Configuring TDM
Prev
Next

Chapter 4. Configuring TDM

This chapter assumes that TDM is already up and running on your system, and that you simply want to change its behavior in some way.

Upon starting, TDM reads its configuration from the folder $TDEDIR/share/config/tdm/ (this may be /etc/trinity/tdm/ or something else on your system).

The main configuration file is tdmrc; all other files are referenced from there and could be stored under any name anywhere on the system. Usually that would not make much sense for obvious reasons (one particular exception is referencing configuration files of an already installed xdm. However, when a new TDM is installed, it will import settings from those files if it finds an already installed xdm).

Since TDM must run before any user is logged in, it is not associated with any particular user. Therefore, it is not possible to have user-specific configuration files; all users share the common tdmrc. It follows from this that the configuration of TDM can only be altered by those users who have write access to $TDEDIR/share/config/tdm/tdmrc (normally restricted to system administrators logged in as root).

You can view the tdmrc file currently in use on your system, and you can configure TDM by editing that file. Alternately, you can use the graphical configuration tool provided by the TDE Control Center (under System Administration->Login Manager), which is described in the next section.

The remainder of this chapter describes configuring TDM using the TDE Control Center module, and the next chapter describes the options available in tdmrc itself. If you only need to configure for local users, the TDE Control Center module should be sufficient for your needs. If you need to configure remote logins, or have multiple TDM sessions running, you will need to continue reading.

The Login Manager TDE Control Center Module

Thomas Tanghus

Steffen Hansen

Mike McBride

Using this module, you can configure the TDE graphical login manager, TDM. You can change how the login screen looks, who has access using the login manager and who can shutdown the computer.

Note

All settings will be written to the configuration file tdmrc, which in its original state has many comments to help you configure TDM. Using this TDE Control Center module will strip these comments from the file. Consider making a backup of tdmrc before making changes. All available options in tdmrc are covered in Chapter 5, The Files TDM Uses for Configuration.

The options listed in this chapter are cross referenced with their equivalents in tdmrc. All options available in the KControl module are also available directly in tdmrc but the reverse is not true.

In order to organize all of these options, this module is divided into several sections: Appearance, Font, Background, Shutdown, Users and Convenience.

You can switch between the sections using the tabs at the top of the window.

Note

If you are not currently logged in as a superuser, you will need to select the Administrator Mode... Button. You will then be asked for a superuser password. Entering a correct password will allow you to modify the settings of this module.

Appearance

From this page you can change the visual appearance of TDM, TDE's graphical login manager.

The Greeting: is the title of the login screen. Setting this is especially useful if you have many servers users may log in to. You may use various placeholders, which are described along with the corresponding key GreetString in tdmrc.

You can then choose to show either the current system time, a logo or nothing special in the login box. Make your choice in the radio buttons labeled Logo area:. This corresponds to LogoArea in tdmrc

If you chose Show logo you can now choose a logo:

  • Drop an image file on the image button.

  • Click on the image button and select a new image from the image chooser dialog.

If you do not specify a logo the default $TDEDIR/share/apps/tdm/pics/tdelogo.png will be displayed.

Normally the login box is centered on the screen. Use the Position: options if you want it to appear elsewhere on the screen. You can specify the relative position (percentage of the screen size) for the center of the login window, relative to the top left of the display, in the fields labeled X: and Y: respectively. These correspond to the key GreeterPos in tdmrc.

While TDE's style depends on the settings of the user logged in, the style used by TDM can be configured using the GUI Style: and Color Scheme: options. These correspond to the keys GUIStyle and ColorScheme in tdmrc respectively.

Below that, you have a drop down box to choose the language for your login box, corresponding to setting Language in tdmrc.

In this same section TDM can be configured to use a Secure Attention Key (SAK). A Secure Attention Key is a special key press to which only certain privileged applications are able to respond, such as the login and screen unlock dialogs. This mechanism prevents a malevolent user from creating an exact copy of the login screen to "sniff" or "phish" passwords or other sensitive information. The unprivileged copy is unable to detect the SAK key press, thereby providing a visible difference in operation to the user.

When the Trinity SAK is enabled, users are prompted to press Ctrl+Alt+Delete before sensitive information is requested.


The Trinity Secure Attention Key dialog

When SAK is enabled, and the Ctrl+Alt+Delete dialog does not appear before sensitive information is requested, someone might be attempting to "phish" for that information. A prudent course of action would be to terminate the active X11 session via Ctrl+Alt+Backspace or any other distribution-specific key press for this action, thereby restoring control to the kernel and base system.

Generally, using the Trinity SAK is a good idea when supporting many graphical login accounts on a machine. For example, in enterprise environments or computer laboratories. When only one graphical login account is used, or only a few accounts in a controlled environment, such as with a home computer, Trinity SAK will not provide tangible benefits over the standard login methods.

Note

Trinity SAK requires evdev to be running and the Linux uinput kernel module to be loaded.

Font

From this section of the module you can change the fonts used in the login window. Only fonts available to all users are available here, not fonts you have installed on a per user basis.

You can select three different font styles from the drop down box (General:, Failures:, Greeting:). When you click on the Choose... button a dialog appears from which you can select the new characteristics for the font style.

  • The General: font is used in all other places in the login window.

  • The Failures: font is used when a login fails.

  • The Greeting: font is the font used for the title (Greeting String).

You can also check the box labeled Use anti-aliasing for fonts if you want smoothed fonts in the login dialog.

Background

Here you can change the desktop background which will be displayed before a user logs in. You can have a single color or an image as a background. If you have an image as the background and select center, the selected background color will be used around the image if it is not large enough to cover the entire desktop.

The background colors and effects are controlled by the options on the tab labeled Background and you select a background image and its placement from the options on the tab labeled Wallpaper.

To change the default background color(s) simply click either of the color buttons and select a new color.

The drop down box above the color buttons provides you with several different blend effects. Choose one from the list, and it will be previewed on the small monitor at the top of the window. Your choices are:

Flat

By choosing this mode, you select one color (using the color button labeled Color 1), and the entire background is covered with this one color.

Pattern

By choosing this mode, you select two colors (using both color buttons).

You then select a pattern by clicking Setup. This opens a new dialog window, which gives you the opportunity to select a pattern. Simply click once on the pattern of your choice, then click on OK, and TDE will render the pattern you selected using the two colors you selected. For more on patterns, see the section Background: Adding, Removing and Modifying Patterns.

Background Program

By selecting this option, you can have TDE use an external program to determine the background. This can be any program of your choosing. For more information on this option, see the section entitled Background: Using an external program.

Horizontal Gradient

By choosing this mode, you select two colors (using both color buttons). TDE will then start with the color selected by Color 1 on the left edge of the screen, and slowly transform into the color selected by Color 2 by the time it gets to the right edge of the screen.

Vertical Gradient

By choosing this mode, you select two colors (using both color buttons). TDE will then start with the color selected by Color 1 on the top edge of the screen, and slowly transform into the color selected by Color 2 as it moves to the bottom of the screen.

Pyramid Gradient

By choosing this mode, you select two colors (using both color buttons). TDE will then start with the color selected by Color 1 in each corner of the screen, and slowly transform into the color selected by Color 2 as it moves to the center of the screen.

Pipecross Gradient

By choosing this mode, you select two colors (using both color buttons). TDE will then start with the color selected by Color 1 in each corner of the screen, and slowly transform into the color selected by Color 2 as it moves to the center of the screen. The “shape” of this gradient is different then the pyramid gradient.

Elliptic Gradient

By choosing this mode, you select two colors (using both color buttons). TDE will then start with the color selected by Color 2 in the center of the screen, and slowly transform into the color selected by Color 1 as it moves to the edges, in an elliptical pattern.

The setup button is only needed for if you select Background program or Patterns. In these instances, another window will appear to configure the specifics.

Wallpaper

To select a new background image first, click on the Wallpapers tab, then you can either select an image from the drop down list labeled Wallpaper or select Browse... and select an image file from a file selector.

The image can be displayed in six different ways:

No wallpaper

No image is displayed. Just the background colors.

Centered

The image will be centered on the screen. The background colors will be present anywhere the image does not cover.

Tiled

The image will be duplicated until it fills the entire desktop. The first image will be placed in the upper left corner of the screen, and duplicated downward and to the right.

Center Tiled

The image will be duplicated until it fills the entire desktop. The first image will be placed in the center of the screen, and duplicated upward, downward to the right, and to the left.

Centered Maxpect

The image will be placed in the center of the screen. It will be scaled to fit the desktop, but it will not change the aspect ratio of the original image. This will provide you with an image that is not distorted.

Scaled

The image will be scaled to fit the desktop. It will be stretched to fit all four corners.

Shutdown

Allow Shutdown

Use this drop down box to choose who is allowed to shut down:

  • Nobody: No one can shutdown the computer using TDM. You must be logged in, and execute a command.

  • Everybody: Everyone can shutdown the computer using TDM.

  • Only Root: TDM requires that the root password be entered before shutting down the computer.

You can independently configure who is allowed to issue a shutdown command for the Local: and Remote: users.

Commands

Use these text fields to define the exact shutdown command.

The Halt: command defaults to /sbin/halt. The Restart: command defaults to /sbin/reboot.

When Show boot options is enabled, TDM will on reboot offer you options for the lilo boot manager. For this feature to work, you will need to supply the correct paths to your lilo command and to lilo's map file. Note that this option is not available on all operating systems.

Restart X-Server with session exit

Whether the login manager should restart the local X-Server after a session exit instead of resetting. Use this option when the X-Server leaks memory, crashes the system on reset attempts, or otherwise exhibits display issues or artifacts.

Users

From here you can change the way users are represented in the login window.

You may disable the user list in TDM entirely in the Show Users section. You can choose from:

Show List

Only show users you have specifically enabled in the list alongside

If you do not check this box, no list will be shown. This is the most secure setting, since an attacker would then have to guess a valid login name as well as a password. It's also the preferred option if you have more than a handful of users to list, or the list itself would become unwieldy.

Inverse selection

Allows you to intead select a list of users that should not be shown, and all other users will be listed.

Independently of the users you specify by name, you can use the System UIDs to specify a range of valid UIDs that are shown in the list. By default user id's under 1000, which are often system or daemon users, and user id's over 65000, are not shown.

You can also enable the Sort users checkbox, to have the user list sorted alphabetically. If this is disabled, users will appear in the order they are listed in the password file. TDM will also autocomplete user names if you enable the Autocompletion option.

If you choose to show users, then the login window will show images (which you select), of a list of users. When someone is ready to login, they may select their user name/image, enter their password, and they are granted access.

If you permit a user image, then you can configure the source for those images.

You can configure the admin picture here, for each user on the system. Depending on the order selected above, users may be able to override your selection.

If you choose not to show users, then the login window will be more traditional. Users will need to type their username and password to gain entrance. This is the preferred way if you have many users on this terminal.

Convenience

In the convenience tab you can configure some options that make life easier for lazy people, like automatic login or disabling passwords.

Important

Please think more than twice before using these options. Every option in the Convenience tab is well-suited to seriously compromise your system security. Practically, these options are only to be used in a completely non-critical environment, for example, a private computer at home.

Automatic Login

Automatic login will give anyone access to a certain account on your system without doing any authentication. You can enable it using the option Enable Auto-login.

You can choose the account to be used for automatic login from the list labeled User:.

Password-Less Login

Using this feature, you can allow certain users to login without having to provide their password. Enable this feature using the Enable Password-less logins option.

Below this option you'll see a list of users on the system. Enable password-less login for specific users by checking the checkbox next to the login names. By default, this feature is disabled for all users.

Important

Again, this option should only be used in a safe environment. If you enable it on a rather public system you should take care that only users with heavy access restrictions are granted password-less login, for example, guest.

You can also choose which user is “preselected” when TDM starts. The default is None, but you can choose Previous to have TDM default to the last successfully logged in user, or you can Specify a particular user to always be selected from the list. You can also have TDM set the focus to the password field, so that when you reach the TDM login screen, you can type the password immediately.

The Automatically login after X server crash option allows you to skip the authentication procedure when your X server accidentally crashed.

Prev
Next
Home


Would you like to comment or contribute an update to this page?
Send feedback to the TDE Development Team