Re: X connections refused between hosts (foo/unix:0 syntax)
David Wright wrote:
>
> I've obviously missed something in the explanations of .Xauthority files
> and MIT cookies. I have two Debian 1.3 machines, foo and bar with
> essentially identical configurations, with few changes from how things
> install themselves. I start X as user myself on foo. Typing xauth list
> says foo/unix:0 MIT...1 a0b1... and so does xauth list :0 and xauth list
> unix:0 and xauth foo/unix:0 but not xauth foo:0 which says nothing.
>
> If I su to root and copy ~myself/.Xauthority to ~root I can run xeyes with
> xeyes -d :0 etc., but not xeyes -d foo:0 which is refused.
On the same host, an X connection will a "unix" domain socket. (A
sort of special device.) When X is started it creates this (a file
is created, as with most unix devices) in /tmp/.X11-unix. When you
specify :0 it uses the "local" connection while when you type
foo:0 it uses a regular IP connection. Each "interface" requires
its own access entry. Note that the X man-page says about the "hostname"
part of the display spec:
hostname
The hostname specifies the name of the machine to
which the display is physically connected. If the
hostname is not given, the most efficient way of
communicating to a server on the same machine will
be used.
Unix domain sockets are more efficient, but can only be used when
you are on the same machine.
> Now I telnet to bar and login as myself, ftp back to foo and copy
> .Xauthority to bar. On bar, xauth list and xauth list foo/unix:0 both say
> foo/unix:0 MIT...1 a0b1... but the other forms say nothing.
What's the timestamp on ~/.Xauthority? I didn't know that startx
created auth files. Authorization in the server is controled by
passing the -auth <file> param to the X server.
> Now I type xeyes -d :0 etc. and :0, unix:0 and foo/unix:0 are all
> obviously trying to display locally on bar, as the error is 111.
> xeyes -d foo:0 is refused by the server on foo (an audit message appears
> on the VC which started X).
Yup, 'cause you don't have a foo:0 entry in your xauth file.
> I presume I have to massage .Xauthority in some way, to create entries
> for :0, unix:0 and foo:0, but why does .Xauthority have foo/unix:0 put
> into it by startx? I don't really understand what the syntax foo/unix
> means and can't find any documentation for it (though I've seen it in
> examples, e.g. page 82 of Mui and Pearce).
The '/unix' mean "unix domain" transport. As I said, it doesn't do you
any good unless you're on the local machine.
Make sure that your X server is using the authorization scheme you
think it is. If no '-auth <file>' is passed to the X server then it
will default to "host-based" authorization. If you want to know for
sure the run X, find the PID of the server and then
'cat /proc/<PID>/cmdline' and check for the '-auth' param. If it isn't
there, you're using "host-based" auth. If that's the case, you can
generate the entries yourself. You'll need to create a .xserverrc in
your home dir. Here's something that might work:
#!/bin/bash
gencookie () { perl -e open(RAND,"</dev/random");sysread(RAND,$sysdata,16);print(unpack("H32",$sysdata));'; }
export XAUTHORITY=~/.Xauthority
xauth add `hostname`.`dnsdomainname`:0 MIG-MAGIC-COOKIE-1 `gencookie`
xauth add `hostname`/unix:0 MIG-MAGIC-COOKIE-1 `gencookie`
/usr/X11R6/bin/X -auth $XAUTHORITY :0
I just wrote this on the fly, trying little bits, but it should work
with perhaps a little tweaking. Have fun.
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: