name, may it be <literal>localhost</literal>.</para>
+
+<para>The <replaceable>display name</replaceable> must be something that can
+be passed in the <option>-display</option> option to an X program. This string
+is used to generate the display-specific section names, so be careful to match
+the names.
+The display name of &XDMCP; displays is derived from the display's address by
+reverse host name resolution. For configuration purposes, the
+<literal>localhost</literal> prefix from locally running &XDMCP; displays is
+<emphasis>not</emphasis> stripped to make them distinguishable from local
+&X-Server;s started by &tdm;.</para>
+
+<para>The <replaceable>display class</replaceable> portion is also used in the
+display-specific sections. This is useful if you have a large collection of
+similar displays (such as a corral of X terminals) and would like to set
+options for groups of them.
+When using &XDMCP;, the display is required to specify the display class,
+so the manual for your particular X terminal should document the display
+class string for your device. If it does not, you can run &tdm; in debug
+mode and <command>grep</command> the log for <quote>class</quote>.</para>
+
+<para>The displays specified in <option>ReserveServers</option> will not be
+started when &tdm; starts up, but when it is explicitly requested via
+the command socket (or <acronym>FiFo</acronym>).
+If reserve displays are specified, the &kde; menu will have a
+<guilabel>Start New Session</guilabel> item near the bottom; use that to
+activate a reserve display with a new login session. The monitor will switch
+to the new display, and you will have a minute to login. If there are no more
+reserve displays available, the menu item will be disabled.</para>
+
+<para>When &tdm; starts a session, it sets up authorization data for the
+&X-Server;. For local servers, &tdm; passes
+<command><option>-auth</option>&nbsp;<filename><replaceable>filename</replaceable></filename></command>
+on the &X-Server;'s command line to point it at its authorization data.
+For &XDMCP; displays, &tdm; passes the authorization data to the &X-Server;
+via the <quote>Accept</quote> &XDMCP; message.</para>
+
+</sect1>
+
+<sect1 id="tdmrc-xaccess">
+<title>&XDMCP; access control</title>
+
+<para>The file specified by the <option>AccessFile</option> option provides
+information which &tdm; uses to control access from displays requesting service
+via &XDMCP;.
+The file contains four types of entries: entries which control the response
+to <quote>Direct</quote> and <quote>Broadcast</quote> queries, entries which
+control the response to <quote>Indirect</quote> queries, macro definitions for
+<quote>Indirect</quote> entries, and entries which control on which network
+interfaces &tdm; listens for &XDMCP; queries.
+Blank lines are ignored, <literal>#</literal> is treated as a comment
+delimiter causing the rest of that line to be ignored, and <literal>\</literal>
+causes an immediately following newline to be ignored, allowing indirect host
+lists to span multiple lines.
+</para>
+
+<para>The format of the <quote>Direct</quote> entries is simple, either a
+host name or a pattern, which is compared against the host name of the display
+device.
+Patterns are distinguished from host names by the inclusion of one or more
+meta characters; <literal>*</literal> matches any sequence of 0 or more
+characters, and <literal>?</literal> matches any single character.
+If the entry is a host name, all comparisons are done using network addresses,
+so any name which converts to the correct network address may be used. Note
+that only the first network address returned for a host name is used.
+For patterns, only canonical host names are used in the comparison, so ensure
+that you do not attempt to match aliases.
+Host names from &XDMCP; queries always contain the local domain name
+even if the reverse lookup returns a short name, so you can use
+patterns for the local domain.
+Preceding the entry with a <literal>!</literal> character causes hosts which
+match that entry to be excluded.
+To only respond to <quote>Direct</quote> queries for a host or pattern,
+it can be followed by the optional <literal>NOBROADCAST</literal> keyword.
+This can be used to prevent a &tdm; server from appearing on menus based on
+<quote>Broadcast</quote> queries.</para>
+
+<para>An <quote>Indirect</quote> entry also contains a host name or pattern,
+but follows it with a list of host names or macros to which the queries
+should be forwarded. <quote>Indirect</quote> entries can be excluding as well,
+in which case a (valid) dummy host name must be supplied to make the entry
+distinguishable from a <quote>Direct</quote> entry.
+If compiled with IPv6 support, multicast address groups may also be included
+in the list of addresses the queries are forwarded to.
+<!-- Not actually implemented!
+Multicast addresses may be followed by an optional <literal>/</literal>
+character and hop count. If no hop count is specified, the multicast hop count
+defaults to 1, keeping the packet on the local network. For IPv4 multicasting,
+the hop count is used as the TTL.
+-->
+If the indirect host list contains the keyword <literal>CHOOSER</literal>,
+<quote>Indirect</quote> queries are not forwarded, but instead a host chooser
+dialog is displayed by &tdm;. The chooser will send a <quote>Direct</quote>
+query to each of the remaining host names in the list and offer a menu of
+all the hosts that respond. The host list may contain the keyword
+<literal>BROADCAST</literal>, to make the chooser send a
+<quote>Broadcast</quote> query as well; note that on some operating systems,
+UDP packets cannot be broadcast, so this feature will not work.
+</para>
+
+<para>When checking access for a particular display host, each entry is scanned
+in turn and the first matching entry determines the response.
+<quote>Direct</quote> and <quote>Broadcast</quote> entries are ignored when
+scanning for an <quote>Indirect</quote> entry and vice-versa.</para>
+
+<para>A macro definition contains a macro name and a list of host names and
+other macros that the macro expands to. To distinguish macros from hostnames,
+macro names start with a <literal>%</literal> character.</para>
+
+<para>The last entry type is the <literal>LISTEN</literal> directive.
+The formal syntax is
+<screen>
+<userinput>&nbsp;<literal>LISTEN</literal>&nbsp;[<replaceable>interface</replaceable>&nbsp;[<replaceable>multicast&nbsp;list</replaceable>]]</userinput>
+</screen>
+If one or more <literal>LISTEN</literal> lines are specified, &tdm; listens
+for &XDMCP; requests only on the specified interfaces.
+<replaceable>interface</replaceable> may be a hostname or IP address
+representing a network interface on this machine, or the wildcard
+<literal>*</literal> to represent all available network interfaces.
+If multicast group addresses are listed on a <literal>LISTEN</literal> line,
+&tdm; joins the multicast groups on the given interface. For IPv6 multicasts,
+the IANA has assigned ff0<replaceable>X</replaceable>:0:0:0:0:0:0:12b as the
+permanently assigned range of multicast addresses for &XDMCP;. The
+<replaceable>X</replaceable> in the prefix may be replaced by any valid scope
+identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and
+so on (see IETF RFC 2373 or its replacement for further details and scope
+definitions). &tdm; defaults to listening on the Link-Local scope address
+ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior. 
+If no <literal>LISTEN</literal> lines are given, &tdm; listens on all
+interfaces and joins the default &XDMCP; IPv6 multicast group (when
+compiled with IPv6 support).
+To disable listening for &XDMCP; requests altogether, a
+<literal>LISTEN</literal> line with no addresses may be specified, but using
+the <literal>[Xdmcp]</literal> <option>Enable</option> option is preferred.
+</para>
+
+</sect1>
+
+<sect1 id="tdm-scripts">
+<title>Supplementary programs</title>
+
+<para>
+The following programs are run by &tdm; at various stages of a session.
+They typically are shell scripts.
+</para>
+
+<para>
+The Setup, Startup and Reset programs are run as
+<systemitem class="username">root</systemitem>, so they should be careful
+about security.
+Their first argument is <literal>auto</literal> if the session results
+from an automatic login; otherwise, no arguments are passed to them.
+</para>
+
+<sect2 id="tdmrc-xsetup">
+<title>Setup program</title>
+
+<para>
+The <filename>Xsetup</filename> program is run after the &X-Server; is
+started or reset, but before the greeter is offered.
+This is the place to change the root background (if
+<option>UseBackground</option> is disabled) or bring up other windows that
+should appear on the screen along with the greeter.
+</para>
+
+<para>
+In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+  <term>DISPLAY</term>
+  <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>PATH</term>
+  <listitem><para>the value of <option>SystemPath</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>SHELL</term>
+  <listitem><para>the value of <option>SystemShell</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>XAUTHORITY</term>
+  <listitem><para>may be set to an authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>DM_CONTROL</term>
+  <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+</variablelist>
+
+<para> Note that since &tdm; grabs the keyboard, any other windows will not be
+able to receive keyboard input. They will be able to interact with the mouse,
+however; beware of potential security holes here. If <option>GrabServer</option>
+is set, <filename>Xsetup</filename> will not be able to connect to the display
+at all. Resources for this program can be put into the file named by
+<option>Resources</option>.
+</para>
+
+</sect2>
+
+<sect2 id="tdmrc-xstartup">
+<title>Startup program</title>
+
+<para>The <filename>Xstartup</filename> program is run as
+<systemitem class="username">root</systemitem> when the user logs in.
+This is the place to put commands which add entries to
+<filename>utmp</filename> (the <command>sessreg</command> program
+may be useful here), mount users' home directories from file servers,
+or abort the session if some requirements are not met (but note that on
+modern systems, many of these tasks are already taken care of by
+<acronym>PAM</acronym> modules).</para>
+
+<para>In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+  <term>DISPLAY</term>
+  <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>HOME</term>
+  <listitem><para>the initial working directory of the user</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>LOGNAME</term>
+  <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>USER</term>
+  <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>PATH</term>
+  <listitem><para>the value of <option>SystemPath</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>SHELL</term>
+  <listitem><para>the value of <option>SystemShell</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>XAUTHORITY</term>
+  <listitem><para>may be set to an authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>DM_CONTROL</term>
+  <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+</variablelist>
+
+<para>&tdm; waits until this program exits before starting the user session.
