Wer hat mich rausgeschmissen? Sicherheitslücke? [Archiv]

AndyRTR

30.12.04, 19:24

Hm. Wieso funktioniert dann beim reboot der automatische LogIn?

Unter Mandrake nutze ich den kdm

die Konfiguration sieht so aus: /etc/kde/kdm

# KDM master configuration file
#
# Definition: the greeter is the login dialog, i.e., the part of KDM
# which the user sees.
#
# You can configure every X-display individually.
# Every display has a display name, which consists of a host name
# (which is empty for local displays specified in the Xservers file),
# a colon and a display number. Additionally, a display belongs to a
# display class (which can be ignored in most cases; the control center
# does not support this feature at all).
# Sections with display-specific settings have the formal syntax
# "[X-" host [":" number [ "_" class ]] "-" sub-section "]"
# You can use the "*" wildcard for host, number and class. You may omit
# trailing components; they are assumed to be "*" then.
# The host part may be a domain specification like ".inf.tu-dresden.de".
# From which section a setting is actually taken is determined by these
# rules:
# - an exact match takes precedence over a partial match (for the host part),
# which in turn takes precedence over a wildcard
# - precedence decreases from left to right for equally exact matches
# Example: display name "myhost:0", class "dpy".
# [X-myhost:0_dpy] precedes
# [X-myhost:0_*] (same as [X-myhost:0]) precedes
# [X-myhost:*_dpy] precedes
# [X-myhost:*_*] (same as [X-myhost]) precedes
# [X-*:0_dpy] precedes
# [X-*:0_*] (same as [X-*:0]) precedes
# [X-*:*_*] (same as [X-*])
# These sections do NOT match this display:
# [X-hishost], [X-myhost:0_dec], [X-*:1], [X-:*]
# If a setting is not found in any matching section, the default is used.
#
# Every comment applies to the following section or key. Note, that all
# comments will be lost if you change this file with the kcontrol frontend.
# The defaults refer to KDM's built-in values, not anything set in this file.
#

[General]
# This option exists solely for the purpose of a clean automatic upgrade.
# Don't even think about changing it!
ConfigVersion=2.1
# If the value starts with a slash (/), it specifies the file, where X-servers
# to be used by KDM are listed; the file is in the usual XDM-Xservers format.
# Otherwise it's interpreted like one line of the Xservers file, i.e., it
# specifies exactly one X-server.
# Default is ":0 local@tty1 /usr/X11R6/bin/X vt7"
# XXX i'm planning to absorb this file into kdmrc, but i'm not sure how to
# do this best.
Xservers=/etc/X11/xdm/Xservers
# Where KDM should store its PID. Default is "" (don't store)
PidFile=/var/run/xdm.pid
# Whether KDM should lock the pid file to prevent having multiple KDM
# instances running at once. Leave it "true", unless you're brave.
#LockPidFile=false
# Where to store authorization files. Default is /var/run/xauth
#AuthDir=/tmp
# Whether KDM should automatically re-read configuration files, if it
# finds them having changed. Just keep it "true".
#AutoRescan=false
# Additional environment variables KDM should pass on to kdm_config, kdm_greet,
# Xsetup, Xstartup, Xsession, and Xreset. LD_LIBRARY_PATH is a good candidate;
# otherwise it shouldn't be necessary very often.
#ExportList=SOME_VAR,ANOTHER_IMPORTANT_VAR
# Where the command FiFos should be created. Make it empty to disable
# the FiFos. Default is /var/run/xdmctl
#FifoDir=/tmp
# To which group the command FiFos should belong.
# Default is -1 (effectively root)
#FifoGroup=xdmctl
# The directory kdm should store persistent working data in.
# Default is /var/lib/kdm
#DataDir=/var/lib/kdm
# The directory kdm should store users' .dmrc files in. This is only needed
# if the home directories are not readable before actually logging in (like
# with AFS). Default is ""
#DmrcDir=/nfs-shared/var/dmrcs

[Xdmcp]
# Whether KDM should listen to XDMCP requests. Default is true.
Enable=false
# The UDP port KDM should listen on for XDMCP requests. Don't change the 177.
#Port=177
# File with the private keys of X-terminals. Required for XDM authentication.
# Default is ""
#KeyFile=/usr/share/config/kdm/kdmkeys
# XDMCP access control file in the usual XDM-Xaccess format.
# Default is /usr/share/config/kdm/Xaccess
# XXX i'm planning to absorb this file into kdmrc, but i'm not sure how to
# do this best.
Xaccess=/etc/X11/xdm/Xaccess
# Number of seconds to wait for display to respond after the user has
# selected a host from the chooser. Default is 15.
#ChoiceTimeout=10
# Strip domain name from remote display names if it is equal to the local
# domain. Default is true
#RemoveDomainname=false
# Use the numeric IP address of the incoming connection instead of the
# host name. Use this on multihomed hosts. Default is false
#SourceAddress=true
# The program which is invoked to dynamically generate replies to XDMCP
# BroadcastQuery requests.
# By default no program is invoked and "Willing to manage" is sent.
Willing=/etc/X11/xdm/Xwilling

