X authentication ????
Tue Jan 13 14:15:07 CET 2004
Joe Armstrong wrote:
> As I understand things authentication works like this.
> When you run an X app it reads the (local) .Xauthority file
> and chooses the cookie of one of the entries in this file to
> start a session with the server.
> This is reasonably secure since a remote program cannot read the (local)
> Xauthority file.
Security entirely depends on the authorization protocol in use. Some
send the cookies as plaintext.
> So how does a local client figure out which Xauthority entry to use?
> My code tries the following
> 1) try "localhost"
> 2) if that fails find the local host name
> and look that up
> 3) give up
Wouldn't it be better to look up the X server name? I think that's how
authorization is supposed to work: the client specifies on what machine
the display should go, the server checks whether the client has proper
(Part of the confusion may stem from the fact that the same records are
used by client and server.)
User logs on to an X machine.
User starts a background task on a remote machine.
Background task is supposed to display a progress bar on user's terminal.
-> Background task is told the host name of user's machine, to use as an
X server for the display.
In an installation running a fixed set of software, the assignment of X
Servers to background processes may be part of a configuration. IOW the
background processes would get their machine names from a file or database.
Currently looking for a new job.
More information about the erlang-questions