Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!samsung!munnari.oz.au!csc!csc3.anu.oz!neptune!mwz
From: mwz@arp.anu.oz.au (Markus Zellner)
Newsgroups: comp.windows.x
Subject: Need help with X11R4 xauth system
Keywords: authorise, X
Message-ID: <1990Jun7.065337.27938@arp.anu.oz.au>
Date: 7 Jun 90 06:53:37 GMT
Sender: mwz@arp.anu.oz.au (Markus Zellner)
Organization: Automated Reasoning Project
Lines: 38

I've been trying to use the X11R4 authorisation mechanisms on Suns, and
I've come up with some problems and some general queries about the whole
authorisation system. (Yes I've RTFMed, the xauth and Xau manual pages,
and the xdm and Xserver manual pages).

1 - I'm using the authorisation mechanism WITHOUT using XDM, so I use
the MIT-MAGIC-COOKIE scheme, and xauth add to add entries to my
authorisation file.  What system is used to encrypt the 8 bit hex value
that you give to the xauth add command ? Is the creation of the
authentication cookie based on just this value, or on other things like
the user name ? If the whole authentication scheme is based on this 8
bit value, a brute force approach to cracking the token would be pretty
easy, would it not ? Or isn't it designed for this level of security ?

2 - To start the Xserver on a workstation, it seems that specifying just
the workstation name on the xauth add command is not enough, and you
must also specify unix:0.0 to the xauth add command as well.  Problem is
that this just creates a hostname/unix:0 entry in your authorisation
file.  Since I run tools from many different machines, and run the
Xserver on many different workstations, does this mean that I have to
xauth add both hostname:0 and unix:0 for each machine ? Another approach
to this would be to start the server as something other than unix:0.0,
but this would then mean that Internet rather than Unix domain sockets
would be used for local clients, resulting in a performance drop.  Is
this correct, or is there a better way of doing this ?

3 - How do I selectively let another user (either on the same or a
different machine) open a window on the workstation on which I am
currently using X ? Can I give them the magic cookie, or do I give them
the "seed" value that I gave to xauth add ?

Any help on any of these questions would be much appreciated. Please e-mail
and I will duly summarise.

Markus Zellner | Phd student | mwz@anucsd.anu.oz.au
-- 

Markus Zellner                                     mwz@anucsd.anu.oz.au