Can´t get a remote desktop login through CDE

UNIX HP-UX
1

Hi all,

I can�t get a remote desktop login through CDE only with root user.
There are messages in the Xerror file:
/usr/bin/X11/xset: bad font path element (#0), possible causes are:
Directory does not exist or has wrong permissions
Directory missing fonts.dir
Incorrect font server address or syntax
X connection to 110.10.1.9:0.0 broken (explicit kill or server shutdown).

It seems a font problem, however, if I try to login with other user it can get a remote desktop without troubles.

I restarted the dtlogin.rc and dtconfig services, even I renamed the .dt directory, but the application didn�t create a new .dt

Should I configure another file?

My OS is HP-UX B.11.31 U ia64

Thanks in advanced.

DASM

2

It sounds like root's home '/' lacks the X resource files that other users have.

3

Hi DGPickett,

That�s true.
I compared the files in the root home with other users and there are missing three files:
.ICEauthority
.TTauthority
.Xauthority

I created them but it didn�t work.
Maybe if I modify or copy some files it could be work.
But what files could be?

Any suggestions?

Regards.

DASM

4

Permissions are very important. This bit I googled up shows how to defeat the very sensible automatic default restriction against remote root login:

XDMCP

1 Like
5

Some admins ( I am one of them...) do not allow root via xdmcp, the reason is:
What is the point of securing a box - Not allowing root connection except console if you can connect via XDMCP?
I suppose there are many ways to succeed in restricting the access, I forgot how I did (years ago...) and became more tolerant when I found out I was one of the very few knowing how to use XDMCP ( disabling CDE on servers I would not XDMCP was far easier...)
That said, It can be painkilling to find out why CDE refuses its services...( I spent days some times...) so my advise would be to see if you have it and if yes:
use /usr/contrib/bin/X11/dr_dt

At the end of the output from this script a summary will appear:

         Dr_dt finished with:

         [num] ERROR messages
         [num] WARNING messages

The ERROR and WARNING messages must be resolved before CDE will run properly.

What do you have in:

$HOME/.dt/errorlog
$HOME/.dt/startlog

The second is interesting for you should try to compare the content with one of a user which has CDE working...

Do you have a /etc/dt/config/Xaccess file?

6

Best Practices of people you might trust with root in production are to stay out of root as much as possible (familiarity breeds contempt and disaster, like "rm -rf *" in the wrong window). Think "su - root -c 'something-I-need-to-do'". If you need to do it again, it is in your shell history.

Good security practices say you record who goes into root on every virtual host every time. A log of what they do can be nice, too.

If these practices get in your way, consider making admin IDs to do some of the things you do as root, perhaps using group permissions as they were intended. There are already too many various tasks under root. I recently found periodic new root-owned zero-length core dump files on a prod system's SAN mounts -- which app is crashing on which machine?