Re: [SLE] X gurus: Xlib:connection refused, invalid magic cookie
Hi Alexandr, Thank you for replying. I had to simplify the information in my first mail, so that people should read it. Now I can add the following as background information. HostA and hostB are sun4x sparcs running Solaris 7, while hostB is an Intel x86 running Sun Java Desktop System (SJDS) based on SLES 8.1/Gnome 2.2. HostA is a diskless client booting Solaris and X from the hostC OS server over the net. Until now hostC has been running CDE login&session for both hostA and hostC, in addition to be a Cad application execution host for both. The purpose of introducing hostB SJDS as a dedicated GDM login&session server, is to offload hostC from running X/CDE and to dedicate hostC to a pure Cad application server (execution host). Alexandr Malusek wrote:
"Terje J. Hanssen"
writes:
hostC% setenv DISPLAY hostA:0 hostC% XclientApp
The following typical error messages are displayed and theXclientApp doesn't start up or is not displayed on hostA:
Xlib: connection to hostA:0 refused by the server Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Your steps make sense but, apparently, the host access control mechanism is not considered. You can check that it is enabled by running (the output is from my local KDE session)
hostB-> xhost access control enabled, only authorized clients can connect
Anyway, you can copy the MIT-MAGIC-COOKIE-1 from hostB to hostC via the xauth command, see the example in "man xauth".
Yes, I have seen that also in the Solaris docs, using 'xauth nextract' and 'xauth merge'. But in the first testing phase I wish to 'by-pass' the user authention access control to simplify and see how things work. Can you confirm what another reply here told that using the xhost command should turn off cookie based authention control? The Xsun server started without options, has both user based and host based access control mecanisms active, with the MIT-MAGIC-COOKIE-1 as the default. According to the documentation, using the '-noauth' option should inactivate the user based auth-control, but I didn't get this to work. I haven't tried the other alternative using the '-auth sun-des' option, which should change the default to SUN-DES-1 a host based access control based on RCP.
hostB-> rlogin hostA hostA% xhost hostC
This cannot work since clients on hostA (e.g. the command xhost) are not authorized to connect to the server.
As I have no local login to hostA, I have now created a minimal xhost access file on hostA instead, containing the tree hosts A, B and C: /etc/X0.hosts Now I am able to get a dtterm started on remote application hostC to be displayed on my local X display hostA. But still I get the same Xlib errors when trying to start my CAD application on remote hostC: Xlib: connection to hostA:0 refused by the server Xlib: Invalid MIT-MAGIC-COOKIE-1 key What is special is that the Cad application uses its own software defined workstations, where 'wsA' is set up to with a graphical remote X display on hostA and take input from its remote tablet. Maybe this can come into some conflict with be or be dual (over)defined through the user command: hostC % setenv DISPLAY hostA:0 This command was mostly thougt to get displayed the text menue for starting the Cad system and more in a terminal window. I have to look some nearer at this.
Anyway, "ssh -X" may make your life easier since it handles the authorization issues automatically.
I expect to install ssh also on Solaris in the next phase. Terje
Just to make a little summary and inform that I have solved my problem. The solution that worked was to put in a file on each of my 3 hosts /etc/X0.hosts containing my 3 hostnames. This allow for X host access also on hostA (the X terminal) where there was no local user login. The file /etc/X0.hosts is comparable for X host access with what /etc/hosts.equiv is for remote login between. This is maybe not good Latin regarding security other than on a trusted LAN for a controlled workgroup, and ssh should be considered next. Terje J. Hanssen
participants (1)
-
Terje J. Hanssen