+If the exit value of this program is non-zero, &tdm; discontinues the session
+and starts another authentication cycle.</para>
+
+</sect2>
+
+<sect2 id="tdmrc-xsession">
+<title>Session program</title>
+
+<para>The <filename>Xsession</filename> program is the command which is run
+as the user's session. It is run with the permissions of the authorized user.
+One of the keywords <literal>failsafe</literal>, <literal>default</literal>
+or <literal>custom</literal>, or a string to <command>eval</command> by a
+Bourne-compatible shell is passed as the first argument.</para>
+
+<para>In addition to any specified by <option>ExportList</option>,
+the following environment variables are passed:</para>
+<variablelist>
+ <varlistentry>
+  <term>DISPLAY</term>
+  <listitem><para>the associated display name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>HOME</term>
+  <listitem><para>the initial working directory of the user</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>LOGNAME</term>
+  <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>USER</term>
+  <listitem><para>the username</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>PATH</term>
+  <listitem><para>the value of <option>UserPath</option>
+   (or <option>SystemPath</option> for
+   <systemitem class="username">root</systemitem> user sessions)</para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>SHELL</term>
+  <listitem><para>the user's default shell</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>XAUTHORITY</term>
+  <listitem><para>may be set to a non-standard authority file</para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>KRBTKFILE</term>
+  <listitem><para>may be set to a Kerberos4 credentials cache name</para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>KRB5CCNAME</term>
+  <listitem><para>may be set to a Kerberos5 credentials cache name</para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>DM_CONTROL</term>
+  <listitem><para>the value of <option>FifoDir</option></para></listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>XDM_MANAGED</term>
+  <listitem><para>will contain a comma-separated list of parameters the
+   session might find interesting, like the location of the command
+   <acronym>FiFo</acronym> and its capabilities, and which conversation
+   plugin was used for the login</para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>DESKTOP_SESSION</term>
+  <listitem><para>the name of the session the user has chosen to run</para>
+  </listitem>
+ </varlistentry>
+</variablelist>
+
+</sect2>
+
+<sect2 id="tdmrc-xreset">
+<title>Reset program</title>
+
+<para>Symmetrical with <filename>Xstartup</filename>, the
+<filename>Xreset</filename> program is run after the user session has
+terminated. Run as <systemitem class="username">root</systemitem>, it should
+contain commands that undo the effects of commands in 
+<filename>Xstartup</filename>, removing entries from <filename>utmp</filename>
+or unmounting directories from file servers.</para>
+
+<para>The environment variables that were passed to
+<filename>Xstartup</filename> are also passed to <filename>Xreset</filename>.
+</para>
+
+</sect2>
+
+</sect1>
+
+</chapter>
+</docu>
+
+
+# The rest of this file are section and key definitions for the options.
+# The order of the keywords is fixed and everything is case sensitive.
+# A keyword may expect supplementary data in the form of space-indented
+# lines following it. Definitions are delimited by empty lines.
+#
+# Section definition:
+#   Section: <name>
+#     Section name. Section classes start with a dash.
+#   If: <expression>
+#     C preprocessor conditional for supporting this section.
+#     If it evaluates to false, all keys in this section are disabled as well.
+#   Description:
+#     A docbook description of this section is expected in the next lines.
+#     The contents are automatically enclosed in <para></para>.
+#
+# Option key definition:
+#   Key: <name>
+#     Option name.
+#   If: <expression>
+#     C preprocessor conditional for supporting this option.
+#   Type: (int|bool|enum|group|string|path|list)
+#     The option's data type.
+#     If the type is enum, the element definitions follow in the next lines:
+#       <term>[/<c #define>]: <docbook style description>
+#   Default: <default>
+#     Default value. string, path and list are copied verbatim and therefore
+#     must be already quoted appropriately. The other types are auto-quoted.
+#     If the default value is prefixed with a "*", a c #define def_<Key> is
+#     created.
+#     The default is automatically appended to the tdmrc comment and the
+#     documentation entry.
+#   CDefault: <verbose default>
+#     Append this instead of the real default to the two docs. The quoting
+#     rules are the same as for Default.
+#   DDefault: -
+#     If specified, the default value will not be appended to the documentation
+#     entry. The Description should mention the default then. Use this when
+#     the default is system-dependent.
+#   PostProc: <function>
+#     A function to postprocess the read config value before using it.
+#   User: (dummy|(core|greeter|greeter-c|dep|config)[(<variable>)][:font])
+#     These entries specify which parts of tdm need the option in question:
+#       dummy: no user; entry is there only for syntactical correctness.
+#       dep: this option is an internal dependency for another option.
+#       config: this option configures the config reader itself.
+#       core: the tdm backend needs this option.
+#       greeter-c: the tdm frontend needs this option as a C data type.
+#       greeter: the tdm frontend needs this option as a C++/Qt data type.
+#         If a :font tag is appended, a string entry is converted to a QFont.
+#     If no variable name is specified, it will be derived from the Key by
+#     un-capitalizing it.
+#   Instance: (-|[#][<display spec>/](!|<value>))
+#     These entries specify option instances for the default/example tdmrc.
+#     A "-" entry is a dummy for syntactical correctness.
+#     A prefixing hash mark will be copied to tdmrc.
+#     For options in a section class a display must be specified.
+#     For bool options "!" can be used as the value to specify the negation
+#     of the default.
+#   Update: <function>[/<number>]
+#     Call this function on each occurence of this option in gentdmconf.
+#     Options with higher numbers (default is 0) will be processed later.
+#   Merge: (xdm[:<resource>][(<function>)]|tdm:[<section>/][<key>][<function>])
+#     Specify config options to merge from xdm and older tdm versions.
+#     Kdm options from the current version are automatically merged.
+#     When merging an xdm resource and no resource name is specified, it is
+#     derived from the Key by un-capitalizing it.
+#     When merging a tdm option, at least one of <section> and <key> must
+#     be given; an unspecified entity defaults to the current Section/Key.
+#     <section> may be a dash-prefixed section class.
+#     A function to postprocess the read value can be specified.
+#   Comment: [&|-]
+#     A tdmrc comment for this option is expected in the next lines.
+#     If "-" is given to Comment, no comment is generated at all.
+#     If "&" is given, the comment is derived from the Description below by
+#     applying some simple docbook interpretation to it. Note that the
+#     Description must be preformatted in this case. Use
+#        sed -ne 's/^\(.\{79,\}\)$/\1/p' < tdmrc
+#     after running "make install" to see whether all lines still fit.
+#     If Type is enum, a list of the previously defined element/description
+#     pairs is appended; the descriptions undergo docbook interpretation.
+#     Finally, a sentence with the Default (or CDefault, if given) is appended.
+#   Description: [!|-]
+#     A docbook description of this option is expected in the next lines.
+#     The contents are automatically enclosed in <para></para>.
+#     If "-" is given to Description, no comment is generated at all.
+#     If "!" is given, enums are not treated specially; otherwise, the macro
+#     %ENUM% is replaced with a list of the defined element/description pairs,
+#     or - if the macro is not present - the list is appended to the
+#     description.
+#     Finally, a sentence with the Default (or CDefault, if given) is appended,
+#     unless "DDefault: -" was specified.
+#     Each option entry generates an anchor named option-<lowercase(Key)>;
+#     it can be referenced in the main documentation.
+#     Do not forget to run "make ref" in tdebase/doc/tdm after changing
+#     Descriptions.
+
+Section: General
+Description:
+ This section contains global options that do not fit into any specific section.
+
+Key: ConfigVersion
+Type: string
+Default: ""
+CDefault: -
+User: dummy
+# will be overwritten
+Instance:
+Comment:
+ This option exists solely for the purpose of a clean automatic upgrade.
+ Do not even think about changing it!
+Description:
+ This option exists solely for the purpose of clean automatic upgrades.
+ <emphasis>Do not</emphasis> change it, you may interfere with future
+ upgrades and this could result in &tdm; failing to run.
+
+Key: PAMService
+If: defined(USE_PAM)
+Type: string
+Default: TDM_PAM_SERVICE
+User: core
+Instance: -
+Comment: -
+Description: -
+
+<legacy>
+Proc: absorb_xservers
+# note: this can miss Xservers from tdm for kde 2.2 because of stupid default.
+Source: tdm:General/Xservers
+Source: xdm:servers
+</legacy>
+
+Key: StaticServers
+Type: list
+Default: ":0"
+User: core
+Instance: ":0"
+Comment:
+ List of permanent displays. Displays with a hostname are foreign. A display
+ class may be specified separated by an underscore.
+Description:
+ List of displays (&X-Server;s) permanently managed by &tdm;. Displays with a
+ hostname are foreign displays which are expected to be already running,
+ the others are local displays for which &tdm; starts an own &X-Server;;
+ see <option>ServerCmd</option>. Each display may belong to a display class;
+ append it to the display name separated by an underscore.
+ See <xref linkend="tdmrc-xservers"/> for the details.
+
+Key: ReserveServers
+Type: list
+Default: ""
+User: core
+Instance: ":1,:2,:3"
+Comment: &
+Description:
+ List of on-demand displays. See <option>StaticServers</option> for syntax.
+
+Key: ServerVTs
+If: defined(HAVE_VTS)
+Type: list
+Default: ""
+User: core
+Instance: #"7,8,-9,-10"
+Update: upd_servervts
+Comment:
+ VTs to allocate to &X-Server;s. A negative number means that the VT will be
+ used only if it is free. If all VTs in this list are used up, the next free
+ one greater than the last one in this list will be allocated.
+Description:
+ List of Virtual Terminals to allocate to &X-Server;s. For negative numbers the
+ absolute value is used, and the <acronym>VT</acronym> will be allocated only
+ if the kernel says it is free. If &tdm; exhausts this list, it will allocate
+ free <acronym>VT</acronym>s greater than the absolute value of the last entry
+ in this list.
+ Currently Linux only.
+
+Key: ConsoleTTYs
+If: defined(HAVE_VTS)
+Type: list
+Default: ""
+User: core
+Instance: #"tty1,tty2,tty3,tty4,tty5,tty6"
+Update: upd_consolettys
+Comment:
+ TTYs (without /dev/) to monitor for activity while in console mode.
+Description:
+ This option is for operating systems (<acronym>OS</acronym>s) with support
+ for virtual terminals (<acronym>VT</acronym>s), by both &tdm; and the
+ <acronym>OS</acronym>s itself.
+ Currently this applies only to Linux.
+ </para><para>
+ When &tdm; switches to console mode, it starts monitoring all
+ <acronym>TTY</acronym> lines listed here (without the leading
+ <literal>/dev/</literal>).
+ If none of them is active for some time, &tdm; switches back to the X login.
+
+Key: PidFile
+Type: string
+Default: ""
+User: core
+Instance: "/var/run/tdm.pid"
+Merge: xdm
+Comment:
+ Where &tdm; should store its PID (do not store if empty).
+Description:
+ The filename specified will be created to contain an ASCII representation
+ of the process ID of the main &tdm; process; the PID will not be stored
+ if the filename is empty.
+
+Key: LockPidFile
+Type: bool
+Default: true
+User: core
+Instance: #!
+Merge: xdm
+Comment:
+ Whether &tdm; should lock the PID file to prevent having multiple &tdm;
+ instances running at once. Do not change unless you are brave.
+Description:
+ This option controls whether &tdm; uses file locking to keep multiple
+ display managers from running onto each other.
+
+Key: AuthDir
+Type: path
+# differs from XDM
+Default: "/var/run/xauth"
+User: core
+Instance: #"/tmp"
+Merge: xdm(P_authDir)
+Comment:
+ Where to store authorization files.
+Description:
+ This names a directory under which &tdm; stores &X-Server; authorization
+ files while initializing the session. &tdm; expects the system to clean up
+ this directory from stale files on reboot.
+ </para><para>
+ The authorization file to be used for a particular display can be
+ specified with the <option>AuthFile</option> option in [X-*-Core].
+
+Key: AutoRescan
+Type: bool
+Default: true
+User: core
+Instance: #!
+Merge: xdm
+Comment:
+ Whether &tdm; should automatically re-read configuration files, if it
+ finds them having changed.
+Description:
+ This boolean controls whether &tdm; automatically re-reads its
+ configuration files if it finds them to have changed.
+
+Key: ExportList
+Type: list
+Default: ""
+User: core
+Instance: #"LD_LIBRARY_PATH,ANOTHER_IMPORTANT_VAR"
+Merge: xdm(P_List)
+Comment: &
+Description:
+ Additional environment variables &tdm; should pass on to all programs it runs.
+ <envar>LD_LIBRARY_PATH</envar> and <envar>XCURSOR_THEME</envar> are good candidates;
+ otherwise, it should not be necessary very often.
+
+Key: RandomFile
+If: !defined(ARC4_RANDOM) && !defined(DEV_RANDOM)
+Type: string
+Default: "/dev/mem"
+User: core
+Instance: #""
+Merge: xdm
+Comment:
+ A file &tdm; should read entropy from.
+Description:
+ If the system has no native entropy source like /dev/urandom (see
+ <option>RandomDevice</option>) and no entropy daemon like EGD (see
+ <option>PrngdSocket</option> and <option>PrngdPort</option>) is running,
+ &tdm; will fall back to its own pseudo-random number generator
+ that will, among other things, successively checksum parts of this file
+ (which, obviously, should change frequently).
+ </para><para>
+ This option does not exist on Linux and various BSDs.
+
+Key: PrngdSocket
+If: !defined(ARC4_RANDOM) && !defined(DEV_RANDOM)
+Type: string
+# differs from xdm!
+Default: ""
+User: core
+Instance: #"/tmp/entropy"
+Merge: xdm
+Comment:
+ A UNIX domain socket &tdm; should read entropy from.
+Description:
+ If the system has no native entropy source like /dev/urandom (see
+ <option>RandomDevice</option>), read random data from a Pseudo-Random
+ Number Generator Daemon,
+ like EGD (http://egd.sourceforge.net) via this UNIX domain socket.
+ </para><para>
+ This option does not exist on Linux and various BSDs.
+
+Key: PrngdPort
+If: !defined(ARC4_RANDOM) && !defined(DEV_RANDOM)
+Type: int
+Default: 0
+User: core
+Instance: #4840
+Merge: xdm
+Comment:
+ A TCP socket on localhost &tdm; should read entropy from.
+Description:
+ Same as <option>PrngdSocket</option>, only use a TCP socket on localhost.
+
+Key: RandomDevice
+If: !defined(ARC4_RANDOM)
+Type: string
+Default: ""
+User: core
+Instance: #"/dev/altrandom"
+Merge: xdm
+Comment:
+ A character device &tdm; should read entropy from.
+ Empty means use the system's preferred entropy device.
+Description:
+ The path to a character device which &tdm; should read random data from.
+ Empty means to use the system's preferred entropy device if there is one.
+ </para><para>
+ This option does not exist on OpenBSD, as it uses the arc4_random
+ function instead.
+
+Key: FifoDir
+Type: path
+Default: *"/var/run/xdmctl"
+User: core
+Instance: #"/tmp"
+Update: upd_fifodir
+Comment:
+ Where the command FiFos should be created; make it empty to disable
+ them.
+Description:
+ The directory in which the command <acronym>FiFo</acronym>s should
+ be created; make it empty to disable them.
+# See <xref linkend="tdm-fifos"/> for the details.
+
+Key: FifoGroup
+Type: group
+Default: 0
+User: core
+Instance: #xdmctl
+Comment: &
+Description:
+ The group to which the global command <acronym>FiFo</acronym> should belong;
+ can be either a name or a numerical ID.
+
+Key: DataDir
+Type: path
+Default: *"/var/lib/tdm"
+User: greeter
+Instance: #""
+Update: upd_datadir
+Comment:
+ The directory in which &tdm; should store persistent working data.
+Description:
+ The directory in which &tdm; should store persistent working data; such data
+ is, for example, the previous user that logged in on a particular display.
+
+Key: DmrcDir
+Type: path
+Default: ""
+User: core
+Instance: #"/nfs-shared/var/dmrcs"
+Comment: &
+Description:
+ The directory in which &tdm; should store users' <filename>.dmrc</filename> files. This is only
+ needed if the home directories are not readable before actually logging in
+ (like with AFS).
+
+
+Section: Xdmcp
+If: defined(XDMCP)
+Description:
+ This section contains options that control &tdm;'s handling of
+ &XDMCP; requests.
+# See <xref linkend="xdmcp-with-tdm"/> to find out what &XDMCP; is.
+
+Key: Enable
+Type: bool
+Default: true
+User: dep(xdmcpEnable)
+Instance: false
+Comment: &
+Description:
+ Whether &tdm; should listen to incoming &XDMCP; requests.
+
+Key: Port
+Type: int
+Default: 177
+PostProc: PrequestPort
+User: core(request_port)
+Instance: #
+Merge: xdm:requestPort(P_requestPort)
+Comment:
+ The UDP port on which &tdm; should listen for &XDMCP; requests. Do not change.
+Description:
+ This indicates the UDP port number which &tdm; uses to listen for incoming
+ &XDMCP; requests. Unless you need to debug the system, leave this with its
+ default value.
+
+Key: KeyFile
+Type: string
+Default: ""
+User: core
+Instance: #TDMCONF "/tdmkeys"
+Update: cp_keyfile
+Merge: xdm
+Comment:
+ File with the private keys of X-terminals. Required for XDM authentication.
+Description:
+ XDM-AUTHENTICATION-1 style &XDMCP; authentication requires a private
+ key to be shared between &tdm; and the terminal. This option specifies
+ the file containing those values. Each entry in the file consists of a
+ display name and the shared key.
+
+Key: Xaccess
+Type: string
+# differs from xdm
+Default: *TDMCONF "/Xaccess"
+User: config(Xaccess)
+Instance: #""
+Update: mk_xaccess
+Merge: xdm:accessFile
+Comment:
+ &XDMCP; access control file in the usual XDM-Xaccess format.
+Description:
+ To prevent unauthorized &XDMCP; service and to allow forwarding of &XDMCP;
+ IndirectQuery requests, this file contains a database of hostnames which
+ are either allowed direct access to this machine, or have a list of hosts
+ to which queries should be forwarded to. The format of this file is
+ described in <xref linkend="tdmrc-xaccess"/>.
+
+Key: ChoiceTimeout
+Type: int
+Default: 15
+User: core
+Instance: #10
+Merge: xdm
+Comment:
+ Number of seconds to wait for display to respond after the user has
+ selected a host from the chooser.
+Description:
+ Number of seconds to wait for the display to respond after the user has
+ selected a host from the chooser. If the display sends an &XDMCP;
+ IndirectQuery within this time, the request is forwarded to the chosen
+ host; otherwise, it is assumed to be from a new session and the chooser
+ is offered again.
+
+Key: RemoveDomainname
+Type: bool
+Default: true
+User: core
+Instance: #!
+Merge: xdm
+Comment:
+ Strip domain name from remote display names if it is equal to the local
+ domain.
