[ale] Need an "X" fix.

Jim Lynch jwl at sgi.com
Thu Apr 18 08:16:02 EDT 2002


Are you sure?  Chinaberry is the server.  The 'master' xauthority key is
generated by and kept on the server.  For a client to connect to the
server it must pass the key to the server, hence the server distributes
the keys for its display to the clients, not the other way around.  What
good would security be if it was controlled by the client?

Anyone else?

Thanks,
Jim.

Dow Hurst wrote:
> 
> First off, xhost is the mechanism used by IRIX, however, it isn't used
> by Linux.  Xauth is used by Linux.  So the xhost isn't necessary.  The
> permission for X display is on the Chinaberry Linux system side since it
> is the Xserver.  You need to have the Xauth key from Almost merged into
> your Chinaberry side of the connection.  The xterm is the client and the
> Xserver is running on Chinaberry and requires the proper authorization
> from Almost.
> Dow
> 
> PS.  sorry for "cross-replying" incorrectly.  thought I had the right
> email displayed when I clicked on reply!
> 
> Jim Lynch wrote:
> >
> > I've pulled most of my hair out trying to figure this one out but I'm
> > stumped.  Perhaps someone here can help.
> >
> > This is the output from a Linux system I'm trying to run Xvfb on to
> > provide a dummy X session.
> >
> > <chinaberry 154> ./start.sh
> > + export DISPLAY=chinaberry.peachtree.sgi.com:5
> > + Xvfb :5
> > + DISPLAY=chinaberry.peachtree.sgi.com:5
> > + xhost +
> > access control disabled, clients can connect from any host
> > + xauth generate chinaberry.peachtree.sgi.com:5 .
> > xauth:  creating new authority file /home/jwl/.Xauthority
> > + xauth extract - chinaberry.peachtree.sgi.com:5
> > + rsh -l guest almost.csd.sgi.com /usr/bin/X11/xauth merge -
> > /usr/bin/X11/xauth:  creating new authority file
> > /usr/people/guest/.Xauthority
> > <chinaberry 155> xauth list
> > chinaberry.peachtree.sgi.com:5  MIT-MAGIC-COOKIE-1
> > 1668367a2c5c1f194b77413947551b77
> >
> > Start.sh, as you can see, cranks up Xvfb on display 5.  I also attempted
> > to open up the access via the xhost command.  It says it works, but it
> > lies.
> >
> > almost 55% xauth list
> > chinaberry.peachtree.sgi.com:5  MIT-MAGIC-COOKIE-1
> > 1668367a2c5c1f194b77413947551b77
> > almost 57% setenv DISPLAY chinaberry.peachtree.sgi.com:5
> > almost 58% echo $DISPLAY
> > chinaberry.peachtree.sgi.com:5
> > almost 59% xterm
> > Xlib: connection to "chinaberry.peachtree.sgi.com:5.0" refused by server
> > Xlib: Invalid MIT-MAGIC-COOKIE-1 key
> > Error: Can't open display: chinaberry.peachtree.sgi.com:5
> >
> > I did the same exercise without the .Xauthority files in place.  With
> > out all the details I get:
> >
> > almost 61% xterm
> > Xlib: connection to "chinaberry.peachtree.sgi.com:5.0" refused by server
> > Xlib: Client is not authorized to connect to Server
> > Error: Can't open display: chinaberry.peachtree.sgi.com:5
> >
> > even though xhost + said "access control disabled, clients can connect
> > from any host".
> >
> > almost.csd is an Irix system.  I've tried the same tests between two
> > Linux systems with the same results.  Chinaberry is running a Debian
> > dist. kernel 2.2.19.  The other Linux box was a Red Hat installation.
> >
> > Anyone got any ideas?
> >
> > Thanks,
> > Jim.
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > sent to listmaster at ale dot org.
> 
> --
> __________________________________________________________
> Dow Hurst                   Office: 770-499-3428
> Systems Support Specialist  Fax:    770-423-6744
> 1000 Chastain Rd.
> Chemistry Department SC428  Email:dhurst at kennesaw.edu
> Kennesaw State University         Dow.Hurst at mindspring.com
> Kennesaw, GA 30144
> *********************************
> *Computational Chemistry is fun!*
> *********************************

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list