Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!uwvax!husc6!necntc!ames!ucbcad!ucbvax!ATHENA.MIT.EDU!swick
From: swick@ATHENA.MIT.EDU.UUCP
Newsgroups: comp.windows.x
Subject: Re: xhost
Message-ID: <8704151159.AA14043@ORPHEUS.MIT.EDU>
Date: Wed, 15-Apr-87 06:59:46 EST
Article-I.D.: ORPHEUS.8704151159.AA14043
Posted: Wed Apr 15 06:59:46 1987
Date-Received: Fri, 17-Apr-87 00:15:13 EST
References: <225@gauss.RUTGERS.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 22

> In V11 is there going to be a way to limit which users can talk to an
> X server.

The version 11 protocol has fields for doing extended authorization which
will, in principle, allow us to add per-user authorization in addition to
the current per-host authorization.  This is a project that is of considerable
interest to us at Project Athena, even though our environment is quickly
evolving to one user per host.

The big 'gotcha' here is deciding the authenticity of the authorization
information you receive on the connection.  TCP gives you only the remote
host address (which is why we stopped there in X10), but even that requires
that you trust the remote host.

In our environment hosts are no more trustworthy than users, so we are
are solving the problem of authenticating users without relying on the
integrity of each machine on the network.  We have such a mechanism already,
but haven't yet decided how to integrate it with the window system.

If you do have trustworthy hosts, a much simpler mechanism may be possible and
the X11 protocol allows the server implementor to support multiple authorization
mechanisms simultaneously.