Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!sun-barr!cs.utexas.edu!wuarchive!uunet!mcsun!hp4nl!star.cs.vu.nl!vdlinden From: vdlinden@cs.vu.nl (Frank van der Linden) Newsgroups: comp.windows.x Subject: Authorization questions Message-ID: <8458@star.cs.vu.nl> Date: 10 Dec 90 11:47:36 GMT Sender: news@cs.vu.nl Lines: 50 Hello everyone, I started working with X (R4) a couple of days ago, on some Sun Sparcstations. During those days, I have pretty much worked out the basic principles of the system. There is only one thing left that I don't seem to be able to get working properly : the authorization. It seems that there are basically two ways for a server to grant access for a client : - all requests from a certain list of hosts are honored, - all request using a certain key are honored. The first one is easy : just use 'xhost' to add or remove a certain host to the list. The problem with this scheme is, of course, that _everyone_ can start up a window on the servers' screen, provided that they are on a host that is on the list. The second one is the one I'm having trouble with. I tried creating a .Xauthority file with 'xauth'. The file was indeed created, but it didn't seem to work. After 'xauth add my_host:0 . 1234', a 'rsh other_host xterm -display my_host:0' still gave a message saying that the server denied permission. Restarting the server (by logging out & in again - the server is started from my .login file) didn't help. I also tried specifying the serverhost by his full host+domainname, or the internet number. This also didn't work. The other host shared my homedirectory with the one I was working on (and with all the other workstations), so the .Xauthority file was present there. After this, I tried to start the server with '-auth $HOME/.Xauthority'. It had some effect, but too much ... My own clients were also refused connection (to 'unix:0.0'). I tried adding this name to the .Xauthority file, but still no luck. The result in both cases was an endless loop in my login sequence, only stoppable by logging in on the workstation from a terminal and killing the server, which in the end left 2 workstations in a weird keyboard-status... There must be some way to get this working. It seems the only way to get a secure server running (meaning one that doesn't allow other people to log in on my workstation and then running xlock so that my screen is locked with their password...). Any help would by greatly appreciated. Thanks in advance, Frank. -- Frank van der Linden. Internet : vdlinden@fwi.uva.nl or vdlinden@cs.vu.nl ------------------------------------------------------------------------------ 'You can't have everything .... where would you put it ?' --- Steven Wright