Mark Lutz wrote:
I was browsing the German version of SuSE's support database (sdb) by versions and noticed an articel called "XDM/KDM Login ist weltweit zugänglich" <http://sdb.suse.de/sdb/de/html/cg_xdmcp.html>.
Since this wasn't on this list (I think), I tried to get the English version of the articel. But strange enough it does not exist.
Well, it probably has not been translated but I am sure you'll figure out what to do (just place an exclamation mark in front of the asterisk on those two lines, rephrase the comments and restart xdm/kdm)
Thought, I'd let you know.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I did a quick and diry translation of this... Juergen ====================================== XDM/KDM Login iaccessible worldwide Alpplies to: SuSE Linux: Version 6.2 Symptom: After configuring the graphical Login with kdm or xdm other (Linux-) computers with running X-server can access the kdm/xdm loginmanager with the command "X -query hostname". This won't have any effects with on machines running xdm, wereas with kdm the machine can be shut down using the 'Beenden' dialog. This can be done without accessing an existing account an the attaced machine. Cause: All acceses to the kdm/xdm loginmanager are allowed by default. This behaviour is set in /usr/X11R6/lib/X11/xdm/Xaccess. Solution: Edit /usr/X11R6/lib/X11/xdm/Xaccess. Search for these lines: # In all cases, xdm uses the first entry which matches the terminal; # for IndirectQuery messages only entries with right hand sides can # match, for Direct and Broadcast Query messages, only entries without # right hand sides can match. # * #any host can get a login window and further down # The nicest way to run the chooser is to just ask it to broadcast # requests to the network - that way new hosts show up automatically. # Sometimes, however, the chooser can't figure out how to broadcast, # so this may not work in all environments. # * CHOOSER BROADCAST #any indirect host can get a chooser und ersetzen Sie diese durch die nachfolgenden Zeilen. Es wird nur ein `!' Zeichen vor die `*' gesetzt und der Kommentar geändert. replace these two lines by adding a '!' to the '*' to negate the statenemt and change the comment: # In all cases, xdm uses the first entry which matches the terminal; # for IndirectQuery messages only entries with right hand sides can # match, for Direct and Broadcast Query messages, only entries without # right hand sides can match. # !* #no host can get a login window and # The nicest way to run the chooser is to just ask it to broadcast # requests to the network - that way new hosts show up automatically. # Sometimes, however, the chooser can't figure out how to broadcast, # so this may not work in all environments. # !* CHOOSER BROADCAST #no indirect host can get a chooser After these changes restart xdm/kdm. Now the loginmanager can only be accessed from the local machine. Hosts trying to access via the network won't get any access to the loginmanager. -- ========================================== __ _ Juergen Braukmann mail: brauki@cityweb.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu| /\\ /__/ / _ \/ // /\ \/ / ==========================================_\_v __/_/_//_/\_,_/ /_/\_\