Public bug reported:
I'm currently working on configuring Ubuntu 12.04 Linux to match our
user environment - one of the aspects I'm working on is enabling X11
over TCP as we have a large number of graphical applications running on
local (same-subnet) compute server systems. Encrypting the X11 stream
between clients and servers on the same physical network switch inside a
secured floor of offices seems like insanity to me.
I've obviously configured Lightdm to start the Xorg X11 server with TCP
mode connections enabled, but the -auth argument (which I assume is
provided by lightdm) points to a file called /var/run/lightdm/root/:0.
Despite the TCP mode connection being enabled, the only MIT-MAGIC-
COOKIE-1 key that is placed within this file includes the
"hostname/unix:0" specification which limits it's use to Unix domain
sockets only.
What I need to do is to have lightdm (assuming it is lightdm that is
creating this authorisation file) create it with simply "hostname:0" so
that the MIT-MAGIC-COOKIE-1 key may be used on X11 over TCP connections
as well as those over X11 over Unix Domain socket connections.
I have confirmed that extracting the key from the :0 file using Xauth -f
:0 list followed by a correspondingly altered re-insertion of the key
without the /unix part using Xauth -f :0 add ... command does indeed
work.
My first question is whether there is something I've missed in the
lightdm configuration file that would allow me to specify that I want
the MIT-MAGIC-COOKIE-1 enabled for both TCP and Unix domain connections?
The second point which follows on from that is whether when allowing TCP
connections to the Xserver, maybe lightdm SHOULD remove the /unix
element from the MIT_MAGIC-COOKIE-1 stored in the :0 file. It would
seem to me to be logical that it should.
And the final point is seeking advice on the best recommended way to
work around this problem for the time being. I assume I could do the
xauth list/xauth add steps within the display-setup-script if necessary.
Is this the best place to do it?
Thanks in advance for your help.
Description: Ubuntu 12.04.2 LTS
Release: 12.04
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.3-0ubuntu2.3
ProcVersionSignature: Ubuntu 3.2.0-49.75-generic 3.2.46
Uname: Linux 3.2.0-49-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.3
Architecture: amd64
Date: Tue Jul 30 15:16:52 2013
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_GB:
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/csh
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1206533
Title:
Removing the /unix specification from the /var/run/lightdm/root/:0
file
Status in “lightdm” package in Ubuntu:
New
Bug description:
I'm currently working on configuring Ubuntu 12.04 Linux to match our
user environment - one of the aspects I'm working on is enabling X11
over TCP as we have a large number of graphical applications running
on local (same-subnet) compute server systems. Encrypting the X11
stream between clients and servers on the same physical network switch
inside a secured floor of offices seems like insanity to me.
I've obviously configured Lightdm to start the Xorg X11 server with
TCP mode connections enabled, but the -auth argument (which I assume
is provided by lightdm) points to a file called
/var/run/lightdm/root/:0. Despite the TCP mode connection being
enabled, the only MIT-MAGIC-COOKIE-1 key that is placed within this
file includes the "hostname/unix:0" specification which limits it's
use to Unix domain sockets only.
What I need to do is to have lightdm (assuming it is lightdm that is
creating this authorisation file) create it with simply "hostname:0"
so that the MIT-MAGIC-COOKIE-1 key may be used on X11 over TCP
connections as well as those over X11 over Unix Domain socket
connections.
I have confirmed that extracting the key from the :0 file using Xauth
-f :0 list followed by a correspondingly altered re-insertion of the
key without the /unix part using Xauth -f :0 add ... command does
indeed work.
My first question is whether there is something I've missed in the
lightdm configuration file that would allow me to specify that I want
the MIT-MAGIC-COOKIE-1 enabled for both TCP and Unix domain
connections?
The second point which follows on from that is whether when allowing
TCP connections to the Xserver, maybe lightdm SHOULD remove the /unix
element from the MIT_MAGIC-COOKIE-1 stored in the :0 file. It would
seem to me to be logical that it should.
And the final point is seeking advice on the best recommended way to
work around this problem for the time being. I assume I could do the
xauth list/xauth add steps within the display-setup-script if
necessary. Is this the best place to do it?
Thanks in advance for your help.
Description: Ubuntu 12.04.2 LTS
Release: 12.04
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.3-0ubuntu2.3
ProcVersionSignature: Ubuntu 3.2.0-49.75-generic 3.2.46
Uname: Linux 3.2.0-49-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.3
Architecture: amd64
Date: Tue Jul 30 15:16:52 2013
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_GB:
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/csh
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1206533/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
