AllowRootAllowRoot=true
Allow root (privileged user) to log in through GDM.  Set this
to false if you want to disallow such logins.
On systems that support PAM, this parameter is not as useful
as you can use PAM to do the same thing, and in fact do even
more.  However it is still followed, so you should probably
leave it true for PAM systems.
AllowRemoteRootAllowRemoteRoot=true
Allow root (privileged user) to log in remotely through GDM.
This value should be set to true to allow such logins.
Remote logins are any logins that come in through the XDMCP.
On systems that support PAM, this parameter is not as useful
since you can use PAM to do the same thing, and do even
more.
AllowRemoteAutoLoginAllowRemoteAutoLogin=false
Allow the timed login to work remotely.  That is, remote
connections through XDMCP will be allowed to log into the
"TimedLogin" user by letting the login window time out, just
like the local user on the first console.
Note that this can make a system quite insecure, and thus is
off by default.
CheckDirOwnerCheckDirOwner=true
By default GDM checks the ownership of the home directories
before writing to them, this prevents security issues in case
of bad setup.  However in some instances home directories will
be owned by a different user and in this case it is necessary
to turn this option on.  You will also most likely have to
turn the RelaxPermissions key to at least
value 1 since in such a scenario home directories are likely
to be group writable.  Supported since 2.6.0.4.
DisallowTCPDisallowTCP=true
If true, then always append -nolisten tcp
to the command line
of local X servers, thus disallowing TCP connection.  This is
useful if you do not care for allowing remote connections,
since the X protocol could really be potentially a security
hazard to leave open, even though no known security problems
exist.
NeverPlaceCookiesOnNFSNeverPlaceCookiesOnNFS=true
Normally if this is true (which is by default), GDM will not
place cookies into the users home directory if this directory
is on NFS.  Well, GDM will consider any filesystem with
root-squashing an NFS filesystem.  Sometimes however the remote
file system can have root squashing and be safe (perhaps by
using encryption).  In this case set this to 'false'.  Note
that this option appeared in version 2.4.4.4 and is ignored in
previous versions.
RelaxPermissionsRelaxPermissions=0
By default GDM ignores files and directories writable to
other users than the owner.
Changing the value of RelaxPermissions makes it possible to
alter this behavior:
0 - Paranoia option. Only accepts user owned files and
directories.
1 - Allow group writable files and directories.
2 - Allow world writable files and directories.
RetryDelayRetryDelay=1
The number of seconds GDM should wait before reactivating the
entry field after a failed login.
UserMaxFileUserMaxFile=65536
GDM will refuse to read/write files bigger than this number
(specified in bytes).
In addition to the size check GDM is extremely picky about
accessing files in user directories.  It will not follow
symlinks and can optionally refuse to read files and
directories writable by other than the owner. See the
RelaxPermissions option for more info.
