X display manager

In the X Window System, an X display manager is a graphical login manager which starts a login session on an X server from the same or another computer.



A display manager presents the user with a login screen. A session starts when a user successfully enters a valid combination of username and password.

When the display manager runs on the user's computer, it starts the X server before presenting the user the login screen, optionally repeating when the user logs out. In this condition, the DM realizes in the X Window System the functionality of getty and login on character-mode terminals. When the display manager runs on a remote computer, it acts like a telnet server, requesting username and password and starting a remote session.

X11 Release 3 introduced display managers in October 1988 with the aim of supporting the standalone X terminals, just coming onto the market. Various display managers continue in routine use to provide a graphical login prompt on standalone computer workstations running X. X11R4 introduced the X Display Manager Control Protocol (XDMCP) in December 1989 to fix problems in the X11R3 implementation.

History
XDM (the X Window Display Manager) originated in X11R3. This first version, written by Keith Packard of the MIT X Consortium, had several limitations, the most notable of which was that it could not detect when users switched X terminals off and on. In X11R3, XDM only knew about an X terminal from its entry in the Xservers file, but XDM only consulted this file when it started. Thus every time a user switched a terminal off and on, the system administrator had to send a SIGHUP signal to XDM to instruct it to rescan Xservers.

XDMCP arrived with the introduction of X11R4 (December 1989). With XDMCP, the X server must actively request a display manager connection from the host. An X server using XDMCP therefore no longer requires an entry in Xservers.

Local and remote display management
A display manager can run on the same computer where the user sits—starting one or more X servers, displaying the login screen at the beginning and (optionally) every time the user logs out—or on a remote one, working according to the XDMCP protocol.



The XDMCP protocol mandates that the X server starts autonomously and connects to the display manager. In the X Window System paradigm, the server runs on the computer providing the display and input devices. A server can connect, using the XDMCP protocol, to a display manager running on another computer, requesting it to start the session. In this case, the X server acts as a graphical telnet client while the display manager acts like a telnet server: users start programs from the computer running the display manager, while their input and output take place on the computer where the server (and the user) sits.

An administrator can typically configure an XDMCP Chooser program running on the local computer or X terminal to connect to a specific host's X display manager or to display a list of suitable hosts that the user can choose from. Most implementations enable such a list to contain:
 * 1) a predefined set of hosts and their respective network addresses, and/or
 * 2) a set of hosts (on the local TCP/IP subnet) that the XDMCP Chooser determines by a network broadcast to the available display managers.

When the user selects a host from the list, the XDMCP Chooser running on the local machine will send a message to the selected remote computer's display manager and instruct it to connect the X server on the local computer or terminal.

X Display Manager Control Protocol
The X Display Manager Control Protocol (XDMCP) uses UDP port 177. An X server requests that a display manager start a session by sending a  packet. If the display manager allows access for that X server, it responds by sending a  packet back to the X server. (The X server can also send  or   packets to start a session - this mechanism for requesting a session resembles using DHCP to request an IP address.)

The display manager must authenticate itself to the server. To do this the X server sends a  packet to the display manager, which returns an   packet. If the  packet contains the response the X server expects, the display manager is authenticated. Producing the correct response might require the display manager to have access to a secret key, for example. If authentication succeeds, the X server sends a  packet to inform the display manager. Then the display manager displays its login screen by connecting to the X server as a regular X client.

During the session, the server can send  packets to the display manager at intervals. If the display manager fails to respond with an  packet within a certain time, the X server presumes that the display manager has ceased running, and can terminate the connection.

Security
One problem with XDMCP is that, similarly to telnet, the authentication takes place unencrypted. If snooping is possible, this leaves the system vulnerable to attack. It is more secure to use an ssh tunnel for X traffic.

Implementations
The X Window System supplies XDM as its standard display manager.

Programmers have developed other X display managers, both commercial and free, offering additional functionality over the basic display management:

Active

 * GDM, GNOME implementation
 * SDDM, recommended display manager for KDE Plasma 5 and LXQt. Successor to KDM.
 * LightDM, a lightweight, modular, cross-desktop, fully themeable desktop display manager by Canonical Ltd.
 * TWin, the TDE window manager
 * dtlogin (shipped with CDE)
 * xlogin display manager, a lightweight, secure and login like console display manager for X, written in C.

Inactive

 * KDM (part of KDE) allows the user to graphically select a window manager or desktop environment in the login screen
 * Qingy ultralight and very configurable graphical login independent on X Window (uses DirectFB)
 * XDM-OPTIONS for XDM. Easy full install, Xhost Phonebook, X Login, X Desktop Chooser, menu-reconfig, repair utils.
 * LDM, the (remote) Display Manager of the Linux Terminal Server Project
 * MDM, a graphical display manager developed for Linux Mint.
 * scologin (provided by SCO Open Desktop) also checks for expired passwords and performs some administrative tasks
 * WINGs Display Manager (using the WINGs widget-set used in Window Maker)
 * entranced/entrance (employs the architecture used in Enlightenment v.17, on hiatus since 2005)
 * LXDM, a lightweight cross-desktop and fully themeable display manager, part of LXDE
 * SLiM, an independent login manager.
 * CDM, an ultralight Console Display Manager for Unix
 * xlogin, X Window login with separate XDMCP server
 * Enter, a lightweight graphical login manager
 * Orthos, another lightweight solution with very configurable animated themes that use OpenGL only
 * nodm, auto-login display manager for systems like kiosks, appliances and mobile phones

On some Unix distributions, the default display manager is selected in file $PREFIX/etc/X11/default-display-manager.