Inchoate Curmudgeon

I’ve been configuring a Solaris 11 build 48 (Nevada) virtual machine for a few days now, and have run into a couple of items Mr. Google was less than helpful with. I believe some of this has to do with the typical audience that tackles such things: there’s not much advice for the novice. I’m a novice.

At any rate, I needed a configuration that supports XDMCP, and remote root access. I had tackled some of this before in bits and pieces, but here it is all together, with some bits dealing with Service Management Facility (SMF), the newer facility for managing network services introduced in Solaris 10.

One important note, enabling XDCMP in general, and certainly enabling XDCMP for remote root access is a big security risk. This is for my lab network, in my house, behind a firewall. I hope I’m safe here, but you never know these days.

All of these steps should be via ssh or the console rather than an X login session, since one of the steps restarts the service. To enable root ssh access, edit the /etc/ssh/sshd_config file and change “PermitRootLogin” to “yes” and pkill -HUP sshd.

In Nevada, the default X11 login service, dtlogin, is fully integrated into SMF, so this appears to be the way to configure dtlogin to listen on the default port. The out of the box configuration shows the dtlogin daemon running with the parameter “-udpPort 0″ which, by design, disables remote X11 login. You can see this with the following svccfg command:

svccfg -s cde-login listprop dtlogin/args

You can leave off the “dtlogin/args” bit to see all the properties configured on the cde-login service. This needs to be unset. Since I’m not sure what scripts might barf if the property is deleted, I set it to an empty string instead.

Note there may be a way to set this parameter in the traditional configuration file, which is /usr/dt/config/Xconfig, but this does not automagically update the SMF property for the dtlogin service as managed by SMF. There may be some script to update the SMF from the traditional configuration file, but I’ve not figured that out. To set the parameter to a string with a space in it, type the following:

svccfg -s cde-login setprop dtlogin/args = astring: \” \”

The next step is to restart the service so it re-reads the configuration.

svcadm restart cde-login

If you grep ps -ef output for dtlogin, you should see dtlogin running without the udpPort parameter.

Now, for root access. This last bit is surely something anyone but the most novice administrator would know, but there you go, and there I am. I’ve actually run into this before but can never seem to remember it. Open the /etc/default/login file and comment the line that says “CONSOLE=/dev/console”, and there you go. You should be able to get access to your Solaris instance via XDMCP with a normal user or root. Do try this at home, but not anywhere else.

Trackback URI | Comments RSS