On Tue, Jan 07, 2014 at 07:57:38PM +0000, Martin T wrote: > Hi, > there are multiple access control mechanisms for X server like access > based on host(xhost) or access based on cookie(xauth). Are both usually > enabled at the same time? If yes, then which one is checked first? Are > both active? I mean for example once I enable host with xhost, then do I > need to configure xauth as well? According to the Xsecurity(7) manpage[1], there are at least 5 mechanisms (Host access, MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1, SUN-DES-1 and Server Interpreted). These can all be available at the same time. I don't know this for certain, but I would expect host authorisation to happen first, then the cookies to happen in a sort of "any allowed" mode. That is, if a client can't connect to the server (because of xauth denying it), then it can't exchange a cookie. If it does connect, it'll present a cookie and I would expect that any allowed cookie is good enough for access. Again, this isn't based on any evidence, just what I'd expect to happen. [1] http://manpages.debian.org/cgi-bin/man.cgi?query=Xsecurity&sektion=7&apropos=0&manpath=Debian+7.0+wheezy&locale= > regards, > Martin
Attachment:
signature.asc
Description: Digital signature