Running From INIT
Though X will usually be run by dtlogin from init, it is possible to run X directly from init. For
information about running X from dtlogin, see the dtlogin man page.
To run X directly from init, it is necessary to modify /etc/inittab and /etc/gettydefs. Detailed information
on these files may be obtained from the inittab(4) and gettydefs(4) man pages.
To run X from init on display 0, with a login xterm running on /dev/ttypf, in init state 3, the following
line must be added to /etc/inittab:
X0:3:respawn:env PATH=/bin:/usr/bin/X11:/usr/bin xinit -L ttyqf -- :0
To run X with a login hpterm, the following should be used instead:
X0:3:respawn:env PATH=/bin:/usr/bin/X11:/usr/bin xinit hpterm =+1+1 -n login -L ttyqf -- :0
In addition, the following line must be added to /etc/gettydefs (this should be a single line):
Xwindow# B9600 HUPCL PARENB CS7 # B9600 SANE PARENB CS7 ISTRIP IXANY TAB3
00#X login: #Xwindow
There should not be a getty running against the display whenever X is run from xinit.
Granting Access
The sample server implements a simplistic authorization protocol, MIT-MAGIC-COOKIE-1 which uses
data private to authorized clients and the server. This is a rather trivial scheme; if the client passes
authorization data which is the same as the server has, it is allowed access. This scheme is inferior to
host-based access control mechanisms in environments with unsecure networks as it allows any host to
connect, given that it has discovered the private key. But in many environments, this level of security is
better than the host-based scheme as it allows access control per-user instead of per-host.
In addition, the server provides support for a DES-based authorization scheme, XDM-
AUTHORIZATION-1, which is more secure (given a secure key distribution mechanism), but as DES is
not generally distributable, the implementation is missing routines to encrypt and decrypt the
authorization data. This authorization scheme can be used in conjunction with XDMCP's authentication
scheme, XDM-AUTHENTICATION-1 or in isolation.
The authorization data is passed to the server in a private file named with the -auth command line
option. Each time the server is about to accept the first connection after a reset (or when the server is
starting), it reads this file. If this file contains any authorization records, the local host is not
automatically allowed access to the server, and only clients which send one of the authorization records
contained in the file in the connection setup information will be allowed access. See the Xau manual
Graphics Administration Guide for HP-UX 10.20
Page 151