Re: Problems with xauth & PAM
>>>>> Juan Jose Quintela writes:
Juan> And when I try to launch a window in a remote machine I
Juan> obtain the following message:
Juan> ~$ xterm & [1] 5939 ~$ Xlib: connection to "krilin:0.0"
Juan> refused by server Xlib: Client is not authorized to connect
Juan> to Server Error: Can't open display: krilin:0.0
You have to make an `xauth' entry for the machine running the program
that wants to use the display, on the machine running that program.
Read the man for xauth, of course, then do:
Here:
`xauth list unix:0.0'
... and highlight everything from `MIT' through the end of the line
with the near button. Then, in an xterm where you're logged into the
other machine, do:
`xauth add here:0.0 [PASTE with middle button]'
... and hit enter. That will make an `xauth' entry on the remote
machine, so it can authenticate itself for display authorization.
The reason it needs authorization is that X Windows programs have the
ability to send synthetic events to other programs through the display
server. (I'm not an expert, yet; I've got the XBooks pack, but have
read only one or two of the documents.) Programs running on separate
computers can rendevous through a third machine's Xserver, where you
sit, controlling programs on several computers whos displays are in
front of you. This means drag-and-drop operations across machines and
architectures can be done, and that a subwindow inside an application
can be run by a program on the mainframe, while the app runs on your
workstation, and things like that.
It wouldn't be safe if just anyone could put a window up on your
display and watch what you type, or send events to your programs, from
anyplace on the global internet, without proper authorization.
I think that's all there is wrong. I don't think anything from X
uses PAM yet.
--
mailto:karlheg+sig@inetarena.com (Karl M. Hegbloom)
http://www.inetarena.com/~karlheg
Portland, OR USA
Debian GNU 1.3 Linux 2.1.36 AMD K5 PR-133
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: