Mailinglist Archive: opensuse (3863 mails)
| < Previous | Next > |
Re: [SLE] X gurus: Xlib:connection refused, invalid magic cookie
- From: "Terje J. Hanssen" <nteknikk@xxxxxxxx>
- Date: Thu, 19 Feb 2004 21:13:49 +0100
- Message-id: <403518FD.5080000@xxxxxxxx>
Hello Örn and Alexandr,
I think this discussion (which also is useful learning of itself), shows that it isn't so easy to apply right principles when not just two hosts, but three hosts are in action running the X server, remote Windows manager (login&session) and remote X applications ......
Örn Hansen skrev:
>
> onsdag 18 februari 2004 23:55 skrev Alexandr Malusek:
>>
>> No, this cannot work since clients from hostA are not authorized to
>> connect to the X server. What he needs to do is to copy the
>> MIT-MAGIC-COOKIE-1 generated by GDM on hostB (and stored in the
>> ~/.Xauthority file there) to hostC.
>>
> Never copy the cookie, use xhost.
>
To supply, my sun documentation suggests using
xauth nextract
on the host running the X server to extract a cookie entry from one host to a file. Next copy it to the wished host and merge it into the 'other' user's .Xauthority file using
xauth nmerge
>>
>> If I understand the sentence right then it is not true. XDM sessions
>> work in a different way.
>>
> Your understanding is wrong.
>
>>
>> Note that he runs XDM session on hostB from an X server on hostA. In
>> other words: he is NOT logged in on hostA.
>>
Just to correct:
HostB runs GDM session, not XDM session, if that should make some difference in this case?
>
> It's irrelevant, how he runs his XDM ... it's the X server in charge,
> that is the concern. Even if you are logged into hostB, from hostA,
> you are not logged into hostB and cannot take over the session of
> the user on workstation hostB, simply because you're on a remote
> xdm session. That would be a serious security flaw, if it were
> possible.
>
I think this discussion (which also is useful learning of itself), shows that it isn't so easy to apply right principles when not just two hosts, but three hosts are in action running the X server, remote Windows manager (login&session) and remote X applications ......
Örn Hansen skrev:
>
> onsdag 18 februari 2004 23:55 skrev Alexandr Malusek:
>>
>> No, this cannot work since clients from hostA are not authorized to
>> connect to the X server. What he needs to do is to copy the
>> MIT-MAGIC-COOKIE-1 generated by GDM on hostB (and stored in the
>> ~/.Xauthority file there) to hostC.
>>
> Never copy the cookie, use xhost.
>
To supply, my sun documentation suggests using
xauth nextract
on the host running the X server to extract a cookie entry from one host to a file. Next copy it to the wished host and merge it into the 'other' user's .Xauthority file using
xauth nmerge
>>
>> If I understand the sentence right then it is not true. XDM sessions
>> work in a different way.
>>
> Your understanding is wrong.
>
>>
>> Note that he runs XDM session on hostB from an X server on hostA. In
>> other words: he is NOT logged in on hostA.
>>
Just to correct:
HostB runs GDM session, not XDM session, if that should make some difference in this case?
>
> It's irrelevant, how he runs his XDM ... it's the X server in charge,
> that is the concern. Even if you are logged into hostB, from hostA,
> you are not logged into hostB and cannot take over the session of
> the user on workstation hostB, simply because you're on a remote
> xdm session. That would be a serious security flaw, if it were
> possible.
>
| < Previous | Next > |