Re: Problems with xauth & PAM

To: Debian Users Forum <debian-user@lists.debian.org>
Subject: Re: Problems with xauth & PAM
From: karlheg+debian@inetarena.com (Karl M. Hegbloom)
Date: 12 Jul 1997 20:47:21 -0700
Message-id: <[🔎] 87iuyfpq9i.fsf@bittersweet.inetarena.com>
In-reply-to: Juan Jose Quintela's message of "Fri, 11 Jul 1997 15:35:39 +0200 (CEST)"
References: <[🔎] Pine.LNX.3.96.970711152446.3932A-100000@krilin.dc.fi.udc.es>

>>>>> Juan Jose Quintela writes:

    Juan> And when I try to launch a window in a remote machine I
    Juan> obtain the following message:

    Juan>   ~$ xterm & [1] 5939 ~$ Xlib: connection to "krilin:0.0"
    Juan> refused by server Xlib: Client is not authorized to connect
    Juan> to Server Error: Can't open display: krilin:0.0

 You have to make an `xauth' entry for the machine running the program
that wants to use the display, on the machine running that program.

 Read the man for xauth, of course, then do:

Here:

`xauth list unix:0.0'

... and highlight everything from `MIT' through the end of the line
with the near button.  Then, in an xterm where you're logged into the
other machine, do: 

`xauth add here:0.0 [PASTE with middle button]'

... and hit enter.  That will make an `xauth' entry on the remote
machine, so it can authenticate itself for display authorization.

 The reason it needs authorization is that X Windows programs have the
ability to send synthetic events to other programs through the display
server.  (I'm not an expert, yet; I've got the XBooks pack, but have
read only one or two of the documents.)  Programs running on separate
computers can rendevous through a third machine's Xserver, where you
sit, controlling programs on several computers whos displays are in
front of you.  This means drag-and-drop operations across machines and
architectures can be done, and that a subwindow inside an application
can be run by a program on the mainframe, while the app runs on your
workstation, and things like that.

 It wouldn't be safe if just anyone could put a window up on your
display and watch what you type, or send events to your programs, from
anyplace on the global internet, without proper authorization.

 I think that's all there is wrong.  I don't think anything from X
uses PAM yet.


-- 
mailto:karlheg+sig@inetarena.com (Karl M. Hegbloom)
http://www.inetarena.com/~karlheg
Portland, OR  USA
Debian GNU 1.3  Linux 2.1.36 AMD K5 PR-133


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Problems with xauth & PAM
  - From: Juan Jose Quintela <quintela@dc.fi.udc.es>

Prev by Date: adding ipfwadm rules
Next by Date: Re: Off-topic: Making ALT be the META key
Previous by thread: Problems with xauth & PAM
Next by thread: Diald & modem forget irq #
Index(es):
- Date
- Thread