The GDM daemon is responsible for managing displays on the system. This includes authenticating users, starting the user session, and terminating the user session. GDM is configurable and the ways it can be configured are described in the "Configuring GDM" section of this document. The Init, PostLogin, PreSession, and PostSession scripts discussed below are discussed in this "Configuring GDM section".
The GDM daemon supports a UNIX domain socket protocol which can be used to control aspects of its behavior and to query information. This protocol is described in the "Controlling GDM" section of this document.
GDM can be asked to manage a display a number of ways. Local displays are always managed when GDM starts and will be restarted when a user's session is finished. Displays can be requested via XDMCP, flexible displays can be requested by running the gdmflexiserver command. Displays that are started on request are not restarted on session exit. GDM also provides the gdmdynamic command to allow easier management of displays on a multi-user server. These display types are discussed further in the next section.
When the GDM daemon is asked to manage a display, it will fork an X server process, then run the Init script as the root user, and start the login GUI dialog as a slave process on the display. GDM can be configured to use either gdmgreeter (the default) or gdmlogin as the GUI dialog program. The gdmlogin program supports accessibility while the gdmgreeter program supports greater themeability. The GUI dialog is run as the unpriviledged "gdm" user/group which is described in the "Security" section below. The GUI dialog communicates with the daemon via a sockets protocol and via standard input/output. The slave, for example passes the username and password information to the GDM daemon via standard input/output so the daemon can handle the actual authentication.
The login GUI dialog screen allows the user to select which session they wish to start and which language they wish to use. Sessions are defined by files that end in the .desktop extension and more information about these files can be found in the "Configuration" section. The user enters their name and password and if these successfully authenticate, GDM will start the requested session for the user. It is possible to configure GDM to avoid the authentication process by turning on the Automatic or Timed Login features in the GDM configuration. The login GUI can also be configured to provide additional features to the user, such as the Face Browser; the ability to halt, restart, or suspend the system; and/or edit the login configuration (after entering the root password).
GDM, by default, will use Pluggable Authentication Modules (PAM) for authentication, but can also support regular crypt and shadow passwords on legacy systems. After authenticating a user, the daemon runs the PostLogin script as root, and forks a slave process to start the requested session. This slave process runs the PreSession script as root, sets up the users environment, and starts the requested session. GDM keeps track of the user's default session and language in the user's ~/.dmrc and will use these defaults if the user did not pick a session or language in the login GUI. On Solaris, GDM (since version 184.108.40.206) uses the SDTLOGIN interface after user authentication to tell the X server to be restarted as the user instead of as root for added security. When the users session exits, the GDM daemon will run the PostSession script as root.在Client端启动一个X server 终端的时候：