Bug 3565 - xdm Xaccess broken
xdm Xaccess broken
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Preston Brown
Depends On:
  Show dependency treegraph
Reported: 1999-06-18 06:29 EDT by santini
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-08-31 14:43:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description santini 1999-06-18 06:29:44 EDT
xdm fails to authorize clients specified in Xaccess unless a
line with a "*" (all clients authorized) is included. More

1) we have done a fresh install of RedHat 6.0 followed
immediately by an update of the XFree86 packages to release

2) after some trouble we isolated the following minimal set
of operation inducing the bug.

A) on server.bar.net, set /etc/X11/xdm/Xaccess to

* CHOOSER server.bar.net

and connect with indirect XDMCP to server.bar.net from
x-term.bar.net. The displayed host list contains
server.bar.net, but the display is not authorized and login
is impossible.

B) On server.bar.net, set /etc/X11/xdm/Xaccess to

* CHOOSER server.bar.net

and connect as before from x-term.bar.net. Now everything
works fine.
Comment 1 Jeff Johnson 1999-06-18 07:53:59 EDT
Can you verify if this problem still exists in XFree86- (the
recent errata release of XFree86)? Thanks ...
Comment 2 santini 1999-06-18 08:03:59 EDT
As you can see from point 1), we are actually using the -52 release.
We have a tcpdump of the request/answer packet of a failing XDCMP
session. Anyone interested can ask for a copy...
Comment 3 Preston Brown 1999-07-15 15:29:59 EDT
Jay, can you please verify this in the lab?
Comment 4 Preston Brown 1999-08-31 14:43:59 EDT
you are allowing any host to get a CHOOSER window, and allowing the
CHOOSER to display that server1 is a valid computer to log in to, but
you are not allowing server1 to respond to XDMCP requests.  I.e. you
have misconfigured things, because I know it is confusing.

when you put x-term.bar.net on a line by itself, you are only saying
that the local xdm can allow logins TO that computer, not FROM that
computer.  You need to remove that line and instead put server.bar.net
on a line by itself.  Then, because you allow any host to get a
CHOOSER (the * part of the chooser line), your x-term will be able to
get a chooser on server, and server's chooser will display server as a
login option (3rd part of the CHOOSER line), and it will be authorized
(the server.bar.net line by itself).

Hope that clears things up.

Note You need to log in before you can comment on or make changes to this bug.