+Description:
+ When computing the display name for &XDMCP; clients, the name resolver will
+ typically create a fully qualified host name for the terminal. As this is
+ sometimes confusing, &tdm; will remove the domain name portion of the host
+ name if it is the same as the domain name of the local host when this option
+ is enabled.
+
+Key: SourceAddress
+Type: bool
+Default: false
+User: core
+Instance: #!
+Merge: xdm
+Comment:
+ Use the numeric IP address of the incoming connection on multihomed hosts
+ instead of the host name.
+Description:
+ Use the numeric IP address of the incoming connection on multihomed hosts
+ instead of the host name. This is to avoid trying to connect on the wrong
+ interface which might be down at this time.
+
+Key: Willing
+Type: string
+Default: ""
+User: core
+# will be overwritten
+Instance: #
+Update: mk_willing
+Merge: xdm
+Merge: tdm:Xwilling
+Comment:
+ The program which is invoked to dynamically generate replies to &XDMCP;
+ DirectQuery or BroadcastQuery requests.
+ If empty, no program is invoked and "Willing to manage" is sent.
+Description:
+ This specifies a program which is run (as
+ <systemitem class="username">root</systemitem>) when an &XDMCP;
+ DirectQuery or BroadcastQuery is received and this host is configured
+ to offer &XDMCP; display management. The output of this program may be
+ displayed in a chooser window. If no program is specified, the string
+ <quote>Willing to manage</quote> is sent.
+
+
+Section: Shutdown
+Description:
+ This section contains global options concerning system shutdown.
+
+Key: HaltCmd
+Type: string
+Default: HALT_CMD
+DDefault: -
+User: core(cmdHalt)
+Instance: #""
+Comment:
+ The command (subject to word splitting) to run to halt the system.
+Description:
+ The command (subject to word splitting) to run to halt/poweroff the system.
+ </para><para>
+ The default is something reasonable for the system on which &tdm; was built, like
+ <command>/sbin/shutdown&nbsp;<option>-h</option>&nbsp;<parameter>now</parameter></command>.
+
+Key: RebootCmd
+Type: string
+Default: REBOOT_CMD
+DDefault: -
+User: core(cmdReboot)
+Instance: #""
+Comment:
+ The command (subject to word splitting) to run to reboot the system.
+Description:
+ The command (subject to word splitting) to run to reboot the system.
+ </para><para>
+ The default is something reasonable for the system &tdm; on which was built, like
+ <command>/sbin/shutdown&nbsp;<option>-r</option>&nbsp;<parameter>now</parameter></command>.
+
+Key: AllowFifo
+Type: bool
+Default: false
+User: core(fifoAllowShutdown)
+Instance: #!
+Comment: &
+Description:
+ Whether it is allowed to shut down the system via the global command <acronym>FiFo</acronym>.
+
+Key: AllowFifoNow
+Type: bool
+Default: true
+User: core(fifoAllowNuke)
+Instance: #!
+Comment:
+ Whether it is allowed to abort active sessions when shutting down the
+ system via the global command FiFo.
+Description:
+ Whether it is allowed to abort active sessions when shutting down the
+ system via the global command <acronym>FiFo</acronym>.
+ </para><para>
+ This will have no effect unless <option>AllowFifo</option> is enabled.
+
+Key: BootManager
+Type: enum
+ None/BO_NONE: no boot manager
+ Grub/BO_GRUB: Grub boot manager
+ Lilo/BO_LILO: Lilo boot manager (Linux on i386 &amp; x86-64 only)
+Default: None
+User: core
+User: greeter
+Instance: #Grub
+Merge: tdm:UseLilo(P_UseLilo)
+Comment: &
+Description:
+ The boot manager &tdm; should use for offering boot options in the
+ shutdown dialog.
+
+
+Section: -Core
+Description:
+ This section class contains options concerning the configuration
+ of the &tdm; backend (core).
+
+Key: OpenDelay
+Type: int
+Default: 15
+User: core
+Instance: #*/
+Merge: xdm(P_openDelay)
+Comment:
+ How long to wait before retrying to connect a display.
+Description:
+ See <option>OpenRepeat</option>.
+
+Key: OpenTimeout
+Type: int
+Default: 120
+User: core
+Instance: #*/
+Merge: xdm
+Comment:
+ How long to wait before timing out a display connection attempt.
+Description:
+ See <option>OpenRepeat</option>.
+
+Key: OpenRepeat
+Type: int
+Default: 5
+User: core
+Instance: #*/
+Merge: xdm
+Comment:
+ How many connection attempts to make during a start attempt. Note that
+ a timeout aborts the entire start attempt.
+Description:
+ These options control the behavior of &tdm; when attempting to open a
+ connection to an &X-Server;. <option>OpenDelay</option> is the length
+ of the pause (in seconds) between successive attempts,
+ <option>OpenRepeat</option> is the number of attempts to make and
+ <option>OpenTimeout</option> is the amount of time to spend on a
+ connection attempt. After <option>OpenRepeat</option> attempts have been
+ made, or if <option>OpenTimeout</option> seconds elapse in any particular
+ connection attempt, the start attempt is considered failed.
+
+Key: StartAttempts
+Type: int
+Default: 4
+User: core
+Instance: #*/
+Merge: xdm
+Comment:
+ Try at most that many times to start a display. If this fails, the display
+ is disabled.
+Description:
+ How many times &tdm; should attempt to start a <literal>foreign</literal>
+ display listed in <option>StaticServers</option> before giving up
+ and disabling it.
+ Local displays are attempted only once, and &XDMCP; displays are retried
+ indefinitely by the client (unless the option <option>-once</option>
+ was given to the &X-Server;).
+
+Key: ServerAttempts
+Type: int
+Default: 1
+User: core
+Instance: #:*/
+Merge: xdm
+Comment:
+ How often to try to run the &X-Server;. Running includes executing it and
+ waiting for it to come up.
+Description:
+ How many times &tdm; should attempt to start up a local &X-Server;.
+ Starting up includes executing it and waiting for it to come up.
+
+Key: ServerTimeout
+Type: int
+Default: 15
+User: core
+Instance: #:*/
+Comment:
+ How long to wait for a local &X-Server; to come up.
+Description:
+ How many seconds &tdm; should wait for a local &X-Server; to come up.
+
+Key: ServerCmd
+Type: string
+Default: DEF_SERVER_CMD
+DDefault: -
+User: core
+Instance: :*/DEF_SERVER_CMD
+Comment:
+ The command line to start the &X-Server;, without display number and VT spec.
+ This string is subject to word splitting.
+Description:
+ The command line to start the &X-Server;, without display number and VT spec.
+ This string is subject to word splitting.
+ </para><para>
+ The default is something reasonable for the system on which &tdm; was built,
+ like <command>/usr/bin/X</command>.
+
+Key: ServerArgsLocal
+Type: string
+Default: ""
+User: core
+Instance: :*/"-nolisten tcp"
+Comment: &
+Description:
+ Additional arguments for the &X-Server;s for local sessions.
+ This string is subject to word splitting.
+
+Key: ServerArgsRemote
+Type: string
+Default: ""
+User: core
+Instance: #:*/""
+Comment: &
+Description:
+ Additional arguments for the &X-Server;s for remote sessions.
+ This string is subject to word splitting.
+
+Key: ServerVT
+If: defined(HAVE_VTS)
+Type: int
+Default: 0
+User: core(reqSrvVT)
+Instance: #:0/7
+Comment:
+ The VT the &X-Server; should run on; auto-assign if zero, don't assign if -1.
+ Better leave it zero and use ServerVTs.
+Description:
+ The VT the &X-Server; should run on.
+ <option>ServerVTs</option> should be used instead of this option.
+ Leave it zero to let &tdm; assign a <acronym>VT</acronym> automatically.
+ Set it to <literal>-1</literal> to avoid assigning a <acronym>VT</acronym>
+ alltogether - this is required for setups with multiple physical consoles.
+ Currently Linux only.
+
+Key: ServerTTY
+If: !defined(HAVE_VTS)
+Type: string
+Default: ""
+User: core(console)
+Instance: :0/DEF_SERVER_TTY
+Comment:
+ The TTY line (without /dev/) the &X-Server; covers physically.
+Description:
+ This option is for <acronym>OS</acronym>s without support for
+ <acronym>VT</acronym>s, either by &tdm; or the <acronym>OS</acronym> itself.
+ Currently this applies to all <acronym>OS</acronym>s but Linux.
+ </para><para>
+ When &tdm; switches to console mode, it starts monitoring this
+ <acronym>TTY</acronym> line (specified without the leading
+ <literal>/dev/</literal>) for activity. If the line is not used for some time,
+ &tdm; switches back to the X login.
+
+Key: PingInterval
+Type: int
+Default: 5
+User: core
+User: greeter
+Instance: #*/
+Merge: xdm
+Comment:
+ Ping remote display every that many minutes.
+Description:
+ See <option>PingTimeout</option>.
+
+Key: PingTimeout
+Type: int
+Default: 5
+User: core
+User: greeter
+Instance: #*/
+Merge: xdm
+Comment:
+ Wait for a Pong that many minutes.
+Description:
+ To discover when <emphasis>remote</emphasis> displays disappear, &tdm;
+ regularly pings them.
+ <option>PingInterval</option> specifies the time (in minutes) between the
+ pings and <option>PingTimeout</option> specifies the maximum amount of
+ time (in minutes) to wait for the terminal to respond to the request. If
+ the terminal does not respond, the session is declared dead and terminated.
+ </para><para>
+ If you frequently use X terminals which can become isolated from
+ the managing host, you may wish to increase the timeout. The only worry
+ is that sessions will continue to exist after the terminal has been
+ accidentally disabled.
