Bug 3565 - xdm Xaccess broken
Summary: xdm Xaccess broken
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86
Version: 6.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-06-18 10:29 UTC by santini
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-08-31 18:43:21 UTC

Attachments (Terms of Use)

Description santini 1999-06-18 10:29:44 UTC
xdm fails to authorize clients specified in Xaccess unless a
line with a "*" (all clients authorized) is included. More

1) we have done a fresh install of RedHat 6.0 followed
immediately by an update of the XFree86 packages to release

2) after some trouble we isolated the following minimal set
of operation inducing the bug.

A) on server.bar.net, set /etc/X11/xdm/Xaccess to

* CHOOSER server.bar.net

and connect with indirect XDMCP to server.bar.net from
x-term.bar.net. The displayed host list contains
server.bar.net, but the display is not authorized and login
is impossible.

B) On server.bar.net, set /etc/X11/xdm/Xaccess to

* CHOOSER server.bar.net

and connect as before from x-term.bar.net. Now everything
works fine.

Comment 1 Jeff Johnson 1999-06-18 11:53:59 UTC
Can you verify if this problem still exists in XFree86- (the
recent errata release of XFree86)? Thanks ...

Comment 2 santini 1999-06-18 12:03:59 UTC
As you can see from point 1), we are actually using the -52 release.
We have a tcpdump of the request/answer packet of a failing XDCMP
session. Anyone interested can ask for a copy...

Comment 3 Preston Brown 1999-07-15 19:29:59 UTC
Jay, can you please verify this in the lab?

Comment 4 Preston Brown 1999-08-31 18:43:59 UTC
you are allowing any host to get a CHOOSER window, and allowing the
CHOOSER to display that server1 is a valid computer to log in to, but
you are not allowing server1 to respond to XDMCP requests.  I.e. you
have misconfigured things, because I know it is confusing.

when you put x-term.bar.net on a line by itself, you are only saying
that the local xdm can allow logins TO that computer, not FROM that
computer.  You need to remove that line and instead put server.bar.net
on a line by itself.  Then, because you allow any host to get a
CHOOSER (the * part of the chooser line), your x-term will be able to
get a chooser on server, and server's chooser will display server as a
login option (3rd part of the CHOOSER line), and it will be authorized
(the server.bar.net line by itself).

Hope that clears things up.

Note You need to log in before you can comment on or make changes to this bug.