From: Markus Waldorf (waldorfm@rferl.org)
Date: Tue Jun 10 2003 - 08:42:55 EDT
Hello,
I hope the questions below are not too trivial, but unfortunately I'm
rather unfamiliar with the security and access methods to establish a
CDE/Motif X-windows session to another computer. So far I've been using
"Exodus" and MacX, which use XDMCP and are rather easy to use, but I have
never done it from another Tru64 box. I noticed some issues which are
unclear to me and was hopping someone could please enlighten my questions
below:
(1) I noticed that X-windows access control is managed by the programs
"xhost" and "dxhosts". "xhost +" can be used to disable access control list
at all, which would allow anyone to get a windows login screen if I
understand correctly - maybe not a good idea.
One thing I wonder about is that when typing xhost +host.domain.name
followed by just "xhost" it lists allowed hosts, but it does not show them
anymore after a system restart, where xhost just displays that access
control is enabled or not. Subsequent logins work though. There is also
"dxhosts", which does not seem to have this kind of problem as it lists all
known hosts. What is the deal here please?
(2) I thought it would be possible to use telnet, ssh, rsh and rlogin to
establish a session on a remote system and run a program remotely, e.g.
xterm. For this to work the remote session needs to know what the DISPLAY ip
address is. I noticed so far that at least telnet and rlogin do not set the
DISPLAY variable. Is there something I can do to automate this in e.g.
/etc/profile using a dynamic source IP address? Why is this not done by
default, and what does export $DISPLAY do?
(3) How would I establish a CDE login session on a remote computer using
another Tru64 server. Am I supposed to telnet to the remote computer and use
e.g. dtlogin, or how?
(4) Are there some known access configurations that should be avoided, such
as MIT-COCKIE, etc. Could someone please make recomendations and explain how
to manage it?
(5) It seems like X-windows access control can be host or user based. Could
someone please explain the difference in terms of how the system recognizes
these type of logins. When is it using host, and when user based access
control?
(6) I can login to one of our servers using XDMCP from my workstation using
XDarwin (MacOSX) or Exodus. I get the CDE login screen and can login as root
since I added my workstation IP to /etc/securettys. However, "xhost" or
"dxhost" don't show my workstation in its access control lists. I guess it
sort of established some other method, e.g. MIT-COCKIE. How do I know?
(6) I added a Tru64 workstation to the xhost list on a server. When I type
"xhost" it shows it. I telnet to the server and su root. The workstation is
also in /etc/securettys. I type DISPLAY=merlin.rferl.org:0, followed by
export DISPLAY. Typing "set" shows it. But when I try to run xterm it gives
an error: xlib: connection to "merlin.rferl.org:0" refused by server, Xlib:
Client is not authorized to connect to Server, Error: Can't open display:
merlin.rferl.org:0. What is wrong please?
Thanks a lot for any response!
Best regards,
RFE/RL, Inc.
Markus Waldorf
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:21 EDT