+
+Key: TerminateServer
+Type: bool
+Default: false
+User: core
+Instance: #:*/!
+Merge: xdm
+Comment:
+ Restart instead of resetting the local &X-Server; after session exit.
+ Use it if the server leaks memory etc.
+Description:
+ Whether &tdm; should restart the local &X-Server; after session exit instead
+ of resetting it. Use this if the &X-Server; leaks memory or crashes the system
+ on reset attempts.
+
+Key: ResetSignal
+Type: int
+Default: 1
+CDefault: 1 (SIGHUP)
+User: core
+Instance: #:*/
+Merge: xdm
+Comment:
+ The signal needed to reset the local &X-Server;.
+Description:
+ The signal number to use to reset the local &X-Server;.
+
+Key: TermSignal
+Type: int
+Default: 15
+CDefault: 15 (SIGTERM)
+User: core
+Instance: #:*/
+Merge: xdm
+Comment:
+ The signal needed to terminate the local &X-Server;.
+Description:
+ The signal number to use to terminate the local &X-Server;.
+
+Key: Authorize
+Type: bool
+Default: true
+User: core
+Instance: #:*/!
+Merge: xdm
+Comment:
+ Create X-authorizations for local displays.
+Description:
+ Controls whether &tdm; generates and uses authorization for
+ <emphasis>local</emphasis> &X-Server; connections.
+ For &XDMCP; displays the authorization requested by the display is used;
+ foreign non-&XDMCP; displays do not support authorization at all.
+
+Key: AuthNames
+Type: list
+Default: DEF_AUTH_NAME
+User: core
+Instance: #:*/""
+Merge: xdm:authName
+Comment:
+ Which X-authorization mechanisms should be used.
+Description:
+ If <option>Authorize</option> is true, use the authorization mechanisms
+ listed herein. The MIT-MAGIC-COOKIE-1 authorization is always available;
+ XDM-AUTHORIZATION-1, SUN-DES-1 and MIT-KERBEROS-5 might be available as well,
+ depending on the build configuration.
+
+Key: ResetForAuth
+Type: bool
+Default: false
+User: core
+Instance: #:*/!
+Merge: xdm
+Comment:
+ Need to reset the &X-Server; to make it read initial Xauth file.
+Description:
+ Some <emphasis>old</emphasis> &X-Server;s re-read the authorization file
+ at &X-Server; reset time, instead of when checking the initial connection.
+ As &tdm; generates the authorization information just before connecting to
+ the display, an old &X-Server; would not get up-to-date authorization
+ information. This option causes &tdm; to send SIGHUP to the &X-Server;
+ after setting up the file, causing an additional &X-Server; reset to occur,
+ during which time the new authorization information will be read.
+
+Key: AuthFile
+Type: string
+Default: ""
+User: core(clientAuthFile)
+Instance: #*/""
+Merge: xdm
+Comment:
+ The name of this &X-Server;'s Xauth file.
+ If empty, a random name in the AuthDir directory will be used.
+Description:
+ This file is used to communicate the authorization data from &tdm; to
+ the &X-Server;, using the <option>-auth</option> &X-Server; command line
+ option. It should be kept in a directory which is not world-writable
+ as it could easily be removed, disabling the authorization mechanism in
+ the &X-Server;. If not specified, a random name is generated from
+ <option>AuthDir</option> and the name of the display.
+
+Key: Resources
+# XXX strictly speaking this is supposed to be a string list, i think.
+Type: string
+Default: ""
+User: core
+Instance: #*/""
+Update: cp_resources
+Merge: xdm
+Comment:
+ Specify a file with X-resources for the greeter, chooser and background.
+ The KDE frontend does not use this file, so you do not need it unless you
+ use another background generator than krootimage.
+Description:
+ This option specifies the name of the file to be loaded by
+ <command>xrdb</command> as the resource database onto the root window
+ of screen 0 of the display. KDE programs generally do not use
+ X-resources, so this option is only needed if the <option>Setup</option>
+ program needs some X-resources.
+
+Key: Xrdb
+Type: string
+Default: XBINDIR "/xrdb"
+User: core
+Instance: #*/""
+Merge: xdm
+Comment:
+ The xrdb program to use to read the above specified recources.
+ Subject to word splitting.
+Description:
+ The <command>xrdb</command> program to use to read the X-resources file
+ specified in <option>Recources</option>.
+ The command is subject to word splitting.
+
+Key: Setup
+Type: string
+Default: ""
+User: core
+# will be overwritten
+Instance: #*/""
+Update: mk_setup
+Merge: xdm
+Comment:
+ A program to run before the greeter is shown. Can be used to start an
+ xconsole or an alternative background generator. Subject to word splitting.
+Description:
+ This string is subject to word splitting.
+ It specifies a program which is run (as
+ <systemitem class="username">root</systemitem>) before offering the
+ greeter window. This may be used to change the appearance of the screen
+ around the greeter window or to put up other windows (e.g., you may want
+ to run <command>xconsole</command> here).
+ The conventional name for a file used here is <command>Xsetup</command>.
+ See <xref linkend="tdmrc-xsetup"/>.
+
+Key: Startup
+Type: string
+Default: ""
+User: core
+# will be overwritten
+Instance: #*/""
+Update: mk_startup
+Merge: xdm
+Comment:
+ A program to run before a user session starts. Subject to word splitting.
+Description:
+ This string is subject to word splitting.
+ It specifies a program which is run (as
+ <systemitem class="username">root</systemitem>) after the user
+ authentication process succeeds.
+ The conventional name for a file used here is <command>Xstartup</command>.
+ See <xref linkend="tdmrc-xstartup"/>.
+
+Key: Reset
+Type: string
+Default: ""
+User: core
+# will be overwritten
+Instance: #*/""
+Update: mk_reset
+Merge: xdm
+Comment:
+ A program to run after a user session exits. Subject to word splitting.
+Description:
+ This string is subject to word splitting.
+ It specifies a program which is run (as
+ <systemitem class="username">root</systemitem>) after the session
+ terminates.
+ The conventional name for a file used here is <command>Xreset</command>.
+ See <xref linkend="tdmrc-xreset"/>.
+
+Key: Session
+Type: string
+Default: XBINDIR "/xterm -ls -T"
+#Merge: xdm - incompatible!
+User: core
+# will be overwritten
+Instance: #*/""
+Update: mk_session
+Comment:
+ The program which is run as the user which logs in. It is supposed to
+ interpret the session argument (see SessionsDirs) and start an appropriate
+ session according to it. Subject to word splitting.
+Description:
+ This string is subject to word splitting.
+ It specifies the session program to be executed (as the user owning
+ the session).
+ The conventional name for a file used here is <command>Xsession</command>.
+ See <xref linkend="tdmrc-xsession"/>.
+
+Key: FailsafeClient
+Type: string
+Default: XBINDIR "/xterm"
+User: core
+Instance: #*/""
+Merge: xdm
+Comment:
+ The program to run if Session fails.
+Description:
+ If the <option>Session</option> program fails to execute, &tdm; will
+ fall back to this program. This program is executed with no arguments,
+ but executes using the same environment variables as the session would
+ have had (see <xref linkend="tdmrc-xsession"/>).
+
+Key: UserPath
+Type: string
+Default: DEF_USER_PATH
+DDefault: -
+User: core
+Instance: #*/""
+Merge: xdm
+Comment:
+ The PATH for the Session program.
+Description:
+ The <envar>PATH</envar> environment variable for
+ non-<systemitem class="username">root</systemitem> <option>Session</option>s.
+ </para><para>
+ The default depends on the system &tdm; was built on.
+
+Key: SystemPath
+Type: string
+Default: DEF_SYSTEM_PATH
+DDefault: -
+User: core
+Instance: #*/""
+Merge: xdm
+Comment:
+ The PATH for Setup, Startup and Reset, etc.
+Description:
+ The <envar>PATH</envar> environment variable for all programs but
+ non-<systemitem class="username">root</systemitem>
+ <option>Session</option>s. Note that it is good practice not to include
+ <literal>.</literal> (the current directory) into this entry.
+ </para><para>
+ The default depends on the system &tdm; was built on.
+
+Key: SystemShell
+Type: string
+Default: "/bin/sh"
+User: core
+Instance: #*/"/bin/bash"
+Merge: xdm
+Comment:
+ The default system shell.
+Description:
+ The <envar>SHELL</envar> environment variable for all programs but the 
+ <option>Session</option>.
+
+Key: UserAuthDir
+Type: path
+Default: "/tmp"
+User: core
+Instance: #*/""
+Merge: xdm
+Comment:
+ Where to put the user's &X-Server; authorization file if ~/.Xauthority
+ cannot be created.
+Description:
+ When &tdm; is unable to write to the usual user authorization file
+ ($<envar>HOME</envar>/.Xauthority), it creates a unique file name in this
+ directory and points the environment variable <envar>XAUTHORITY</envar>
+ at the created file.
+
+Key: AutoReLogin
+Type: bool
+Default: false
+User: core
+Instance: #*/!
+Merge: xdm
+Comment:
+ Whether to automatically restart sessions after &X-Server; crashes.
+ Note that enabling this makes circumventing screen lockers other than
+ KDE's built-in one possible!
+Description:
+ If enabled, &tdm; will automatically restart a session after an &X-Server;
+ crash (or if it is killed by Alt-Ctrl-BackSpace). Note that enabling this
+ feature opens a security hole: a secured display lock can be circumvented
+ (unless &kde;'s built-in screen locker is used).
+
+Key: AllowRootLogin
+Type: bool
+Default: true
+User: core
+User: greeter(showRoot)
+Instance: */false
+Merge: xdm
+Comment:
+ Allow root logins?
