X authentication ????

Joe Armstrong joe@REDACTED
Tue Jan 13 11:39:12 CET 2004


As I understand things authentication works like this.

When you run an X app it reads the (local) .Xauthority file
and chooses the cookie of one of the entries in this file to
start a session with the server.

This is reasonably secure since a remote program cannot read the (local)
Xauthority file. 

To allow remote hosts to run server sessions you can do one of two things:

	1) do xhosts+ on the servfer machine (dangerous)
	2) get the entry in the server Xauthority file into
  the  Xauthority file  on  the  client.  You  do  an "xauth  extract"
command on the server to get the cookie - send it to the client and do
an "xauth add" command on the client.

  2) Is the preferred method -  1) is unsafe since ANYBODY can connect
to your X server and do *anything* (like log all keystrokes)

So how does a local client figure out which Xauthority entry to use?

My code tries the following

   1) try "localhost"
   2) if that fails find the local host name
      and look that up
   3) give up

ie

host2cookie("localhost", Adata) ->
    case host2cookie1("localhost", Adata) of
	T = {true, Cookie} ->
	    T;
	false -> 
	    case inet:gethostname() of
		{ok, Host} ->
		    case host2cookie1(Host, Adata) of
			T = {true, Cookie} ->
			    T;
			false ->
			    get_screen_zero(Adata)
		    end;
		_ ->
		    get_screen_zero(Adata) 
	    end
    end;

What next do I try 127.0.0.0 then 127.0.0.2 etc .....

Any ideas

/Joe



On Mon, 12 Jan 2004, Peter-Henry Mander wrote:

> Hi Joe,
> 
> In my case with SuSE 8.2 the .Xauthority list simply doesn't contain localhost. There's 127.0.0.2, and the actual hostname too, but not localhost. I'm not sure how or why it's become like this. Using xhost or xauth as a remedy does work.
> 
> It's no fault of ex11, although the demo does fail silently, there's no supervisor to catch the exit value of sw_driver:wConnect/2.
> 
> Pete.
> 
> On Mon, 12 Jan 2004 14:45:19 +0100 (CET)
> Joe Armstrong <joe@REDACTED> wrote:
> 
> > This should not be necessary - I'd really like to know those cases
> > where the start procedure fails.
> > 
> > If authentication fails it is because
> > 
> >      ex11_lib_driver:get_cookie
> > 
> > Has not been able to figure out what cookie to use
> > 
> > If authentication fails then give the commands
> > 	
> >         > xauth
> > 	list
> > 
> > To see what cookies you have, then stare at the code in  ex11_lib_driver
> > and ex11_lib_xauth to figure out what when wrong.
> > 
> > /Joe
> > 
> > 
> > 
> > 
> > On Mon, 12 Jan 2004, Peter-Henry Mander wrote:
> > 
> > 
> > 
> > > 
> > > For those who may have difficulties with X11, do the following after make all:
> > > 
> > > xhost +localhost
> > > erl -pa ./lib -pa ./widget.
> > > 
> > > Pete.
> > > 
> > > P.s. thanks Joe :-)
> > > 
> > > 
> > > On Mon, 12 Jan 2004 13:39:38 +0100
> > > "Vlad Dumitrescu" <vlad_dumitrescu@REDACTED> wrote:
> > > 
> > > > Excellent!!
> > > > 
> > > > I've tested it and it works now, even for me :-)
> > > > 
> > > > I'm glad you managed to implement the "widget = process" in what seems to be a
> > > > very nice way. I've been struggling with this issue for long, and couldn't find
> > > > enough inspiration and spare time at the same time.
> > > > 
> > > > best regards,
> > > > Vlad
> > > > 
> > > 
> > > 
> > > 
> > 
> > 
> 
> 
> 




More information about the erlang-questions mailing list