[Shutdown]
# The command to run to halt the system. Default is /sbin/halt
HaltCmd=/sbin/halt
# The command to run to reboot the system. Default is /sbin/reboot
RebootCmd=/sbin/reboot
# Whether one can shut down the system via the global command FiFo.
# Default is false
#AllowFifo=true
# Whether one can abort still running sessions when shutting down the system
# via the global command FiFo. Default is true
#AllowFifoNow=false
# Offer LiLo boot options in shutdown dialog. Default is false
UseLilo=true
# The location of the LiLo binary. Default is /sbin/lilo
LiloCmd=/sbin/lilo
# The location of the LiLo map file. Default is /boot/map
LiloMap=/boot/map

# Rough estimations about how many seconds KDM will spend at most on
# - opening a connection to the X-server (OpenTime):
# OpenRepeat * (OpenTimeout + OpenDelay)
# - starting a local X-server (ServerTime): ServerAttempts * ServerTimeout
# - starting a display:
# - local display: StartAttempts * (ServerTime + OpenTime)
# - remote/foreign display: StartAttempts * OpenTime

# Core config for all displays
[X-*-Core]
# How long to wait before retrying to start the display after various
# errors. Default is 15
#OpenDelay=
# How long to wait before timing out XOpenDisplay. Default is 120
#OpenTimeout=
# How often to try the XOpenDisplay. Default is 5
#OpenRepeat=
# Try at most that many times to start a display. If this fails, the display
# is disabled. Default is 4
#StartAttempts=
# The StartAttempt counter is reset after that many seconds. Default is 30
#StartInterval=
# Ping remote display every that many minutes. Default is 5
#PingInterval=
# Wait for a Pong that many minutes. Default is 5
#PingTimeout=
# Restart instead of resetting the local X-server after session exit.
# Use it if the server leaks memory, etc. Default is false
#TerminateServer=true
# The signal needed to reset the local X-server. Default is 1 (SIGHUP)
#ResetSignal=
# The signal needed to terminate the local X-server. Default is 15 (SIGTERM)
#TermSignal=
# Need to reset the X-server to make it read initial Xauth file.
# Default is false
#ResetForAuth=true
# Create X-authorizations for local displays. Default is true
#Authorize=false
# Which X-authorization mechanisms should be used.
# Default is MIT-MAGIC-COOKIE-1
#AuthNames=
# The name of this X-server's Xauth file. Default is "", which means, that
# a random name in the AuthDir directory will be used.
#AuthFile=
# Specify a file with X-resources for the greeter, chooser and background.
# The KDE frontend doesn't care for this, so you don't need it unless you
# use an alternative chooser or another background generator than kdmdesktop.
# Default is ""
Resources=/etc/X11/xdm/Xresources
# The xrdb program to use to read the above specified recources.
# Default is /usr/X11R6/bin/xrdb
#Xrdb=
# A program to run before the greeter is shown. You should start kdmdesktop
# there. Also, xconsole can be started by this script.
# Default is ""
Setup=/etc/X11/xdm/Xsetup_0
# A program to run before a user session starts. You should invoke sessreg
# there and optionally change the ownership of the console, etc.
# Default is ""
Startup=/etc/X11/xdm/GiveConsole
# A program to run after a user session exits. You should invoke sessreg
# there and optionally change the ownership of the console, etc.
# Default is ""
Reset=/etc/X11/xdm/TakeConsole
# The program which is run as the user which logs in. It is supposed to
# interpret the session argument (see SessionsDirs) and start an appropriate
# session according to it.
# Default is /usr/X11R6/bin/xterm -ls -T
Session=/etc/X11/xdm/Xsession
# The program to run if Session fails.
# Default is /usr/X11R6/bin/xterm
#FailsafeClient=
# The PATH for the Session program. Default is
# /bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin
UserPath=/usr/bin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin/
# The PATH for Setup, Startup and Reset, etc. Default is
# /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin
SystemPath=/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin/
# The default system shell. Default is /bin/sh
#SystemShell=/bin/bash
# Where to put the user's X-server authorization file if ~/.Xauthority
# cannot be created. Default is /tmp
#UserAuthDir=
# If "true", KDM will automatically restart a session after an X-server
# crash (or if it is killed by Alt-Ctrl-BackSpace). Note, that enabling
# this opens a security hole: a secured display lock can be circumvented
# (unless you use KDE's built-in screen lock). Default is false
AutoReLogin=false
# Allow root logins? Default is true
AllowRootLogin=false
# Allow to log in, when user has set an empty password? Default is true
AllowNullPasswd=false
# Who is allowed to shut down the system. This applies both to the
# greeter and to the command FiFo. Default is All
# "None" - no "Shutdown..." button is shown at all
# "Root" - the root password must be entered to shut down
# "All" - everybody can shut down the machine (Default)
AllowShutdown=All
# Who is allowed to abort all still running sessions when shutting down.
# Same options as for AllowShutdown. Default is All
#AllowSdForceNow=Root
# The default choice for the shutdown condition/timing.
# "Schedule" - shutdown after all sessions exit (possibly at once) (Default)
# "TryNow" - shutdown, if no sessions are open, otherwise do nothing
# "ForceNow" - shutdown unconditionally
#DefaultSdMode=ForceNow
# If this is false the user must select the shutdown condition/timing already
# in the shutdown dialog. If this is true he won't be bothered with the options,
# but will be asked what to do if sessions are actually open. Default is true
# NOTE: the interaction is currently not implemented. If this is set to true,
# a normal forced shutdown will happen (without caring for the AllowSdForceNow
# option!), i.e., KDM will behave exactly as before KDE 3.0.
#InteractiveSd=false
# The directories containing session type definitions in .desktop format.
# Default is /usr/share/apps/kdm/sessions
#SessionsDirs=/etc/X11/sessions,/usr/share/xsessions