+Description:
+ If disabled, do not allow <systemitem class="username">root</systemitem>
+ (and any other user with UID = 0) to log in directly.
+
+Key: AllowNullPasswd
+Type: bool
+Default: true
+User: core
+# sensible?
+Instance: */false
+Instance: :*/true
+Merge: xdm
+Comment:
+ Allow to log in, when user has set an empty password?
+Description:
+ If disabled, only users that have passwords assigned can log in.
+
+Key: AllowShutdown
+Type: enum
+ None/SHUT_NONE: no <guilabel>Shutdown...</guilabel> menu entry is shown at all
+ Root/SHUT_ROOT: the <systemitem class="username">root</systemitem> password must be entered to shut down
+ All/SHUT_ALL: everybody can shut down the machine
+Default: All
+User: core
+User: greeter
+Instance: */Root
+Instance: :*/All
+Merge: tdm:-Greeter/
+Comment: &
+Description:
+ Who is allowed to shut down the system. This applies both to the
+ greeter and to the command <acronym>FiFo</acronym>.
+
+Key: AllowSdForceNow
+Type: enum
+ None: no forced shutdown is allowed at all
+ Root: the <systemitem class="username">root</systemitem> password must be entered to shut down forcibly
+ All: everybody can shut down the machine forcibly
+Default: All
+User: core(allowNuke)
+User: greeter(allowNuke)
+Instance: #*/Root
+Comment: &
+Description:
+ Who is allowed to abort active sessions when shutting down.
+
+Key: DefaultSdMode
+Type: enum
+ Schedule: shut down after all active sessions exit (possibly at once)
+ TryNow: shut down, if no active sessions are open; otherwise, do nothing
+ ForceNow: shut down unconditionally
+Default: Schedule
+User: core(defSdMode)
+User: greeter(defSdMode)
+Instance: #*/ForceNow
+Comment: &
+Description:
+ The default choice for the shutdown condition/timing.
+
+Key: ScheduledSd
+Type: enum
+ Never/SHUT_NEVER: not at all
+ Optional/SHUT_OPTION: as a button in the simple shutdown dialogs
+ Always/SHUT_ALWAYS: instead of the simple shutdown dialogs
+Default: Never
+User: greeter
+Instance: #*/Optional
+Comment: &
+Description:
+ How to offer shutdown scheduling options:
+
+Key: NoPassEnable
+Type: bool
+Default: false
+User: dep
+Instance: #:*/true
+Comment: &
+Description:
+ Enable password-less logins on this display. <emphasis>Use with extreme care!</emphasis>
+
+Key: NoPassUsers
+Type: list
+Default: ""
+PostProc: PnoPassUsers
+User: core
+Instance: #:*/"fred,ethel"
+Merge: xdm(P_noPassUsers)
+Comment:
+ The users that do not need to provide a password to log in. NEVER list root!
+ "*" means all non-root users. @<group> means all users in that group.
+Description:
+ The users that do not need to provide a password to log in.
+ Items which are prefixed with <literal>@</literal> represent all users in the
+ user group named by that item.
+ <literal>*</literal> means all users but
+ <systemitem class="username">root</systemitem>
+ (and any other user with UID = 0).
+ <emphasis>Never</emphasis> list <systemitem class="username">root</systemitem>.
+
+Key: AutoLoginEnable
+Type: bool
+Default: false
+User: dep
+Instance: #:0/true
+Comment: &
+Description:
+ Enable automatic login. <emphasis>Use with extreme care!</emphasis>
+
+Key: AutoLoginAgain
+Type: bool
+Default: false
+User: core(autoAgain)
+User: greeter
+Instance: #:0/true
+Comment: &
+Description:
+ If true, auto-login after logout. If false, auto-login is performed only
+ when a display session starts up.
+
+Key: AutoLoginDelay
+Type: int
+Default: 0
+User: core(autoDelay)
+User: greeter
+Instance: #:0/10
+Comment:
+ The delay in seconds before automatic login kicks in.
+Description:
+ The delay in seconds before automatic login kicks in. This is also known as
+ <quote>Timed Login</quote>.
+
+Key: AutoLoginUser
+Type: string
+Default: ""
+PostProc: PautoLoginX
+User: core(autoUser)
+User: greeter
+Instance: #:0/"fred"
+Merge: xdm:autoUser(P_autoUser)
+Comment: &
+Description:
+ The user to log in automatically. <emphasis>Never</emphasis> specify <systemitem class="username">root</systemitem>!
+
+Key: AutoLoginPass
+Type: string
+Default: ""
+PostProc: PautoLoginX
+User: core(autoPass)
+Instance: #:0/"secret!"
+Merge: xdm:autoPass(P_autoPass)
+Comment: &
+Description:
+ The password for the user to log in automatically. This is <emphasis>not</emphasis> required
+ unless the user is logged into a <acronym>NIS</acronym> or Kerberos domain. If you use this
+ option, you should <command>chmod&nbsp;<option>600</option>&nbsp;<filename>tdmrc</filename></command> for obvious reasons.
+
+Key: AutoLoginLocked
+Type: bool
+Default: false
+User: core(autoLock)
+Instance: #:0/!
+Comment: &
+Description:
+ Immediately lock the automatically started session. This works only with
+ KDE sessions.
+
+Key: SessionsDirs
+Type: list
+Default: "/usr/share/xsessions,/var/lib/menu-xdg/xsessions,/usr/share/apps/tdm/sessions"
+User: core
+User: greeter-c
+Instance: #*/"/usr/share/xsessions,/var/lib/menu-xdg/xsessions,/usr/share/apps/tdm/sessions"
+Comment:
+ The directories containing session type definitions in .desktop format.
+Description:
+ A list of directories containing session type definitions.
+# See <xref linkend="tdmrc-sessions"> for details.
+
+Key: ClientLogFile
+Type: string
+Default: ".xsession-errors"
+User: core
+Instance: */".xsession-errors-%s"
+Instance: :0/".xsession-errors"
+Comment:
+ The file (relative to $HOME) to redirect the session output to. This is
+ a printf format string; one %s will be replaced with the display name.
+Description:
+ The file (relative to the user's home directory) to redirect the session
+ output to. One occurrence of <parameter>%s</parameter> in this string will be
+ substituted with the display name. Use <parameter>%%</parameter> to obtain a
+ literal <literal>%</literal>.
+
+Key: UseSessReg
+Type: bool
+Default: false
+User: core
+Instance: #*/!
+Comment:
+ Whether &tdm;'s built-in utmp/wtmp/lastlog registration should be used.
+Description:
+ Specify whether &tdm;'s built-in utmp/wtmp/lastlog registration should
+ be used. If it is not, the tool <command>sessreg</command> should be used
+ in the <option>Startup</option> and <option>Reset</option> scripts, or,
+ alternatively, the pam_lastlog module should be used on
+ <acronym>PAM</acronym>-enabled systems.
+
+
+Section: -Greeter
+Description:
+ This section class contains options concerning the configuration
+ of the &tdm; frontend (greeter).
+
+Key: GUIStyle
+Type: string
+Default: ""
+User: greeter
+Instance: #*/"Windows"
+Update: upd_guistyle
+Comment:
+ Widget style of the greeter. "" means the built-in default which currently
+ is "Plastik".
+Description:
+ Specify the widget style for the greeter. Empty means to use the
+ built-in default which currently is <literal>Plastik</literal>.
+
+Key: Compositor
+Type: string
+Default: ""
+User: greeter
+Instance: #*/""
+Comment:
+ Compositor binary name, if compositing is desired. "" means no compositing support.
+Description:
+ Specify the Xorg compositing manager.  Currently only kompmgr is supported.
+
+Key: WindowManager
+Type: string
+Default: "twin"
+User: greeter
+Instance: #*/""
+Comment:
+ Window manager binary name, if window decorations are desired. "" means no window manager support.
+Description:
+ Specify the Xorg window manager.  Currently only twin is supported.
+
+Key: UseSAK
+Type: bool
+Default: true
+User: greeter
+Instance: #*/!
+Comment:
+ SAK
+Description:
+ If true then the SAK anti-spoofing dialog will be utilized
+
+Key: UseAdminSession
+Type: bool
+Default: false
+User: greeter
+Instance: #*/!
+Comment:
+ Admin session
+Description:
+ If given there will be a special button that requires root password
+ and starts the given session
+
+Key: ColorScheme
+Type: string
+Default: ""
+User: greeter
+Instance: #*/"Pumpkin"
+Comment:
+ Widget color scheme of the greeter. "" means the built-in default which
+ currently is yellowish grey with some light blue and yellow elements.
+Description:
+ Specify the widget color scheme for the greeter. Empty means to use
+ the built-in default which currently is yellowish grey with some light
+ blue and yellow elements.
+
+Key: LogoArea
+Type: enum
+ None/LOGO_NONE: nothing
+ Logo/LOGO_LOGO: the image specified by <option>LogoPixmap</option>
+ Clock/LOGO_CLOCK: a neat analog clock
+Default: Clock
+User: greeter
+Instance: */Logo
+Comment:
+ What should be shown in the greeter's logo are:
+Description:
+ What should be shown in the greeter righthand of the input lines (if
+ <option>UserList</option> is disabled) or above them (if
+ <option>UserList</option> is enabled):
+
+Key: LogoPixmap
+Type: string
+Default: ""
+User: greeter(logo)
+Instance: */TDMDATA "/pics/kdelogo.png"
+Comment:
+ The image to show when LogoArea=Logo.
+Description:
+ The image to show in the greeter if <option>LogoArea</option> is
+ <literal>Logo</literal>.
+
+Key: GreeterPos
+Type: string
+Default: "50,50"
+User: greeter-c
+Instance: #*/"30,40"
+Comment:
+ The relative coordinates (X,Y in percent) of the center of the greeter.
+Description:
+ The relative coordinates (percentages of the screen size; X,Y) at which
+ the center of the greeter is put. &tdm; aligns the greeter to the edges
+ of the screen it would cross otherwise.
+
+Key: GreeterScreen
+Type: int
+Default: 0
+User: greeter
+Instance: #*/-1
+Comment: &
+Description:
+ The screen the greeter should be displayed on in multi-headed and Xinerama
+ setups. The numbering starts with 0. For Xinerama, it corresponds to the
+ listing order in the active ServerLayout section of XF86Config; -1 means
+ to use the upper-left screen, -2 means to use the upper-right screen.
+
+Key: GreetString
+Type: string
+Default: "Welcome to Trinity at %n"
+User: greeter
+Instance: #*/"Welcome to Trinity at %n"
+Comment:
+ The headline in the greeter. The following character pairs are replaced:
+ - %d -> current display
+ - %h -> host name, possibly with domain name
+ - %n -> node name, most probably the host name without domain name
+ - %s -> the operating system
+ - %r -> the operating system's version
+ - %m -> the machine (hardware) type
+ - %% -> a single %
+Description:
+ The headline in the greeter. An empty greeting means none at all.
+ </para><para>
+ The following character pairs are replaced by their value:
+ <variablelist>
+ <varlistentry>
+ <term><parameter>%d</parameter></term>
+ <listitem><para>name of the current display</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%h</parameter></term>
+ <listitem><para>local host name, possibly with the
+  domain name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%n</parameter></term>
+ <listitem><para>local node name, most probably the host name without the
+  domain name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%s</parameter></term>
+ <listitem><para>operating system</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%r</parameter></term>
+ <listitem><para>operating system version</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%m</parameter></term>
+ <listitem><para>machine (hardware) type</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><parameter>%%</parameter></term>
+ <listitem><para>a single <literal>%</literal></para></listitem>
+ </varlistentry>
+ </variablelist>
+
+# This needs to come _in front_ of the font settings to be effective!
+Key: AntiAliasing
+Type: bool
+Default: true
+User: greeter
+Instance: */
+Comment: &
+Description:
+ Whether the fonts used in the greeter should be antialiased.
+
+Key: GreetFont
+Type: string
+Default: "Sans Serif,22,5,0,50,0"
+CDefault: "Serif,20,bold"
+User: greeter:font
+Instance: #*/"Sans Serif,22,5,0,50,0"
+Comment: &
+Description:
+ The font for the greeter headline.
+
+Key: StdFont
+Type: string
+Default: "Sans Serif,10,5,0,50,0"
+CDefault: "Sans Serif,10"
+User: greeter(normalFont):font
+Instance: #*/"Sans Serif,10,5,0,50,0"
+Comment: &
+Description:
+ The normal font used in the greeter.
+
+Key: FailFont
+Type: string
+Default: "Sans Serif,10,5,0,75,0"
+CDefault: "Sans Serif,10,bold"
+User: greeter:font
+Instance: #*/"Sans Serif,10,5,0,75,0"
+Comment: &
+Description:
+ The font used for the <quote>Login Failed</quote> message.
+
+Key: NumLock
+Type: enum
+ Off: turn off
+ On: turn on
+ Keep: do not change the state
+Default: Keep
+User: greeter(numLockStatus)
+Instance: #*/Off
+Comment: &
+Description:
+ What to do with the Num Lock modifier for the time the greeter is running:
+
+Key: Language
+Type: string
+Default: "en_US"
+User: greeter-c
+Instance: #*/"de_DE"
+Update: upd_language
+Comment: &
+Description:
+ Language and locale to use in the greeter, encoded like $<envar>LC_LANG</envar>.
+
+Key: UserCompletion
+Type: bool
+Default: false
+User: greeter
+Instance: #*/!
+Comment: &
+Description:
+ Enable autocompletion in the username line edit.
+
+Key: UserList
+Type: bool
+Default: true
+User: greeter
+Instance: #*/!
+Comment:
+ Enable user list (names along with images) in the greeter.
+Description:
+ Show a user list with unix login names, real names, and images in the greeter.
+
+Key: ShowUsers
+Type: enum
+ NotHidden/SHOW_ALL: all users except those listed in HiddenUsers
+ Selected/SHOW_SEL: only the users listed in SelectedUsers
+Default: NotHidden
+User: greeter
+Instance: #*/Selected
+Update: upd_showusers
+Comment:
+ User selection for UserCompletion and UserList:
+Description: !
+ This option controls which users will be shown in the user view
+ (<option>UserList</option>) and/or offered for autocompletion
+ (<option>UserCompletion</option>).
+ If it is <literal>Selected</literal>, <option>SelectedUsers</option> contains
+ the final list of users.
+ If it is <literal>NotHidden</literal>, the initial user list are all users
+ found on the system. Users contained in <option>HiddenUsers</option> are
+ removed from the list, just like all users with a UID greater than specified
+ in <option>MaxShowUID</option> and users with a non-zero UID less than
+ specified in <option>MinShowUID</option>.
+ Items in <option>SelectedUsers</option> and <option>HiddenUsers</option>
+ which are prefixed with <literal>@</literal> represent all users in the
+ user group named by that item.
+ Finally, the user list will be sorted alphabetically, if
+ <option>SortUsers</option> is enabled. 
+
+Key: SelectedUsers
+Type: list
+Default: ""
+User: greeter-c(users)
+Instance: #*/"root,johndoe"
+Merge: tdm:Users
+Comment:
+ For ShowUsers=Selected. @<group> means all users in that group.
+Description:
+ See <option>ShowUsers</option>.
+
+Key: HiddenUsers
+Type: list
+Default: ""
+User: greeter-c(noUsers)
+Instance: #*/"root"
+# depends on {Min,Max}ShowUID
+Update: upd_hiddenusers/1
+Merge: tdm:NoUsers
+Comment:
+ For ShowUsers=NotHidden. @<group> means all users in that group.
+Description:
+ See <option>ShowUsers</option>.
+
+Key: MinShowUID
+Type: int
+Default: 0
+User: greeter(lowUserId)
+# will be overwritten
+Instance: #*/
+Update: upd_minshowuid
+Comment:
+ Special case of HiddenUsers: users with a non-zero UID less than this number
+ will not be shown as well.
+Description:
+ See <option>ShowUsers</option>.
+
+Key: MaxShowUID
+Type: int
+Default: 65535
+User: greeter(highUserId)
+# will be overwritten
+Instance: #*/
+Update: upd_maxshowuid
+Comment:
+ Complement to MinShowUID: users with a UID greater than this number will
+ not be shown as well.
+Description:
+ See <option>ShowUsers</option>.
+
+Key: SortUsers
+Type: bool
+Default: true
+User: greeter
+Instance: #*/!
+Comment:
+ If false, the users are listed in the order they appear in /etc/passwd.
+ If true, they are sorted alphabetically.
+Description:
+ See <option>ShowUsers</option>.
+
+Key: FaceSource
+Type: enum
+ AdminOnly/FACE_ADMIN_ONLY: from <filename>&lt;<option>FaceDir</option>&gt;/$<envar>USER</envar>.face[.icon]</filename>
+ PreferAdmin/FACE_PREFER_ADMIN: prefer &lt;<option>FaceDir</option>&gt;, fallback on $<envar>HOME</envar>
+ PreferUser/FACE_PREFER_USER: ... and the other way round
+ UserOnly/FACE_USER_ONLY: from the user's <filename>$<envar>HOME</envar>/.face[.icon]</filename>
+Default: AdminOnly
+User: greeter
+Instance: #*/PreferUser
+Comment:
+ Specify, where the users' pictures should be taken from.
+Description:
+ If <option>UserList</option> is enabled, this specifies where &tdm; gets the
+ images from:
+ </para>
+ %ENUM%
+ <para>
+ The images can be in any format Qt recognizes, but the filename
+ must match &tdm;'s expectations: <literal>.face.icon</literal> should be a
+ 48x48 icon, while <literal>.face</literal> should be a 300x300 image.
+ Currently the big image is used only as a fallback and is scaled down,
+ but in the future it might be displayed full-size in the logo area or a
+ tooltip.
+
+Key: FaceDir
+Type: string
+Default: *TDMDATA "/faces"
+User: greeter
+Instance: #*/"/usr/share/faces"
+Update: upd_facedir
+Comment:
+ The directory containing the user images if FaceSource is not UserOnly.
+Description:
+ See <option>FaceSource</option>.
+
+Key: PreselectUser
+Type: enum
+ None/PRESEL_NONE: do not preselect any user
+ Previous/PRESEL_PREV: the user which successfully logged in last time
+ Default/PRESEL_DEFAULT: the user specified in the <option>DefaultUser</option> option
+Default: None
+User: greeter(preselUser)
+Instance: #*/Previous
+Instance: :*/Previous
+Instance: #:0/Default
+Comment:
+ Specify, if/which user should be preselected for log in.
+Description:
+ Specify, if/which user should be preselected for log in:
+ </para>
+ %ENUM%
+ <para>
+ If <option>FocusPasswd</option> is enabled and a user was preselected,
+ the cursor is placed in the password input field automatically.
+ </para>
+ <note><para>Enabling user preselection can be considered a security hole,
+ as it presents a valid login name to a potential attacker, so he
+ <quote>only</quote> needs to guess the password. On the other hand,
+ one could set <option>DefaultUser</option> to a fake login name.</para></note>
+ <para>
+
+Key: DefaultUser
+Type: string
+Default: ""
+User: greeter
+Instance: #:0/"johndoe"
+Comment:
+ The user to preselect if PreselectUser=Default.
