Re: kdm chooser incorrectly reports Display not authorized

[Eric Nodwell <nodwell@physics.ubc.ca>]

> > Apparently the former means "any host can get a chooser but not a
> > login window", while the latter means "any host can get a chooser or a
> > login window".
> 
> this is disabled by default because it's a security risk and generally
> discouraged.

What is discouraged?  Allowing a host to get a chooser, or both a
chooser and a login window, or xdmcp altogether?  What would be the
alternative?

In our case we've configured the firewall to allow connections to port
177 only for the ip addresses of our terminals.  Also our network uses
switches instead of hubs, so eavesdropping on clear-text packets is
not possible.  Is there still a security risk?

Thanks,
Eric