# Greeter config for all displays
[X-*-Greeter]
# Widget style of the greeter. "" means the built-in default which currently
# is "Keramik". Default is ""
GUIStyle=Galaxy
# Widget color scheme of the greeter. "" means the built-in default which
# currently is quite greyish. Default is ""
ColorScheme=Galaxy
# What should be shown righthand of the input lines:
# "Logo" - the image specified by LogoPixmap (Default)
# "Clock" - a neat analog clock
# "None" - nothing
LogoArea=None
# The image to show when LogoArea=Logo. Default is kdelogo.png
LogoPixmap=
# Normally, the greeter is centered on the screen. Use this, if you want
# it to appear elsewhere on the screen. Default is false
GreeterPosFixed=false
GreeterPosX=0
GreeterPosY=0
# The headline in the greeter.
# The following character pairs are replaced:
# - %d -> current display
# - %h -> host name, possibly with domain name
# - %n -> node name, most probably the host name without domain name
# - %s -> the operating system
# - %r -> the operating system's version
# - %m -> the machine (hardware) type
# - %% -> a single %
# Default is "Welcome to %s at %n"
GreetString=Willkommen zu %n
# The font for the headline. Default is charter,20,bold
GreetFont=Sans,24,-1,5,50,0,0,0,0,0
# The normal font used in the greeter. Default is helvetica,10
StdFont=Sans,12,-1,5,50,0,0,0,0,0
# The font used for the "Login Failed" message. Default is helvetica,10,bold
FailFont=Sans,12,-1,5,75,0,0,0,0,0
# Whether the fonts shown in the greeter should be antialiased. Default is false
AntiAliasing=true
# What to do with the Num Lock modifier for the time the greeter is running:
# "On" -> - turn on
# "Off" -> - turn off
# "Keep" -> - don't change the state (Default)
#NumLock=Off
# Language to use in the greeter. Default is en_US
Language=de
# Specify, which user names (along with pictures) should be shown in the
# greeter.
# "NotHidden" - all users except those listed in HiddenUsers (Default)
# "Selected" - only the users listed in SelectedUsers
# "None" - no user list will be shown at all
ShowUsers=All
# For ShowUsers=Selected. Default is ""
SelectedUsers=
# For ShowUsers=NotHidden. Default is ""
HiddenUsers=nobody,root
# Special case of HiddenUsers: users with a UID less than this number
# (except root) will not be shown as well. Default is 0
MinShowUID=500
# Complement to MinShowUID: users with a UID greater than this number will
# not be shown as well. Default is 65535
MaxShowUID=65535
# If false, the users are listed in the order they appear in /etc/passwd.
# If true, they are sorted alphabetically. Default is true
SortUsers=true
# Specify, where the users' pictures should be taken from.
# "AdminOnly" - from <FaceDir>/$USER.face[.icon] (Default)
# "UserOnly" - from the user's $HOME/.face[.icon]
# "PreferAdmin" - prefer <FaceDir>, fallback on $HOME
# "PreferUser" - ... and the other way round
#FaceSource=PreferUser
# The directory containing the user images if FaceSource is not UserOnly.
# Default is /usr/share/apps/kdm/faces
#FaceDir=/usr/share/faces
# Specify, if/which user should be preselected for log in.
# Note, that enabling this feature can be considered a security hole,
# as it presents a valid login name to a potential attacker, so he "only"
# needs to guess the password.
# "None" - don't preselect any user (Default)
# "Previous" - the user which successfully logged in last time
# "Default" - the user specified in the DefaultUser field
PreselectUser=Previous
# The user to preselect if PreselectUser=Default
#DefaultUser=ethel
# If this is true, the password input line is focused automatically if
# a user is preselected. Default is false
FocusPasswd=false
# The password input fields cloak the typed in text. Specify, how to do it:
# "NoEcho" - nothing is shown at all, the cursor doesn't move
# "OneStar" - "*" is shown for every typed letter (Default)
# "ThreeStars" - "***" is shown for every typed letter
EchoMode=OneStar
# If true, krootimage will be automatically started by KDM. Otherwise, the
# Setup script should be used to setup the background. Default is true
#UseBackground=false
# The configuration file to be used by krootimage.
# Default is /usr/share/config/kdm/backgroundrc
#BackgroundCfg=
# Hold the X-server grabbed the whole time the greeter is visible. This
# may be more secure, but it will disable any background and other
# X-clients started from the Setup script. Default is false
#GrabServer=true
# How many seconds to wait for grab to succeed. Default is 3
#GrabTimeout=
# Use this number as a random seed when forging saved session types, etc. of
# unknown users. This is used to avoid telling an attacker about existing users
# by reverse conclusion. This value should be random but constant across the
# login domain. Default is 0
ForgingSeed=1069108915
# Specify greeter plugins that can be used to obtain authentication data.
# This can be a plugin's base name (expands to $kde_modulesdir/kgreet_$base)
# or a full pathname. Default is classic
#PluginsLogin=sign
# Same as PluginsLogin, but for the shutdown dialog.
#PluginsShutdown=modern
# A list of options of the form Key=Value. The conversation plugins can query
# these settings; it's up to them what possible keys are.
#PluginOptions=SomeKey=randomvalue,Foo=bar
# Show the "Console Login" action in the greeter (when the respective @tty
# entry exists in Xservers). Default is true
#AllowConsole=false
# Show the "Restart X Server"/"Close Connection" action in the greeter.
# Default is false
#AllowClose=true
# Warn, if local X-authorization cannot be created. Default is true
# XXX this is a dummy currently
AuthComplain=false

# Core config for local displays
[X-:*-Core]
# How often to try to run the X-server. Running includes executing it and
# waiting for it to come up. Default is 1
#ServerAttempts=
# How long to wait for a local X-server to come up. Default is 15
#ServerTimeout=
# See above
AllowShutdown=All
# See above
AllowRootLogin=true
# See above
AllowNullPasswd=true
# Enable password-less logins on this display. USE WITH EXTREME CARE!
# Default is false
NoPassEnable=false
# The users that don't need to provide a password to log in. NEVER list root!
# Default is ""
NoPassUsers=

# Greeter config for local displays
[X-:*-Greeter]
# See above
#AuthComplain=false
# The screen the greeter should be displayed on in multi-headed setups.
# The numbering starts with 0 and corresponds to the listing order in the
# active ServerLayout section of XF86Config. -1 means to use the upper-left
# screen, -2 means to use the upper-right screen. Default is 0
#GreeterScreen=-1
# Specify whether the greeter of local displays should start up in host chooser
# (remote) or login (local) mode and whether it is allowed to switch to the
# other mode.
# "LocalOnly" - only local login possible (Default)
# "RemoteOnly" - only choice of remote host possible
# "DefaultLocal" - start up in local mode, but allow switch to remote mode
# "DefaultRemote" - ... and the other way round
LoginMode=DefaultLocal
# A list of hosts to be automatically added to the remote login menu. The
# special name "*" means broadcast. Default is "*"
#ChooserHosts=*,ugly,sky,dino,kiste.local,login.cr ap.com

# Core config for 1st local display
[X-:0-Core]
# Enable automatic login on this display. USE WITH EXTREME CARE!
# Default is false
AutoLoginEnable=true
# The user to log in automatically. NEVER specify root! Default is ""
#AutoLoginUser=fred
# The password for the user to log in automatically. This is NOT required
# unless the user is to be logged into a NIS or Kerberos domain. If you use
# it, you should "chmod 600 kdmrc" for obvious reasons. Default is ""
#AutoLoginPass=secret!
# See above
Authorize=true

# Greeter config for 1st local display
AutoLoginUser=andyrtr
[X-:0-Greeter]
# See above
#PreselectUser=Default
# See above
#DefaultUser=johndoe

[X-:1-Core]
# See above
Authorize=true

Ich verweise mal auf mandrakeuser.de um das nicht doppelt hier einzutragen.

Post bei www.mandrakeuser.de (http://mandrakeuser.de/phpBB/viewtopic.php?t=8642&start=0&postdays=0&postorder=asc&highlight=)

Bin etwas ratlos.