Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!zephyr.ens.tek.com!tektronix!sequent!amy From: amy@sequent.UUCP (Amy McPharlin) Newsgroups: comp.windows.x Subject: Need help with xdm and security! Message-ID: <34349@sequent.UUCP> Date: 4 May 90 18:53:19 GMT Reply-To: amy@sequent.UUCP (Amy McPharlin) Organization: Sequent Computer Systems, Inc Lines: 76 I am an engineer at Sequent and am trying to port xdm to run on a Sequent Symmetry. I am having trouble getting clear-text key-based security working. I have xdm running on the Symmetry with the authorize resource set to true and a protocol of MIT-MAGIC-COOKIE-1. For my display server, I have the R4 sample server running on a Sun which was invoked with the command Xsun -query . Xdm and the display server start up and talk to each other fine and xdm creates an .Xauthority file in the user's account and a file to pass the key to the server. However I see the following problems: 1. On every session, the same key is generated each time (all f's). 2. The server always refuses access to the clients started by the user's .xsession. The clients that try to start up are 2 xterms, an xclock and an xbiff (all versions supplied with the R4 tape). The error message they get is: For the first problem, I notice there is a procedure called generateAuth which looks from the code like it is supposed to generate the cookie. This procedure, however, is never called by xdm. Also, this procedure is in a file call xdmauthgen.c which seems to be a program in its own right. However, I can't find any documentation on this program nor is it in the xdm Makefile (Imakefile) supplied by MIT. Does anyone know anything about this program or about the generateAuth routine? For the second problem, I'm not sure if the problem is in xdm, the sample server or in the clients. Can anyone shed some light on this? Has anyone gotten MIT-MAGIC-COOKIE-1 working? with the sample server? Has anyone gotten these clients (or any clients) to start up with security on? More Security Questions 1. Cookie files Also, I have some questions about the .Xauthority file and the file passed to the server with the key. Do both of these files consist of Xauth records (defined in Xauth.h)? I can look at both of these files with xauth but I notice xauth only shows display_name protocol and key. It doesn't show the rest of the fields in Xauth: family, address, number and their respective lengths. Are these fields just considered to be not of interest or does xauth show display_name in lieu of these fields. I can understand what family, address and number mean in the user's .Xauthority file but what are these fields supposed to be set to in the file passed to the server? I notice a define in Xauth.h called FamilyWildcard. Should the family for this file be FamilyWildcard with the address and number fields just ignored? 2. Clients What do writers of client programs need to know about security to make their clients play well with authorization schemes? I notice the README in the Xau directory seems to be saying the the client writer doesn't need to do anything - that a call to XOpenDisplay will take care of everything. Is this true? Help on any of these issues would be appreciated. Thanks, Amy ------------------------ Amy T. McPharlin User Interface Group Sequent Computer Systems 15450 SW Koll Parkway Beaverton, OR 97006 (503) 626-4534 uunet!sequent!amy ------------------------