TigerVNC or compatible viewers. Unlike \fBXvnc\fP(1), it does not create a
virtual display. Instead, it just shares an existing X server (typically,
that one connected to the physical screen).
+
+XDamage will be used if the existing X server supports it. Otherwise
+.B x0vncserver
+will fall back to polling the screen for changes.
.SH OPTIONS
.B x0vncserver
interprets the command line as a list of parameters with optional values.
.TP
.B SecurityTypes
Specify which security scheme to use for incoming connections. Valid values
-are \fBNone\fP and \fBVncAuth\fP. Default is \fBVncAuth\fP.
+are a comma separated list of \fBNone\fP, \fBVncAuth\fP, \fBPlain\fP,
+\fBTLSNone\fP, \fBTLSVnc\fP, \fBTLSPlain\fP, \fBX509None\fP, \fBX509Vnc\fP
+and \fBX509Plain\fP. Default is \fBVncAuth,TLSVnc\fP.
.TP
-.B PasswordFile
+.B rfbauth, PasswordFile
Password file for VNC authentication. There is no default, you should
specify the password file explicitly. Password file should be created with
the \fBvncpasswd\fP(1) utility.
access the server. Using this parameter is insecure, use \fBPasswordFile\fP
parameter instead.
.TP
+.B PlainUsers
+A comma separated list of user names that are allowed to authenticate via
+any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
+to allow any user to authenticate using this security type. Default is to
+deny all users.
+.TP
+.B pam_service
+PAM service name to use when authentication users using any of the "Plain"
+security types. Default is \fBvnc\fP.
+.TP
+.B x509cert
+Path to a X509 certificate in PEM format to be used for all X509 based
+security types (X509None, X509Vnc, etc.).
+.TP
+.B x509key
+Private key counter part to the certificate given in \fBx509cert\fP. Must
+also be in PEM format.
+.TP
.B BlacklistThreshold
The number of unauthenticated connection attempts allowed from any individual
host before that host is black-listed. Default is 5.
\fBVideoArea\fP parameter will take effect. If the argument is empty, no
video area is set (this is the default).
.TP
-.B VideoPriority
-Specify the priority of sending video updates. \fBx0vncserver\fP can be
-instructed to treat certain rectangular part of the screen as a video area
-and handle it in a special way for improved performance (see documentation on
-the \fBVideoArea\fP parameter). \fBVideoPriority\fP value controls how often
-video area will be sent to clients as compared to the rest of the screen.
-The priority must be an integer between 0 and 8, and the default value is 2.
-
-\fBVideoPriority\fP set to 1 gives the same priority both to video and to
-other pixels. Higher values give more priority to video. For example, the
-value 5 specifies that the rate of sending video will be five times higher
-than the rate of updating the rest of the screen. If \fBVideoPriority\fP is
-set to 0, it gives equal priority to video and other updates (just like the
-value 1) and also disables special encoding for video data. In other words,
-\fBVideoPriority\fP video area will be sent as a part of other screen
-contents.
+.B DeferUpdate
+x0vncserver uses a "deferred update" mechanism which enhances performance in
+many cases. After any change to the framebuffer, x0vncserver waits for this
+number of milliseconds (default 1) before sending an update to any waiting
+clients. This means that more changes tend to get coalesced together in a
+single update. Setting it to 0 results in the same behaviour as earlier
+versions of x0vncserver, where the first change to the framebuffer causes an
+immediate update to any waiting clients.
+.TP
+.B AlwaysSetDeferUpdateTimer
+Keep delaying sending the screen update to the client(s) each time the
+screen is updated. Otherwise the delay is from the first update. Default
+is off.
.TP
.B CompareFB
-Perform pixel comparison on framebuffer to reduce unnecessary updates.
-Default is on.
+Perform pixel comparison on framebuffer to reduce unnecessary updates. Can
+be either \fB0\fP (off), \fB1\fP (always) or \fB2\fP (auto). Default is
+\fB2\fP.
.TP
.B UseSHM
Use MIT-SHM extension if available. Using that extension accelerates reading
screen (the default X visual often provides 256 colors). Also, in overlay
mode, \fBx0vncserver\fP can show correct mouse cursor. Default is on.
.TP
-.B UseHardwareJPEG
-Use hardware-accelerated JPEG compressor for video if available.
-\fBx0vncserver\fP can be instructed to treat certain rectangular part of the
-screen as a video area and handle it in a special way for improved
-performance. If the client supports Tight encoding and JPEG compression,
-such video areas will be sent as JPEG-encoded rectangles. And if this option
-is on, compression will be hardware-accelerated (currently, supported only in
-SGI/IRIX equipped with appropriate hardware). Default is on.
-.TP
.B ZlibLevel
Zlib compression level for ZRLE encoding (it does not affect Tight encoding).
Acceptable values are between 0 and 9. Default is to use the standard
.B ClientWaitTimeMillis
The number of milliseconds to wait for a client which is no longer
responding. Default is 20000.
+.TP
+.B AcceptCutText
+.TQ
+.B SendCutText
+.TQ
+.B MaxCutText
+Currently unused.
.SH SEE ALSO
.BR Xvnc (1),
.BR vncpasswd (1),
.B \-interface \fIIP address\fP or \-i \fIIP address\fP
Listen on interface. By default Xvnc listens on all available interfaces.
-.TP
-.B \-cc 3
-As an alternative to the default TrueColor visual, this allows you to run an
-Xvnc server with a PseudoColor visual (i.e. one which uses a color map or
-palette), which can be useful for running some old X applications which only
-work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor)
-for the \-cc option may result in strange behaviour, and PseudoColor desktops
-must be 8 bits deep (i.e. \fB-depth 8\fP).
-
.TP
.B \-inetd
This significantly changes Xvnc's behaviour so that it can be launched from
fly via \fBvncpasswd\fP(1).
.TP
-.B \-deferUpdate \fItime\fP
+.B \-DeferUpdate \fItime\fP
Xvnc uses a "deferred update" mechanism which enhances performance in many
cases. After any change to the framebuffer, Xvnc waits for this number of
milliseconds (default 1) before sending an update to any waiting clients. This
Xvnc, where the first change to the framebuffer causes an immediate update to
any waiting clients.
+.TP
+.B \-AlwaysSetDeferUpdateTimer
+Keep delaying sending the screen update to the client(s) each time the
+screen is updated. Otherwise the delay is from the first update. Default
+is off.
+
.TP
.B \-SendCutText
Send clipboard changes to clients (default is on). Note that you must also run
Accept clipboard updates from clients (default is on). Note that you must also
run \fBvncconfig\fP(1) to get the clipboard to work.
+.TP
+.B \-MaxCutText \fIbytes\fP
+The maximum size of a clipboard update that will be accepted from a client.
+Default is \fB262144\fP.
+
.TP
.B \-AcceptPointerEvents
Accept pointer press and release events from clients (default is on).
Perform pixel comparison on framebuffer to reduce unnecessary updates (default
is on).
+.TP
+.B \-ZlibLevel
+Zlib compression level for ZRLE encoding (it does not affect Tight encoding).
+Acceptable values are between 0 and 9. Default is to use the standard
+compression level provided by the \fBzlib\fP(3) compression library.
+
+.TP
+.B \-ImprovedHextile
+Use improved compression algorithm for Hextile encoding which achieves better
+compression ratios by the cost of using slightly more CPU time. Default is
+on.
+
.TP
.B \-SecurityTypes \fIsec-types\fP
-Specify which security schemes to use separated by commas. At present only
-"None" and "VncAuth" are supported. The default is "VncAuth" - note that if
-you want a server which does not require a password, you must set this
-parameter to "None".
+Specify which security scheme to use for incoming connections. Valid values
+are a comma separated list of \fBNone\fP, \fBVncAuth\fP, \fBPlain\fP,
+\fBTLSNone\fP, \fBTLSVnc\fP, \fBTLSPlain\fP, \fBX509None\fP, \fBX509Vnc\fP
+and \fBX509Plain\fP. Default is \fBVncAuth,TLSVnc\fP.
+
+.TP
+.B \-Password \fIpassword\fP
+Obfuscated binary encoding of the password which clients must supply to
+access the server. Using this parameter is insecure, use \fBPasswordFile\fP
+parameter instead.
+
+.TP
+.B \-PlainUsers \fIuser-list\fP
+A comma separated list of user names that are allowed to authenticate via
+any of the "Plain" security types (Plain, TLSPlain, etc.). Specify \fB*\fP
+to allow any user to authenticate using this security type. Default is to
+deny all users.
+
+.TP
+.B \-pam_service \fIname\fP
+PAM service name to use when authentication users using any of the "Plain"
+security types. Default is \fBvnc\fP.
+
+.TP
+.B \-x509cert \fIpath\fP
+Path to a X509 certificate in PEM format to be used for all X509 based
+security types (X509None, X509Vnc, etc.).
+
+.TP
+.B \-x509key \fIpath\fP
+Private key counter part to the certificate given in \fBx509cert\fP. Must
+also be in PEM format.
+
+.TP
+.B \-BlacklistThreshold \fIcount\fP
+The number of unauthenticated connection attempts allowed from any individual
+host before that host is black-listed. Default is 5.
+
+.TP
+.B \-BlacklistTimeout \fIseconds\fP
+The initial timeout applied when a host is first black-listed. The host
+cannot re-attempt a connection until the timeout expires. Default is 10.
.TP
.B \-IdleTimeout \fIseconds\fP
The number of seconds after which an idle VNC connection will be dropped
(default is 0, which means that idle connections will never be dropped).
+.TP
+.B \-MaxDisconnectionTime \fIseconds\fP
+Terminate when no client has been connected for \fIN\fP seconds. Default is
+0.
+
+.TP
+.B \-MaxConnectionTime \fIseconds\fP
+Terminate when a client has been connected for \fIN\fP seconds. Default is
+0.
+
+.TP
+.B \-MaxIdleTime \fIseconds\fP
+Terminate after \fIN\fP seconds of user inactivity. Default is 0.
+
.TP
.B \-QueryConnect
Prompts the user of the desktop to explicitly accept or reject incoming
\fBXvnc\fP(1) program. The \fBx0vncserver\fP(1) program does not require
\fBvncconfig\fP(1) to be running.
+.TP
+.B \-QueryConnectTimeout \fIseconds\fP
+Number of seconds to show the Accept Connection dialog before rejecting the
+connection. Default is \fB10\fP.
+
.TP
.B \-localhost
Only allow connections from the same machine. Useful if you use SSH and want to
-stop non-SSH connections from any other hosts. See the guide to using VNC with
-SSH on the web site.
+stop non-SSH connections from any other hosts.
.TP
-.B \-log \fIlogname\fP:\fIdest\fP:\fIlevel\fP
+.B \-Log \fIlogname\fP:\fIdest\fP:\fIlevel\fP
Configures the debug log settings. \fIdest\fP can currently be \fBstderr\fP or
\fBstdout\fP, and \fIlevel\fP is between 0 and 100, 100 meaning most verbose
output. \fIlogname\fP is usually \fB*\fP meaning all, but you can target a
.IP "" 10
RemapKeys=0x22<>0x40
+.TP
+.B \-AvoidShiftNumLock
+Key affected by NumLock often require a fake Shift to be inserted in order
+for the correct symbol to be generated. Turning on this option avoids these
+extra fake Shift events but may result in a slightly different symbol
+(e.g. a Return instead of a keypad Enter).
+
.SH USAGE WITH INETD
By configuring the \fBinetd\fP(1) service appropriately, Xvnc can be launched
on demand when a connection comes in, rather than having to be started
projects / tigervnc.git / commitdiff