SUMMARY: Restricting CDE access to ExceedNT.

From: Vishwas Kale (
Date: Fri Apr 24 1998 - 01:14:27 CDT

My original question was:
> We have PCs running NT4.0 and Exceed5.x. These are using CDE of one of our SUN
> machine. I want to restrict the access to CDE. At a given instance too many
> users start using it from their PCs. This reduces the speed. I want to choose
> the machines which should be able to use the CDE from this SUN machines. Is it
> possible? If yes How? If NO, can I restricts the number of machines which use
> CDE, at a given instance? (say 5 machines can use CDE, if sixth one comes, it
> will not be served.)

I am grateful to following persons for their time and response:
Jayant Ramakrishnan <>
"K.Ravi" <>
Mark Baldwin <> (Anthony Worrall)

They all pointed out to file called Xaccess. But the response from
Anthony Worrall was very descriptive and useful. It read as follows:

Controlling Access to the Login Server
By default, any host on your network that has access to your login server host
can request a login
screen be displayed. You can limit access to the login server by modifying the
Xaccess file.
To modify Xaccess, copy Xaccess from /usr/dt/config to
/etc/dt/config. After modifying /etc/dt/config/Xaccess, tell the login
server to reread Xaccess by typing:
/usr/dt/bin/dtconfig -reset
This issues the command kill -HUP login server process ID.

XDMCP Direct
When a host attempts to connect to the login server via XDMCP-direct, the host
name is
compared to the Xaccess entries to determine whether the host is allowed
access to the login
server. Each Xaccess entry is a host name including the wildcards * (asterisk)
and ?
(question mark). An * (asterisk) matches zero or more characters and a ?
(question mark)
matches any one character. An ! (exclamation point) prefacing an entry
disallows access, while
no preface allows access.
For example, say Xaccess contains the following three entries:
The first entry allows access to the login server from host, the
second entry allows access from any host whose full domain name ends in, and the last entry disallows access from any other host.

Thanks to all of them.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:38 CDT