Re: loss of xauthority
Martin wrote,
> From: "Christian Hudon" <chudon@ee.mcgill.ca>
> Date: Sat, 21 Jun 1997 14:48:19 +0000
> Subject: "xauth +", not a good idea...
>
> If you don't trust every user on your machine, you'll need to learn a bit
> about xauth. "xauth list $DISPLAY" will list the key for the display
> $DISPLAY.
> pianocktail.org/unix:0 MIT-MAGIC-COOKIE-1 53a82429fe56a1cf5236f3d4852e7d79e
> Anyone who has that key is authorized to connect to the X server managing
> display $DISPLAY. So say you want to grant user bar access to the display
> that user foo is using, you just do (as bar):
> bar@pianocktail:[~]> xauth add pianocktail.org/unix:0 MIT-MAGIC-COOKIE-1
> 53a82429fe56a1cf5236f3d4852e7d79e
curioser and curioser. I tried this, and it worked--once. I then
successfully launched emacs, then lost the ability to change the remote xauth
entirely. (???).
Getting the sequence from the login xterm, I then type
pv2086ttyp7:rhawkins>xauth list $DISPLAY
eyry.econ.iastate.edu:0 MIT-MAGIC-COOKIE-1 e627d47d72c34079be1f6c35ca3b58b1
pv2086ttyp7:rhawkins>xauth add eyry.econ/unix:0 MIT-MAGIC-COOKIE-1
684e3c0f4c1e460741426f5272005d0c
pv2086ttyp7:rhawkins>xauth list $DISPLAY
eyry.econ.iastate.edu:0 MIT-MAGIC-COOKIE-1 e627d47d72c34079be1f6c35ca3b58b1
That is, it isn't changing it in the remote system. However, it does seem to
work in the root window on the local system.
The remote system is using kerberos if this makes a difference. I still
haven't figured out how to get the rpm's for kerberos installed. This
prevents me from using rsh, getting pop-3 mail, etc.
I've looked at the telnet man page, and it looks like I could evaluate the
cookie, put it in a variable, pass this with the environ option, then have the
remote .cshrc check for the variable, and add it if present.
At the moment, i'm not worried nearly as much about security as in getting
something to work. Even xhost + only works for a few seconds.
thanks
rick
--
These opinions will not be those of ISU until it pays my retainer.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: