On Thu, Jan 28, 2016 at 01:08:24PM -0500, ken wrote:
On 01/28/2016 11:10 AM, Jonathan Billings wrote:
just add an [xdmcp] section to /etc/gdm/custom.conf.
And that would be what exactly and on which machine?
I believe all you need is:
[xdmcp] Enable=true
in the /etc/gdm/custom.conf of the host running gdm, which in your case would be the headless server. I believe you also need a
[servers] 0=inactive
...to disable gdm from starting up an X server on the headless system. No need for it to be wasting resources.
A sloppy or inaccurate configuration (which I'm sure we've all seen enough of) is a security risk as well, one which passwords don't always fix. Simplicity mitigates against that. For this reason, again, I'd prefer not to complicate things with an encryption system.
If it's the only way you know how to do it, and if no one else here knows either, then I'd consider it. But it would be better without it.
Ok, well, whatever, its up to you to evaluate risk. If sending plaintext usernames, passwords, and all keystrokes over the net in the clear is fine for you, then that's on your head.
Which port are you saying should be opened up?
xdmcp is port 177, udp.
You should be able to test it by running from your laptop:
Xephyr -query <headless-server> :1
That way you don't have to actually kill your existing X session.
By the way, CentOS7's gdm doesn't support XDMCP, so you have to switch to lightdm or xdm if you wanted it to be the XDMCP server. But CentOS5's gdm should work fine, so in this situation, you're in luck.
What I do:
Where I work, I provide a remote graphical service to our students and researchers, and it uses a VNC and SSH client on the desktop, and lightdm (for xdmcp), sshd and a systemd socket running Xvnc -inetd to provide the graphical login. Performance is fine, particularly over a local LAN. With TigerVNC on both the server and clients, it even supports glx client-side.