The file specified by the
AccessFile option provides
information which kdm uses to control access from displays requesting service
The file contains four types of entries: entries which control the response
to “Direct” and “Broadcast” queries, entries which
control the response to “Indirect” queries, macro definitions,
and entries which control on which network interfaces kdm listens for XDMCP
Blank lines are ignored,
# is treated as a comment
delimiter causing the rest of that line to be ignored, and
causes an immediately following newline to be ignored, allowing host lists
to span multiple lines.
The format of the “Direct” entries is simple, either a
host name or a pattern, which is compared against the host name of the display
device. Alternatively, a macro may be used to make the entry match everything
the macro expands to.
Patterns are distinguished from host names by the inclusion of one or more
* matches any sequence of 0 or more
? matches any single character.
If the entry is a host name, all comparisons are done using network addresses,
so any name which converts to the correct network address may be used. Note
that only the first network address returned for a host name is used.
For patterns, only canonical host names are used in the comparison, so ensure
that you do not attempt to match aliases.
Host names from XDMCP queries always contain the local domain name
even if the reverse lookup returns a short name, so you can use
patterns for the local domain.
Preceding the entry with a
! character causes hosts which
match that entry to be excluded. Preceding it with an
no effect but is required when specifying a macro to distinguish the entry
from a macro definition.
To only respond to “Direct” queries for a host or pattern,
it can be followed by the optional
This can be used to prevent a kdm server from appearing on menus based on
An “Indirect” entry also contains a host name, pattern or
macro, but follows it with a list of host names or macros to which the queries
should be forwarded. “Indirect” entries can be excluding as well,
in which case a (valid) dummy host name must be supplied to make the entry
distinguishable from a “Direct” entry.
If compiled with IPv6 support, multicast address groups may also be included
in the list of addresses the queries are forwarded to.
If the indirect host list contains the keyword
“Indirect” queries are not forwarded, but instead a host chooser
dialog is displayed by kdm. The chooser will send a “Direct”
query to each of the remaining host names in the list and offer a menu of
all the hosts that respond. The host list may contain the keyword
BROADCAST, to make the chooser send a
“Broadcast” query as well; note that on some operating systems,
UDP packets cannot be broadcast, so this feature will not work.
When checking access for a particular display host, each entry is scanned in turn and the first matching entry determines the response. “Direct” and “Broadcast” entries are ignored when scanning for an “Indirect” entry and vice-versa.
A macro definition contains a macro name and a list of host names and
other macros that the macro expands to. To distinguish macros from hostnames,
macro names start with a
The last entry type is the
The formal syntax is
If one or more
LISTEN lines are specified, kdm listens
for XDMCP requests only on the specified interfaces.
interface may be a hostname or IP address
representing a network interface on this machine, or the wildcard
* to represent all available network interfaces.
If multicast group addresses are listed on a
kdm joins the multicast groups on the given interface. For IPv6 multicasts,
the IANA has assigned ff0
X:0:0:0:0:0:0:12b as the
permanently assigned range of multicast addresses for XDMCP. The
X in the prefix may be replaced by any valid scope
identifier, such as 1 for Node-Local, 2 for Link-Local, 5 for Site-Local, and
so on (see IETF RFC 2373 or its replacement for further details and scope
definitions). kdm defaults to listening on the Link-Local scope address
ff02:0:0:0:0:0:0:12b to most closely match the IPv4 subnet broadcast behavior.
LISTEN lines are given, kdm listens on all
interfaces and joins the default XDMCP IPv6 multicast group (when
compiled with IPv6 support).
To disable listening for XDMCP requests altogether, a
LISTEN line with no addresses may be specified, but using
Enable option is preferred.