Using Exceed with Kerberos

Exceed is an X window server which allows remote xterms and xsessions to be displayed on Windows 95/98/NT/2000/XP machines. This document explains the different options on how to use the Exceed X Windows Server at NCSA.

The problem with the start methods that come with Exceed is they use insecure methods of authentication (all passwords are in the clear over the network). So until the vendor enables the option of secure authentication here are alternative start methods that are secure.

The different options are:

Use the Kerberos rsh to make shortcuts
Open a SSH or Kerberos telnet session and use it to launch your X applications

For options requiring Kerberos binaries you can get these from the NCSA Kerberos Windows distribution page.

Making Shortcuts using the Kerberos rsh

You can make a shortcut to launch a remote X client by using the Kerberos rsh. In order to do this you would go to the folder C:\Program Files\NCSA\Kerberos 5 and make a shortcut to the program rsh.exe by right-clicking on it and dragging it to your desktop and then selecting Make Shortcut Here. Then edit this short cut by right-clicking on it and selecting Properties.

In the rsh Properties window, in the box labeled Target you want to append the name of the host you want the command to run on, and the command you want run. Some things to keep in mind:

You want to put the command in quotes(")
You probably need to specify the display you are running your X server. For example if you are running the Exceed X server on the host myhost.ncsa.uiuc.edu you need to add -display myhost.ncsa.uiuc.edu:0 to the command arguments. Under WindowsNT you should be able to specify %COMPUTERNAME%:0

For example to run an xterm on pecos back to myhost you would change the text in the Target box to look like:

"C:\Program Files\NCSA\Kerberos 5\rsh.exe" pecos "/usr/bin/X11/xterm -display myhost.ncsa.uiuc.edu:0"

You can also select Minimized in the Run box so that the a window does not appear when you start up the client.

You should then close the rsh Properties window by clicking on the OK box.

You can then rename your shortcut to a more descriptive name by right-clicking on it and selecting Rename.

Forwarding your ticket to the remote host

If you want to forward your Kerberos ticket to the remote host, one reason might be that you want an AFS token, specify -f in the options to rsh. For example:

"C:\Program Files\NCSA\Kerberos 5\rsh.exe" -f pecos "/usr/bin/X11/xterm -display myhost.ncsa.uiuc.edu:0"

Keeping the rsh's from showing up on the task bar

You might notice that with the above procedure there is a new task started in you taskbar every time you start a X client. If this clutters up your taskbar more than you would like you can avoid this by using the latest client distribution (from 1.01 or later) and specifying the --background option to rsh. So the xterm example above would look like:

"C:\Program Files\NCSA\Kerberos 5\rsh.exe" --background pecos "xterm -display myhost.ncsa.uiuc.edu:0"

This should cause the process not to create an instance on the taskbar.

Using an interactive session to launch your X clients

Another option is to open a Secure Shell or Kerberos telnet to a remote host from your PC. You can then use that session to launch your X clients back to your PC by setting the DISPLAY environment variable.

For example, if mypc is your PC running an exceed X server at mypc:0, and unixbox is a unix workstation you have access to, an example session might look like:

...connect to unixbox using Kerberos telnet or ssh...

% setenv DISPLAY mypc:0
% xclock &
% xterm &

.. and so forth...

Note:
To use exceed with ssh see the NCSA SSH page for details on getting ssh.

Back to NCSA Kerberos Information

Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu