For the general replacement of Xvnc by Xvfb+x11vnc, one user describes a similar setup he created here. It provides an XDM login interface instead of the -unixpw one normally used with x11vnc.

It is a somewhat odd usage mode in that as soon as the vncviewer exits (and hence x11vnc exits) the X session is terminated. The normal behavior with x11vnc -create is that the user explicitly logs out of his X session (e.g. Logout window manager action); the session is persistent over vncviewer (re-)connections. Perhaps this scheme is used to provide access to a demo or special application where it makes no sense to have a persistent session.

Using x11vnc to do this:

Note that for fun one can emulate the behavior described at the above link nearly entirely within x11vnc as follows:

Create a script file named, for example, /usr/local/bin/ containing:


/usr/local/bin/x11vnc -inetd -oa /var/tmp/xtest.log \
        -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp \
        -env X11VNC_CREATE_GEOM=${1:-1024x768x24} \
        -env HOME=/var/tmp/nobody \
        -ssl SAVE -http_ssl \
        -gone 'pkill -f "Xvfb.*`echo $DISPLAY | cut -d . -f 1`\>"'
and chmod 755 it. Modify the path to x11vnc if it is different. Adjust the default geometry and log file location if desired. Also make sure the directory /var/tmp/nobody exists and is owned by user nobody (e.g. run "chown nobody:nogroup /var/tmp/nobody" as root after creating the directory.)

Be sure to install the Xvfb program (e.g. "apt-get install xvfb".)

Be sure to enable localhost XDMCP queries on your system (see the bottom of this page.)

Then create the inetd line (an xinetd setting will look similar):

  5905    stream  tcp     nowait  nobody  /usr/local/bin/
Or have a special port for a different screen geometry or depth, for example:
  5906    stream  tcp     nowait  nobody  /usr/local/bin/ 1280x1024x16

The command could be run as user "root", but one might as well run it as user "nobody" as shown above. If you do run it as root, get rid of the HOME= setting in the script.

SSL:  Note that the use of "-ssl SAVE" in the script forces SSL Encryption. This is a good thing because otherwise the user's Unix password can be sniffed over the network (just like telnet(1).) The "-http_ssl" option serves a SSL enabled Java applet so the user can connect securely by putting (for the 5905 example above) https://hostname:5905/ into their Java-enabled Web Browser. For native VNC Viewer SSL connections one can try our SSVNC viewer.

It is really recommended to use SSL or SSH encryption for this connection scheme to protect the unix password from being sent in clear text over the network; if you remove the "-ssl SAVE -http_ssl" from the above x11vnc cmdline and do not use encryption you do so at your own risk!

Note how the -gone "pkill" command terminates the X session when the viewer disconnects. If your system does not have "pkill" the command would need to be modified to something that does the same thing.

So these X desktop sessions are "One Shot's", i.e. they are not persistent; they are killed as soon as the vncviewer disconnects. This may be useful in some situation where short duration desktops are to be provided (e.g. to access a demo application or data visualization.)

XDMCP Config:  Also, as discussed in the FAQ, you will need to configure the XDM/GDM/ETC to allow localhost XDMCP queries. More info here (e.g. you will need to edit /etc/gdm/gdm.conf or some file like that depending on your environment.)