LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-21-2005, 10:17 AM   #1
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Rep: Reputation: 15
about xauth?


There is a host S, and a client L, S has start X Window, and L doesn't. now I do this:
L$ xclock -display S:0 &
The window will be shown at S.

Then:
S# xhost -
to enable contrl list, the L will be refused the next time because it isn't on the list.

At last I want make a user on L could do this:
S$ xauth extract - $DISPLAY | ssh -l USER L /usr/X11R6/bin/xauth merge -
But it still be refused. What's wrong? Is there any problem of my understanding?

thank you.
 
Old 05-22-2005, 07:23 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I don't think that your initial statement is correct. A computer or terminal needs to have the x11r6 server running to be able to display the output on the screen. Also, without even a simple window manager, you will not have borders or menus displayed. ( I am referring to computer S now. ) The role of server/client is different than what many expect. The X11 server is what displays things on the screen, so it is the terminal machine running the server. The program running on the different machine is the client. Techically, both may need the server program running, but the remote machine doesn't need a window manager if it doesn't display anything.

There are security policies which may control the usage of xauth. Try reading /usr/share/doc/packages/pam/README.pam_xauth as well as the xauth man and info pages.
There is also a readme on x-windows access in the www.tldp.org web site. The NSA site has an x-windows security how-to that you could probably find using google.

Last edited by jschiwal; 05-22-2005 at 07:29 PM.
 
Old 05-23-2005, 01:52 AM   #3
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Original Poster
Rep: Reputation: 15
I know what you mean.

But here I just want to test the authorization mechanism of X, in this condition, X11 Server is on host S(in fact i have start Gnome), and the client program xclock is on L, and L does not start X.

Now I can run xclock at L but display the window on S, is that OK? But this make every user on L could access S's X server, How can I make that only one user on L could do this?

Thank you.
 
Old 05-23-2005, 04:37 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You need to read up on how your system controls this. For many distro's the use of xauth is controlled by PAM. I already refered to the readme document for this. Other distro's such as Slackware do not use PAM. Here you would need to manually merge the magic cookie from ~/.Xauthority on host L to the ~/.Xauthority on host S.

A user's .Xauthority file is only readable by the owner.

This howto may help.
http://www.xs4all.nl/~zweije/xauth-6.html#ss6.2

A better way may be to use ssh with x-forwarding. The handing of the X-auth cookies and setting of $DISPLAY is handled in the background. I've only used ssh to run programs remotely. I have rarely pushed an output like that. I think I just did it once as an experiment. However, I've used ssh on my laptop to run a program on my desktop, while displaying the program on the laptop.

If you also want sound to be played on the remote rather than the local machine, there may be more work and setup for this.

Last edited by jschiwal; 05-23-2005 at 04:43 PM.
 
Old 05-23-2005, 08:41 PM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Here is another link.
http://www.linuxgazette.com/node/2231

It explains what may need to be edited to your startx scripts to allow using xauth.

/usr/bin/X11/xauth add :0 . $(dd if=/dev/urandom count=2 2> /dev/null | md5sum)

exec /usr/bin/X11/X -dpi 100 -nolisten tcp -auth $HOME/.Xauthority

The highlighted portions are new. This is based on a debian distro, but probably would apply closely to your situation ( unless your setup already has this in place )
 
Old 05-24-2005, 06:30 AM   #6
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Original Poster
Rep: Reputation: 15
"merge the magic cookie from ~/.Xauthority on host L to the ~/.Xauthority on host S", but when I do this on console:
L$ xauth nextract - $DISPLAY
xauth: (argv):1: bad "nextract" command line

Then I run X and xterm on L:
xterm$ xauth nextract - $DISPLAY
No matches found, authority file "-" not written

xterm$ xauth nextract ~/.Xauthority $DISPLAY
No matches found, authority file "/home/USER/.Xauthory" not written

What's wrong?

Still thank you, jschiwal
 
Old 05-24-2005, 05:21 PM   #7
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You may have better luck following these instructions. I don't think you are transfering the cookie information from the S host to the L host.
http://acs.ucsd.edu/info/xauth.php

Quote:
Giving another machine access

Set up .rhosts
To allow connections from another machine, first set up an .rhosts file on the remote machine. You've probably already done this before even thinking about figuring out xauth, but it's still important. The .rhosts file should contain the name of the local machine and your username on one line, separated by a space. This is the same file that you use to enable rsh, rlogin, and rcp. For more information on .rhosts files, see "help rcp".


Transfer the cookie
To transfer the cookie to a remote machine, set up the .rhosts file on that machine as described above, then type (replacing "remote" with the name of the remote machine you want to use):

local% xauth nextract - $DISPLAY | rsh remote xauth nmerge -

If your login name is different on the remote host, use:

local% xauth nextract - $DISPLAY | rsh remote -l username xauth nmerge -
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to use xauth? Chowroc Linux - Networking 1 05-22-2005 10:31 AM
How can I get xauth with startx? hypnos Linux - Software 1 01-15-2005 04:39 PM
xauth - where is it? (VNC) figmentium Linux - Newbie 6 07-19-2003 02:00 PM
startx, xauth Steve009 Slackware 4 05-20-2003 05:28 AM
su - and xauth .. doublefailure Linux - General 0 03-05-2003 03:46 PM


All times are GMT -5. The time now is 05:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration