Home    Posts    Tags    More   

[OpenBSD] Xenodm auto login

Introduction

I own a nas (openBSD on a NUC6CAYH) that is connected over a HDMI cable to a monitor, I am using that to watch video files hosted on that machine. This nas as located on a shelf with nothing else connected to it than the HDMI cable and an ethernet cable.

Before today, after a reboot, I needed to plug a keyboard and a mouse to manually login on xenodm and then open a terminal to type xhost +, which would allow anybody to connect to the X server (which is not a best practice at all).

All of that then allows me to connect over ssh, enter the command export DISPLAY=:0 and then use mpv to watch a video file.

In this post, I will explain how to automate:

• The login on xenodm
• the permission for a user logged over ssh to connect to the X server

Autologin xenodm

A single configuration line is needed in /etc/X11/xenodm/xenodm-config to automate the logging of a specific user:

DisplayManager.*.autoLogin: media

 DisplayManager.DISPLAY.autoLogin
         This resource specifies the name of an user that will be logged
         in automatically, without displaying the xlogin widget.

To avoid using a fully priviledge account, I created a new account media with no permission beside accessing the media files storage.

Here is the new xenodm-config file:

nas$ cat /etc/X11/xenodm/xenodm-config
! $OpenBSD: xenodm-config.in,v 1.5 2018/11/03 18:04:45 matthieu Exp $
!
DisplayManager.authDir: /etc/X11/xenodm
DisplayManager.errorLogFile: /var/log/xenodm.log
DisplayManager.servers: /etc/X11/xenodm/Xservers
DisplayManager*resources: /etc/X11/xenodm/Xresources
! All displays should use authorization, but we cannot be sure
! X terminals may not be configured that way, so they will require
! individual resource settings.
DisplayManager*authorize: true
!
DisplayManager*startup: /etc/X11/xenodm/Xstartup
DisplayManager*session: /etc/X11/xenodm/Xsession
DisplayManager*reset: /etc/X11/xenodm/Xreset
DisplayManager*authComplain: true
! The following three resources set up display :0 as the console.
DisplayManager._0.setup: /etc/X11/xenodm/Xsetup_0
DisplayManager._0.startup: /etc/X11/xenodm/GiveConsole
DisplayManager._0.reset: /etc/X11/xenodm/TakeConsole

DisplayManager.*.authName: MIT-MAGIC-COOKIE-1
DisplayManager.*.autoLogin: media

Enable X server connection

By creating a .xession file in the home directory of the user media, we can automaticly allow that any user connected on that machine can connect to the X server.

xhost local:nas

   [+]name The given name (the plus sign is optional) is added to the list
           allowed to connect to the X server.  The name can be a host
           name or a complete name (See NAMES for more details).

 [...]

   NAMES
       A complete name has the syntax ``family:name'' where the families are
       as follows:

       inet      Internet host (IPv4)
       inet6     Internet host (IPv6)
       dnet      DECnet host
       nis       Secure RPC network name
       krb       Kerberos V5 principal
       local     contains only one name, the empty string
       si        Server Interpreted


[...]

Here is the final /home/media/.xsession file

xhost local:nas
feh --bg-fill --no-fehbg /share/IMG_20231122_174448.jpg
cwm