Problem using xauth
Wolfgang Meiners
i think i basically understand the principle of MIT-Magic-Cookie, but i
have got one problem with xauth. What i did is the following: I have two
boxes A (OS X 10.4.11) and B (ubuntu 8.04)
A:~$ ssh -CX B
B:~$ xauth -f test generate $DISPLAY . trusted
xauth: creating new authority file test
xauth: (argv):1: couldn't query Security extension on display
"localhost:10.0"
ls test
ls: cannot access test: No such file or directory
B:~$
The first time I did this, there was no errormessage and a file test was
generated by xauth. With this file I could do
B:~$ chmod a+r test
B:~$ su other_user
other_user@B:~ XAUTHORITY=/home/user/test xeyes
This gave me xeyes on the screen of A as expected. There are two questions:
1. what is the reason for the xauth errormessage and how can i prevent this?
2. what is the recommended way to run programs like above?
Thank you for any information
Wolfgang
Wolfgang Meiners
Wolfgang Meiners schrieb:
> Hi there,
>
> i think i basically understand the principle of MIT-Magic-Cookie, but i
> have got one problem with xauth. What i did is the following: I have two
> boxes A (OS X 10.4.11) and B (ubuntu 8.04)
>
> A:~$ ssh -CX B
> B:~$ xauth -f test generate $DISPLAY . trusted
I think, this can not work.
> xauth: creating new authority file test
> xauth: (argv):1: couldn't query Security extension on display
> "localhost:10.0"
> ls test
> ls: cannot access test: No such file or directory
> B:~$
And, as we see, it does not work.
>
> The first time I did this, there was no errormessage and a file test was
> generated by xauth. With this file I could do
>
I dont know, what i did the first time. But somehow i duplicated the
MIT-Magic-Cookie in .Xauthority.
>
> B:~$ chmod a+r test
> B:~$ su other_user
> other_user@B:~ XAUTHORITY=/home/user/test xeyes
>
> This gave me xeyes on the screen of A as expected. There are two questions:
> 1. what is the reason for the xauth errormessage and how can i prevent this?
> 2. what is the recommended way to run programs like above?
>
> Thank you for any information
>
> Wolfgang
The way it really works, is as following:
pbook is A, ubuntu is B, wolfgang ist user at A and B, adminloc is
other_user at B.
pbook:~ wolfgang$ ssh -CX ubuntu
Last login: Fri Oct 10 11:43:52 2008 from pbook.lan
wolfgang@ubuntu:~$ xauth list
ubuntu/unix:10 MIT-MAGIC-COOKIE-1 ea24d67061b61d34c96f42a40967d3e3
#So there is no MIT-MAGIC-COOKIE-1 related to $DISPLAY, which is
#localhost:10.0
wolfgang@ubuntu:~$ xauth extract test ubuntu/unix:10
wolfgang@ubuntu:~$ xauth -f test list
ubuntu/unix:10 MIT-MAGIC-COOKIE-1 ea24d67061b61d34c96f42a40967d3e3
#So the MIT-MAGIC-COOKIE-1 has been extracted to test
wolfgang@ubuntu:~$ chmod a+r test
#Now, all users can access /home/wolfgang/test
wolfgang@ubuntu:~$ su adminloc
Password:
adminloc@ubuntu:/home/wolfgang$ xeyes &
#This cant work because there is no matching Cookie in
#/home/adminloc/.Xauthority
[1] 6213
adminloc@ubuntu:/home/wolfgang$ X11 connection rejected because of wrong
authentication.
Error: Can't open display: localhost:10.0
#and, as we see, it does not work
XAUTHORITY=/home/wolfgang/test xeyes &
#This does work as expected
[2] 6214
[1] Exit 1 xeyes
adminloc@ubuntu:/home/wolfgang$ exit
exit
wolfgang@ubuntu:~$ exit
logout
Connection to ubuntu closed.
pbook:~ wolfgang$
ok. So far it works. But there are remaining questions:
1.: Why is $DISPLAY=localhost:10.0 but there is no matching
MIT-MAGIC-COOKIE in .Xauthrity?
2.: Can there be two (or more) different MIT-MAGIC-COOKIES for one Display?
3.: What is the recommended way for sharing MIT-MAGIC-COOKIES?
Thank you for information
Wolfgang
Wolfgang Meiners
example
http://manpages.ubuntu.com/manpages/hardy/man8/pam_xauth.html#toptoc4
There seems to be one drawback: Now every time you su to another user,
the cookie is shared. But there seems to be some kind of access control.
Wolfgang