Re: X connections refused between hosts (foo/unix:0 syntax)
David Wright wrote:
>
> On Thu, 18 Sep 1997, George Bonser wrote:
> >
> > On 18-Sep-97 David Wright wrote:
> > >I've obviously missed something in the explanations of .Xauthority files
> > >and MIT cookies. I have two Debian 1.3 machines, foo and bar with
> > >essentially identical configurations, with few changes from how things
> > >install themselves. I start X as user myself on foo. Typing xauth list
> > >says foo/unix:0 MIT...1 a0b1... and so does xauth list :0 and xauth list
> > >unix:0 and xauth foo/unix:0 but not xauth foo:0 which says nothing.
> >
> > Assuming foo is your local machine, what happens if you do xhost +bar then
> > telnet to bar, export DISPLAY=foo:0.0 and then run an X program on bar?
>
> Host-based access works fine, but I wanted to avoid that because the X
> display should not be accessible to some users of foo, let alone those on
> bar.
>
> Looking at the books on this subject, e.g. Lui and Pearce page 79, Garfinkel
> and Spafford page 527, I see examples like this:
>
> foo% xauth extract - $DISPLAY | rsh bar xauth merge -
>
> All this does is to stick the foo/unix:0 MIT...1 a0b1... line into
> .Xauthority on bar. What I think I need is a command which massages
> foo/unix:0 MIT...1 a0b1...
> into
> foo:0 MIT...1 a0b1...
> so I can merge that into .Xauthority on bar.
Here's another problem. You aren't extracting the correct entry.
In addition to my message before, you need to specify the TCP/IP
entry to extract. You should say:
xauth extract - <fully qualified domain name>:0 | rsh bar auth merge -
> Is that what I should be doing? Is that what everyone else does? I can't
> help thinking I've missed something if none of the books/documentation
> mentions this wrinkle.
There's just no clean way to do it! Somebody should have added this
functionality to xon long ago.
> Copying .Xauthority from a user's home directory to /root so that you can
> start clients after suing to root must be a FAQ - it's even been asked on
> this list in the past week. Surely some of these people must hit my
> problem as soon as they run remote clients, or I've done something wrong?
As root, no need to copy. Just do 'export XAUTHORITY=~$USER/.Xauthority'.
Since root can read the file, you'll be ok.
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: