Re: X authorization
In article <[🔎] 199609140429.AAA27509@m4-035-16.MIT.EDU> you write:
>How is the X authorization set up in Debian?
>
>I am running xdm and I discovered that only the login user can
>start an X window.
The 'MIT-MAGIC-COOKIE' authentication method is being used; only X
clients with access to the appropriate 'cookie' (an automatically
generated password) can connect to the server. I suggest you read the
Xsecurity manpage in the xmanpages package for more information. The
xauth and Xserver manpages are also relevant.
>There are 2 situations when I cannot start a
>X window:
>(1) when I try to start a window after 'su' to root. I discovered this
> can be fixed if I do 'xhost +mymachinename'. How to this automatically?
> A line in Xaccess or some /etc/X11/X???.hosts file?
You should set up a script to be run by root to copy the cookie from
the user's .Xauthority file to root's .Xauthority.
>(2) after establishing a PPP connection to my service provider and
> changing my hostname (I have only a dynamic IP address from my ISP).
> Here I suppose there is nothing I can do except do xhost from my ip-up
> script after fixing (1).
What is your DISPLAY variable being set to? If it's hostname:0.0 (or
similar) then the connection from the X client to the server will be
made by TCP using the cookie listed for TCP. If it's just :0.0 then
the connection will be made using a Unix-domain socket, and the cookie
listed for that connection method. (The cookie will have the same
value, just a different name).
If all you're worried about is getting X clients on your local machine
to start up on your own display, I'd recommend having DISPLAY set to
:0.0, so changes in hostname or IP address won't matter.
Steve Early
Reply to: