Friday Aug 22, 2008

OpenSolaris 2008.05 - X Display Redirect Problem

I am using OpenSolaris 2008.05 on my desktop and needed to run installer on remote UNIX system on regular basis. OpenSolaris settings by default weren't allowing me to redirect the X display to my work station when I use program like “rlogin” or “telnet”(Which by the way are NOT secure programs BUT some times you don't have choice). I could get around this problem using "ssh -X" and worked for me in most cases. But some cases, I needed telnet/rlogin and “X” Display redirect going.

Problem:

Hasham@hasham-pc:~$ hostname
hasham-pc
Hasham@hasham-pc:~$ xhost +
access control disabled, clients can connect from any host
Hasham@hasham-pc:~$ telnet 10.12.161.36
Trying 10.12.161.36...
Connected to 10.12.161.36.
Escape character is '\^]'.
login: root
Password:
Last login: Fri Aug 22 08:42:11 from hasham-pc.India
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.

-bash-3.00# echo $DISPLAY
hasham-pc:0.0
-bash-3.00# hostname
aa002
-bash-3.00# ping hasham-pc
hasham-pc is alive

-bash-3.00# /usr/openwin/bin/xclock
Error: Can't open display: hasham-pc:0.0
-bash-3.00#

Tried looking up in OpenSolaris forum and didn't fine any solution. This forum entry(http://forums.opensolaris.com/thread.jspa?threadID=350) was good starting point for me to troubleshoot. Verified that the service "x11-server" configuration is set to allow TCP_LISTEN (OpenSolaris 2008.05 has it enabled by default)

Hasham@hasham-pc:~$ svccfg -s x11-server listprop options/tcp_listen
options/tcp_listen boolean true

Started looking at the “Xorg” settings. Noticed that the “Xorg” process is starting with "nolisten tcp" option. See the argv[8] & argv[9] in the below output.

Hasham@hasham-pc:~# ps -ef|grep Xorg
root 13103 435 2 Aug 19 ? 8:25 /usr/X11/bin/Xorg :0 -depth 24 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten t
Hasham@hasham-pc:~# pargs 13103
13103: /usr/X11/bin/Xorg :0 -depth 24 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten t
argv[0]: /usr/X11/bin/Xorg
argv[1]: :0
argv[2]: -depth
argv[3]: 24
argv[4]: -audit
argv[5]: 0
argv[6]: -auth
argv[7]: /var/lib/gdm/:0.Xauth
argv[8]: -nolisten
argv[9]: tcp

After looking at the man page for “Xorg” & later “Xserver”, learnt that Xserver script is responsible for passings some of these arguments. I was hoping for Happy ending! Looked the Xserver script("/usr/X11/bin/Xserver) and everything appeared in order. The “Xserver script” is using "SMF" property(options/tcp_listen) to pass value. In this case, it was set to "true". No problem with “Xserver script” - No happy ending!

Are there any other SMF services related Xorg? The first thing to find out which service is responsible for starting Xorg process?

Hasham@hasham-pc:~$ svcs -p

...
online 10:03:36 svc:/application/graphical-login/gdm:default
10:03:36 471 gdm-binary
10:38:35 1959 gdm-binary
10:40:51 2136 Xorg
10:40:51 2160 fbconsole
10:42:49 2170 ctrun
...

"gdm" it is! Man "gdm" reveled the another set of configurations files involved - /usr/share/gdm/defaults.conf, /etc/X11/gdm/custom.conf ? After reading through these file, learned that you could change the run time options for Xserver using these files. Noted that you could use "gdmsetup" to alter the configuration instead of editing the files manually.

Hasham@hasham-pc:~# gdmsetup

Changed the setting under Security Tab
Before the Change:

Before

After the Change:

After

It adds the following entry to /etc/X11/gdm/custom.conf (Under security Section)
DisallowTCP=false

Restart X Server.(Logout and Login will do) We are good to go! X Display Redirect works fine now!

Summary of changes that were needed:


1. "options/tcp_listen" Setting for "x11-server" set to true (See below for listing and setting the value)
    List the Property Value:
    Hasham@hasham-pc:~$ svccfg -s x11-server listprop options/tcp_listen
    options/tcp_listen boolean true

    Changethe Property Value:(You need to be "root" for to change the settings)
    root@hasham-pc:~# svccfg -s x11-server setprop options/tcp_listen = true
2. Use "gdmsetup" and Uncheck "Deny TCP Connection to X Server" under Security Tab
3. Restart X Server (Logout and Login will do)

About

Hashamkha Pathan

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today