Re: loss of xauthority

To: Martin Bialasinski <martin@internet-treff.uni-koeln.de>
Cc: debian-user@lists.debian.org
Subject: Re: loss of xauthority
From: hawk@eyry.econ.iastate.edu
Date: Mon, 29 Dec 1997 12:27:08 +0600
Message-id: <[🔎] m0xmju8-0024PzC@eyry.econ.iastate.edu>
In-reply-to: Your message of "Mon, 29 Dec 1997 17:10:02 +0100." <[🔎] Pine.LNX.3.96.971229170622.927G-100000@haitech.internet-treff.de>

Martin wrote,


> From: "Christian Hudon" <chudon@ee.mcgill.ca>
> Date: Sat, 21 Jun 1997 14:48:19 +0000
> Subject: "xauth +", not a good idea...
> 

> If you don't trust every user on your machine, you'll need to learn a bit
> about xauth. "xauth list $DISPLAY" will list the key for the display
> $DISPLAY.

> pianocktail.org/unix:0  MIT-MAGIC-COOKIE-1  53a82429fe56a1cf5236f3d4852e7d79e

> Anyone who has that key is authorized to connect to the X server managing
> display $DISPLAY. So say you want to grant user bar access to the display
> that user foo is using, you just do (as bar):

> bar@pianocktail:[~]> xauth add pianocktail.org/unix:0 MIT-MAGIC-COOKIE-1
> 53a82429fe56a1cf5236f3d4852e7d79e

curioser and curioser.  I tried this, and it worked--once.  I then 
successfully launched emacs, then lost the ability to change the remote xauth 
entirely. (???).

Getting the sequence from the login xterm, I then type
pv2086ttyp7:rhawkins>xauth list $DISPLAY                                       
 eyry.econ.iastate.edu:0  MIT-MAGIC-COOKIE-1  e627d47d72c34079be1f6c35ca3b58b1
pv2086ttyp7:rhawkins>xauth add eyry.econ/unix:0 MIT-MAGIC-COOKIE-1 
684e3c0f4c1e460741426f5272005d0c
pv2086ttyp7:rhawkins>xauth list $DISPLAY                                       
 eyry.econ.iastate.edu:0  MIT-MAGIC-COOKIE-1  e627d47d72c34079be1f6c35ca3b58b1

That is, it isn't changing it in the remote system.  However, it does seem to 
work in the root window on the local system.

The remote system is using kerberos if this makes a difference.  I still 
haven't figured out how to get the rpm's for kerberos installed.  This 
prevents me from using rsh, getting pop-3 mail, etc.

I've looked at the telnet man page, and it looks like I could evaluate the 
cookie, put it in a variable, pass this with the environ option, then have the 
remote .cshrc check for the variable, and add it if present.

At the moment, i'm not worried nearly as much about security as in getting 
something to work.  Even xhost + only works for a few seconds.

thanks

rick




-- 
These opinions will not be those of ISU until it pays my retainer.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: loss of xauthority
  - From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>

References:
- Re: loss of xauthority
  - From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>

Prev by Date: Re: loss of xauthority
Next by Date: smail vs procmail
Previous by thread: Re: loss of xauthority
Next by thread: Re: loss of xauthority
Index(es):
- Date
- Thread