Bug 3565

Summary: xdm Xaccess broken
Product: [Retired] Red Hat Linux Reporter: santini
Component: XFree86Assignee: Preston Brown <pbrown>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: santini
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-31 18:43:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description santini 1999-06-18 10:29:44 UTC
xdm fails to authorize clients specified in Xaccess unless a
line with a "*" (all clients authorized) is included. More
precisely:

1) we have done a fresh install of RedHat 6.0 followed
immediately by an update of the XFree86 packages to release
52.

2) after some trouble we isolated the following minimal set
of operation inducing the bug.

A) on server.bar.net, set /etc/X11/xdm/Xaccess to

x-term.bar.net
* CHOOSER server.bar.net

and connect with indirect XDMCP to server.bar.net from
x-term.bar.net. The displayed host list contains
server.bar.net, but the display is not authorized and login
is impossible.

B) On server.bar.net, set /etc/X11/xdm/Xaccess to

*
* CHOOSER server.bar.net

and connect as before from x-term.bar.net. Now everything
works fine.

Comment 1 Jeff Johnson 1999-06-18 11:53:59 UTC
Can you verify if this problem still exists in XFree86-3.3.3.1-52 (the
recent errata release of XFree86)? Thanks ...

Comment 2 santini 1999-06-18 12:03:59 UTC
As you can see from point 1), we are actually using the -52 release.
We have a tcpdump of the request/answer packet of a failing XDCMP
session. Anyone interested can ask for a copy...

Comment 3 Preston Brown 1999-07-15 19:29:59 UTC
Jay, can you please verify this in the lab?

Comment 4 Preston Brown 1999-08-31 18:43:59 UTC
you are allowing any host to get a CHOOSER window, and allowing the
CHOOSER to display that server1 is a valid computer to log in to, but
you are not allowing server1 to respond to XDMCP requests.  I.e. you
have misconfigured things, because I know it is confusing.

when you put x-term.bar.net on a line by itself, you are only saying
that the local xdm can allow logins TO that computer, not FROM that
computer.  You need to remove that line and instead put server.bar.net
on a line by itself.  Then, because you allow any host to get a
CHOOSER (the * part of the chooser line), your x-term will be able to
get a chooser on server, and server's chooser will display server as a
login option (3rd part of the CHOOSER line), and it will be authorized
(the server.bar.net line by itself).

Hope that clears things up.