+Description:
+ See <option>PreselectUser</option>.
+
+Key: FocusPasswd
+Type: bool
+Default: false
+User: greeter
+Instance: #*/!
+Instance: :*/true
+Comment:
+ If this is true, the password input line is focused automatically if
+ a user is preselected.
+Description:
+ See <option>PreselectUser</option>.
+
+Key: EchoMode
+Type: enum
+ OneStar: <literal>*</literal> is shown for every typed letter
+ ThreeStars: <literal>***</literal> is shown for every typed letter
+ NoEcho: nothing is shown at all, the cursor does not move
+# HACK! This must be in sync with KPasswordEdit::EchoModes (kpassdlg.h)
+Default: OneStar
+User: greeter
+Instance: #*/NoEcho
+Comment: &
+Description:
+ The password input fields cloak the typed in text. Specify, how to do it:
+
+Key: UseBackground
+Type: bool
+Default: true
+User: greeter
+Instance: #*/!
+Comment:
+ If true, krootimage will be automatically started by &tdm;; otherwise, the
+ Setup script should be used to setup the background.
+Description:
+ If enabled, &tdm; will automatically start the <command>krootimage</command>
+ program to set up the background; otherwise, the <option>Setup</option>
+ program is responsible for the background.
+
+Key: BackgroundCfg
+Type: string
+Default: *TDMCONF "/backgroundrc"
+User: greeter-c
+Instance: #*/""
+Update: handBgCfg
+Comment:
+ The configuration file to be used by krootimage.
+Description:
+ The configuration file to be used by <command>krootimage</command>.
+ It contains a section named <literal>[Desktop0]</literal> like
+ <filename>kdesktoprc</filename> does. Its options are not described
+ herein; guess their meanings or use the control center.
+
+Key: GrabServer
+Type: bool
+Default: false
+User: greeter-c
+Instance: #*/!
+Comment:
+ Hold the &X-Server; grabbed the whole time the greeter is visible. This
+ may be more secure, but it will disable any background and other
+ X-clients started from the Setup script.
+Description:
+ To improve security, the greeter grabs the &X-Server; and then the keyboard
+ when it starts up. This option specifies if the &X-Server; grab should be held
+ for the duration of the name/password reading. When disabled, the &X-Server;
+ is ungrabbed after the keyboard grab succeeds; otherwise, the &X-Server; is
+ grabbed until just before the session begins.
+ </para>
+ <note><para>Enabling this option disables <option>UseBackground</option> and
+ <option>Setup</option>.</para></note>
+ <para>
+
+Key: GrabTimeout
+Type: int
+Default: 3
+User: greeter
+Instance: #*/
+Comment:
+ How many seconds to wait for grab to succeed.
+Description:
+ This option specifies the maximum time &tdm; will wait for the grabs to
+ succeed. A grab may fail if some other X-client has the &X-Server; or the
+ keyboard grabbed, or possibly if the network latencies are very high. You
+ should be cautious when raising the timeout, as a user can be spoofed by
+ a look-alike window on the display. If a grab fails, &tdm; kills and
+ restarts the &X-Server; (if possible) and the session. 
+
+Key: AuthComplain
+Type: bool
+Default: true
+User: greeter
+Instance: #*/!
+Merge: xdm
+Comment:
+ Warn, if display has no X-authorization (local auth cannot be created,
+ &XDMCP; display wants no auth, or display is foreign from StaticServers).
+Description:
+ Warn, if a display has no X-authorization. This will be the case if
+ <itemizedlist>
+  <listitem><para>
+   the authorization file for a local &X-Server; could not be created,
+  </para></listitem>
+  <listitem><para>
+   a remote display from &XDMCP; did not request any authorization or
+  </para></listitem>
+  <listitem><para>
+   the display is a <quote>foreign</quote> display specified in
+   <option>StaticServers</option>.
+  </para></listitem>
+ </itemizedlist>
+
+Key: LoginMode
+If: defined(XDMCP)
+Type: enum
+ LocalOnly/LOGIN_LOCAL_ONLY: only local login possible
+ DefaultLocal/LOGIN_DEFAULT_LOCAL: start up in local mode, but allow switching to remote mode
+ DefaultRemote/LOGIN_DEFAULT_REMOTE: ... and the other way round
+ RemoteOnly/LOGIN_REMOTE_ONLY: only choice of remote host possible
+Default: LocalOnly
+User: core
+User: greeter
+Instance: :*/DefaultLocal
+# from make_it_cool branch and SuSE 8.1
+Merge: tdm:EnableChooser(P_EnableChooser)
+Comment: &
+Description:
+ Specify whether the greeter of local displays should start up in host chooser
+ (remote) or login (local) mode and whether it is allowed to switch to the
+ other mode.
+
+Key: ChooserHosts
+If: defined(XDMCP)
+Type: list
+Default: "*"
+User: core
+Instance: #:*/"*,ugly,sky,dino,kiste.local,login.crap.com"
+Comment:
+ A list of hosts to be automatically added to the remote login menu. The
+ special name "*" means broadcast.
+Description:
+ A list of hosts to be automatically added to the remote login menu.
+ The special name <literal>*</literal> means broadcast.
+ Has no effect if <option>LoginMode</option> is <literal>LocalOnly</literal>.
+
+Key: ForgingSeed
+Type: int
+Default: 0
+User: greeter
+Instance: #*/
+Comment:
+ Random seed for forging saved session types, etc. of unknown users.
+ This value should be random but constant across the login domain.
+Description:
+ Use this number as a random seed when forging saved session types, etc. of
+ unknown users. This is used to avoid telling an attacker about existing users
+ by reverse conclusion. This value should be random but constant across the
+ login domain.
+
+Key: ShowLog
+If: defined(WITH_TDM_XCONSOLE)
+Type: bool
+Default: false
+User: greeter
+Instance: :0/true
+Comment:
+ Enable &tdm;'s built-in xconsole. Note that this can be enabled for only
+ one display at a time.
+Description:
+ Enable &tdm;'s built-in <command>xconsole</command>.
+ Note that this can be enabled for only one display at a time.
+ This option is available only if &tdm; was <command>configure</command>d
+ with <option>--enable-tdm-xconsole</option>.
+
+Key: LogSource
+If: defined(WITH_TDM_XCONSOLE)
+Type: string
+Default: ""
+User: greeter-c
+Instance: :0/"/dev/xconsole"
+Comment:
+ The data source for &tdm;'s built-in xconsole.
+ If empty, a console log redirection is requested from /dev/console.
+Description:
+ The data source for &tdm;'s built-in <command>xconsole</command>.
+ If empty, a console log redirection is requested from
+ <filename>/dev/console</filename>.
+ Has no effect if <option>ShowLog</option> is disabled.
+
+Key: PluginsLogin
+Type: list
+Default: "classic"
+User: greeter
+Instance: #*/"sign"
+Comment:
+ Specify conversation plugins for the login dialog. Each plugin can be
+ specified as a base name (which expands to $kde_modulesdir/kgreet_$base)
+ or as a full pathname.
+Description:
+ Specify conversation plugins for the login dialog; the first in the list
+ is selected initially.
+ Each plugin can be specified as a base name (which expands to
+ <filename>$<envar>kde_modulesdir</envar>/kgreet_<replaceable>base</replaceable></filename>)
+ or as a full pathname.
+ </para><para>
+ Conversation plugins are modules for the greeter which obtain authentication
+ data from the user. Currently only the <literal>classic</literal> plugin is
+ shipped with &kde;; it presents the well-known username and password form.
+
+Key: PluginsShutdown
+Type: list
+Default: "classic"
+User: greeter
+Instance: #*/"modern"
+Comment: &
+Description:
+ Same as <option>PluginsLogin</option>, but for the shutdown dialog.
+
+Key: PluginOptions
+Type: list
+Default: ""
+User: greeter
+Instance: #*/"SomeKey=randomvalue,Foo=bar"
+Comment:
+ A list of options of the form Key=Value. The conversation plugins can query
+ these settings; it is up to them what possible keys are.
+Description:
+ A list of options of the form
+ <replaceable>Key</replaceable><literal>=</literal><replaceable>Value</replaceable>.
+ The conversation plugins can query these settings; it is up to them what
+ possible keys are.
+
+Key: AllowConsole
+Type: bool
+Default: true
+User: greeter(hasConsole)
+Instance: #*/!
+Comment: &
+Description:
+ Show the <guilabel>Console Login</guilabel> action in the greeter (if <option>ServerTTY</option>/<option>ConsoleTTYs</option>
+ is configured).
+
+Key: AllowClose
+Type: bool
+Default: true
+User: greeter
+Instance: :*/true
+Comment: &
+Description:
+ Show the <guilabel>Restart X Server</guilabel>/<guilabel>Close Connection</guilabel> action in the greeter.
+
+Key: Preloader
+Type: string
+Default: ""
+User: greeter-c
+Instance: */KDE_BINDIR "/preloadkde"
+Comment: &
+Description:
+ A program to run while the greeter is visible. It is supposed to preload
+ as much as possible of the session that is going to be started (most
+ probably).
+
+Key: UseTheme
+Type: bool
+Default: true
+User: greeter
+Instance: */true
+Comment: &
+Description:
+ Whether the greeter should be themed.
+
+Key: Theme
+Type: string
+Default: TDMDATA "/themes/o2_enterprise"
+User: greeter
+Instance: */TDMDATA "/themes/o2_enterprise"
+Comment: &
+Description:
+ The theme to use for the greeter. Can point to either a directory or an XML
+ file.