Martin wrote,
> From: "Christian Hudon" <[EMAIL PROTECTED]> > Date: Sat, 21 Jun 1997 14:48:19 +0000 > Subject: "xauth +", not a good idea... > > If you don't trust every user on your machine, you'll need to learn a bit > about xauth. "xauth list $DISPLAY" will list the key for the display > $DISPLAY. > pianocktail.org/unix:0 MIT-MAGIC-COOKIE-1 53a82429fe56a1cf5236f3d4852e7d79e > Anyone who has that key is authorized to connect to the X server managing > display $DISPLAY. So say you want to grant user bar access to the display > that user foo is using, you just do (as bar): > [EMAIL PROTECTED]:[~]> xauth add pianocktail.org/unix:0 MIT-MAGIC-COOKIE-1 > 53a82429fe56a1cf5236f3d4852e7d79e curioser and curioser. I tried this, and it worked--once. I then successfully launched emacs, then lost the ability to change the remote xauth entirely. (???). Getting the sequence from the login xterm, I then type pv2086ttyp7:rhawkins>xauth list $DISPLAY eyry.econ.iastate.edu:0 MIT-MAGIC-COOKIE-1 e627d47d72c34079be1f6c35ca3b58b1 pv2086ttyp7:rhawkins>xauth add eyry.econ/unix:0 MIT-MAGIC-COOKIE-1 684e3c0f4c1e460741426f5272005d0c pv2086ttyp7:rhawkins>xauth list $DISPLAY eyry.econ.iastate.edu:0 MIT-MAGIC-COOKIE-1 e627d47d72c34079be1f6c35ca3b58b1 That is, it isn't changing it in the remote system. However, it does seem to work in the root window on the local system. The remote system is using kerberos if this makes a difference. I still haven't figured out how to get the rpm's for kerberos installed. This prevents me from using rsh, getting pop-3 mail, etc. I've looked at the telnet man page, and it looks like I could evaluate the cookie, put it in a variable, pass this with the environ option, then have the remote .cshrc check for the variable, and add it if present. At the moment, i'm not worried nearly as much about security as in getting something to work. Even xhost + only works for a few seconds. thanks rick -- These opinions will not be those of ISU until it pays my retainer. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .