Bug 2598 - xauth doesn't work (and I can't use xhost)
xauth doesn't work (and I can't use xhost)
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Michael Fulbright
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-05-06 09:37 EDT by david.airlie
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-23 13:47:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description david.airlie 1999-05-06 09:37:52 EDT
gdm as my login manager, I login as user, and I used to call
the following after login to copy my Xauth key to my Sun
workstations so I that could run things from them,

xauth extract - rowan:0.0 | ssh oak xauth merge -

rowan is my machine, oak is my Sun server,
This no longer works and neither does passing :0.0 or
rowan.ece.ul.ie:0.0 (my FQDN)...

I don't like using xhost as this causes security problems I
would rather not deal with ...
Comment 1 Bill Nottingham 1999-05-06 10:54:59 EDT
try xauth extract - :0
Comment 2 david.airlie 1999-05-06 11:04:59 EDT
I think its a bit more difficult than that ...

rowan (airlied)% xauth extract - :0 | ssh oak xauth merge -
rowan (airlied)% xon oak -debug
Xlib: connection to "rowan.ece.ul.ie:0.0" refused by server
Xlib: Client is not authorized to connect to Server
xterm Xt error: Can't open display: rowan.ece.ul.ie:0
Comment 3 Preston Brown 1999-06-14 16:35:59 EDT
Are there xauth problems with gdm that you know about, Dr. Mike?
Comment 4 Michael Fulbright 1999-07-06 11:59:59 EDT
I don't know of any issues with xauth. The only problem I've
seen isn't really a gdm bug. If you change your hostname while
in X (and have an xauth key already), then you cannot create
new clients because the hostname doesn't match the xauth record
anymore.
Comment 5 david.airlie 1999-07-07 10:26:59 EDT
Okay that comment about gdm sparked another thought .. I've switched
to xdm and it works fine, but gdm doesn't ...

If I rm my .Xauthority and log in with xdm I get three keys
rowancoax:0  MIT-MAGIC-COOKIE-1  xxxxxxxxxxxxxxxxxxxxxxxx
rowan.ece.ul.ie:0  MIT-MAGIC-COOKIE-1  xxxxxxxxxxxxxxxxxxxxxxx
rowan/unix:0  MIT-MAGIC-COOKIE-1  xxxxxxxxxxxxxxxxxxxxxxxx

where my machine has 2 netcards, rowancoax and rowan.ece.ul.ie,

with gdm I only get the last one the rowan/unix:0 key ...

So does this help any?
Comment 6 Preston Brown 1999-07-15 15:07:59 EDT
Dr. Mike -- perhaps gdm should also insert the FQDN(s) when you are
logging in?
Comment 7 j.pelan 1999-07-18 21:15:59 EDT
I too see this problem. I can say that it isn't a problem re:FQDN as
my .Xauthority *is* fully qualified. I have checked the obvious, i.e.
cookies in .Xauthority vs. /var/gdm/:0.xauth appear the same.

I cranked up X server to -auth 4 but it doesn't spill much - I'd like
to see what it gets as a cookie.
Comment 8 j.pelan 1999-07-18 21:17:59 EDT
That should be "-audit 4" of course (It's 2am!).
Comment 9 j.pelan 1999-07-20 12:28:59 EDT
Doh ! It's obvious when one starts with an empty .Xauthority file.
It only contains a *single* entry for the host, i.e. one for the unix
sockets but not the TCP connections. Add the entrywith xauth and it
works !

A quick look at gdm bugtrack.... and lo ... Gnome ticket report logs -
#1396 gdm does not create TCP xauth cookie
Comment 10 Preston Brown 1999-08-23 13:47:59 EDT
will be fixed in the next release.
Comment 11 Anonymous 1999-08-25 11:45:59 EDT
I have just (25 Aug 1999) received e-mail from Martin K. Petersen
<mkp@mkp.net> himself who says;

"gdm is broken by design and no longer maintained. It is only
supported to the extent that some distributors are willing to patch
it.

I will ask the bugs.gnome.org maintainer to remove gdm from the
system as it confuses people that it is still there.

Please try the gdm2 module from CVS. Beta2 is due out this week."

Perhaps RedHat should ditch "gdm" and move with "gdm2". It would
certainly avoid significant amounts of patching.

Note You need to log in before you can comment on or make changes to this bug.