Thanks for the great info. It's certainly a good starting point as you say.
I read the Xsecurity man page along with those of xauth and xdm, but I'm still a little confused about terminology. The Xsecurity page refers to "XDM-AUTHORIZATION-1" whereas the xdm page refer to "XDM-AUTHENTICATION-1". Any idea which is authoritative?
Kind regards, Alder
Alexander Gottwald wrote::
man Xsecurity
The following is theoretical since I have never used it but may serve you as a startig point.
the program xauth can be used to generate the authentication data
$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
the 56bit random key can be generated this way:
$ dd if=/dev/random count=1 | md5sum | cut -b1-14
You must tell the xserver to use the authentication data
$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key] $ XWin -auth /tmp/xauth.data [more options]
First of all, does Cygwin support this method?
strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE" so I guess the XDM-AUTHORIZATION is not compiled in-
If so, I guess the next thing I need to know is how and where the key is supposed to be stored on the system running Cygwin/XFree. FInally, what command-line parameters are available to pass the key value to the XDM?
man xdm
DisplayManager.keyFile XDM-AUTHENTICATION-1 style XDMCP authentication requires that a private key be shared between xdm and the terminal. This resource specifies the file containing those values. Each entry in the file consists of a display name and the shared key. By default, xdm does not include support for XDM- AUTHENTICATION-1, as it requires DES which is not generally distributable because of United States export restrictions.
DisplayManager.DISPLAY.authName authorize is a boolean resource which controls whether xdm generates and uses authorization for the local server connections. If authorization is used, authName is a list of authorization mecha� nisms to use, separated by white space. XDMCP con� nections dynamically specify which authorization mechanisms are supported, so authName is ignored in this case. When authorize is set for a display and authorization is not available, the user is informed by having a different message displayed in the login widget. By default, authorize is ``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or, if XDM-AUTHORIZATION-1 is available, ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
HTH
ago
smime.p7s
Description: S/MIME Cryptographic Signature
