This is part of my documentation for VNC under RHEL-4. All of the configuration file changes below were originally formatted as "diff -u" patches. Email may have mangled them, so beware. I assume standard gnome desktop packages have been installed, if you want another desktop manager you'll have to figure out how to configure that yourself. I frequently use vncviewer -via secure.vnc.host localhost:50 to tunnel VNC over an SSH session Here's the text: =Managing VNC Sessions With Xinetd= There is an old protocol for managing remote displays on X-Terminals called XDMCP (X11 Display Manager Control Protocol). Never heard of an X-Terminal? Well, that's no surprise... X-Terminals are sooo 20-th century... Everybody calls them Thin Clients now. Fortunately, old protocols never die and every once in a while we get to recycle them. What we are going to do is configure a VNC service that's controlled by XInetd. That way, a VNC server process only gets started when somebody asks for one... And since we're enabling XDMCP support for the Gnome Display Manager (GDM), each VNC client connection will get a graphical gdm login screen. It doesn't result in a persistent session, but it's much easier to configure and maintain. ==Linux Configuration Files== ===/etc/X11/xdm/xdm-config=== --- /etc/X11/xdm/xdm-config 2006/02/14 04:33:24 1.1 +++ /etc/X11/xdm/xdm-config 2006/02/14 04:33:58 @@ -29,4 +29,4 @@ ! SECURITY: do not listen for XDMCP or Chooser requests ! Comment out this line if you want to manage X terminals with xdm -DisplayManager.requestPort: 0 +!DisplayManager.requestPort: 0 ===/etc/X11/xdm/Xaccess=== --- /etc/X11/xdm/Xaccess 2006/02/14 04:36:27 1.1 +++ /etc/X11/xdm/Xaccess 2006/02/14 04:36:39 @@ -37,7 +37,7 @@ # right hand sides can match. # -# * #any host can get a login window +* #any host can get a login window # # To hardwire a specific terminal to a specific host, you can ===/etc/X11/gdm/gdm.conf=== ====Enabling XDMCP access for VNC clients==== --- gdm.conf 2006/02/14 04:39:09 1.1 +++ gdm.conf 2006/04/05 17:07:05 1.2 @@ -207,7 +207,7 @@ # allow local access is another alternative but not the safest. # Firewalling port 177 is the safest if you wish to have xdmcp on. # Read the manual for more notes on the security of XDMCP. -Enable=false +Enable=true # Honour indirect queries, we run a chooser for these, and then redirect # the user to the chosen host. Otherwise we just log the user in locally. #HonorIndirect=true ====Supporting X11 connections over TCP==== This is normally disabled, but as long as you're on a protected network it's convenient to run X11-based programs on remote hosts and display them locally. It is possible to do this over SSH, but there is some overhead... --- gdm.conf 2006/04/05 17:07:05 1.2 +++ gdm.conf 2006/04/05 17:07:52 @@ -187,7 +187,7 @@ # Note: Anytime we find a -query or -indirect on the command line we do # not add a "-nolisten tcp", as then the query just wouldn't work, so # this setting only affects truly local sessions. -#DisallowTCP=true +DisallowTCP=false # By default never place cookies if we "detect" NFS. We detect NFS # by detecting "root-squashing". It seems bad practice to place # cookies on things that go over the network by default and thus we ===/etc/services=== --- /etc/services 2006/02/14 04:40:03 1.1 +++ /etc/services 2006/02/14 04:40:51 @@ -577,4 +577,6 @@ fido 60179/udp # Ifmail # Local services - +# +vnc-1280x1024 5950/tcp # VNC @ 1280x1024 +# ===/etc/xinetd.d/xvncserver=== service vnc-1280x1024 { protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 24 securitytypes=none } ==Restarting The Gnome Display Manager== The easiest way to do this is to log into a text console (Ctrl-Alt-F1), and running these commands init 3 init 5 /sbin/service xinetd stop /sbin/service xinetd start