Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
Ira, Have you tried the FreeNX project? It gives superior performance over VNC supports multi-sessions and/or multi-users. (which VNC does not) It is linked with the standard X libraries on your system (X.org in RHEL4/5 case) so I suspect it should provide all the X extensions you require. - Noam 2008/2/3 Ira Abramov [EMAIL PROTECTED]: On Feb 3, 2008 11:15 AM, Shachar Shemesh [EMAIL PROTECTED] wrote: VNC on Windows behaves differently than on Linux. On Linux, it opens its own unique X server, and then exports its display using the VNC protocol. On Windows, VNC server exports the main Windows display. their client is a windows machine, then an unimaginately-named linux machine xserver runs Xvnc for 12 users, and from there they dispatch jobs to a cluster of CPU machines via a dispatcher whose name I forgot. The target machines already mount the same homedirs, so of course I have the MIT and XDM cookies in the .Xauthority at the far end as well. The problem is an interactive job tries to spawn at the target node but Xvnc ignores the xauth mechanism and blocks the client (and as I said - xhost + works but is too permissive) They just moved to that VNC setup because they are trying to stop using a local Xserver on the windows. they are surprised to discover vnc is slower, even though I explain the plusses and minuses. The local server is a commercial one, I was told they triend the local X from Cygwin with bad results but never gave me a full explanation. I'll have to either test the current cygwin-xorg and see if it's better for thזm, or test their propriatery/commercial Xserver-for-windows for any sort of MIT cookie support. Quoting Ilya Konstantinov, from the post of Sun, 03 Feb: Nowadays, you have VNC servers which act as X11 clients and export whatever X11 display you point them at. Those are the VNC servers which come with GNOME and KDE as their remote desktop offerings. I'm not going to run 12 full xorgs on the machine. Xvnc does the correct job, just misses support for some of the security models (supports only xhost, basically) See also the discussion there about using x11vnc from inetd for spawning new X sessions on demand in response to VNC connections. that means I lose sessions on disconnect, AS WELL as get sluggy GUI reactions. that's less useful than a local Xsserver on the windows. -- Target of opportunity Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
Quoting Shachar Shemesh, from the post of Sun, 03 Feb: Ira Abramov wrote: is the RHEL-supplied Xvnc ignoring MIT-MAGIC-COOKIE because of configuration, or something missing at compile time? I believe they ignore it because their X server doesn't support it. damn... I suspected that was it :-( Time to go test their local windows Xserver and see what it DOES support. -- It's all good Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
Ira Abramov wrote: Time to go test their local windows Xserver and see what it DOES support. VNC on Windows behaves differently than on Linux. On Linux, it opens its own unique X server, and then exports its display using the VNC protocol. On Windows, VNC server exports the main Windows display. This means that if you want to export X11 programs running on Windows using VNC, you also have to explicitly run an X11 server. Which is good news. Cygwin has a Windows port of X.org, which, as you know, does support MIT cookies. Problem solved. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
On Feb 3, 2008 11:15 AM, Shachar Shemesh [EMAIL PROTECTED] wrote: VNC on Windows behaves differently than on Linux. On Linux, it opens its own unique X server, and then exports its display using the VNC protocol. On Windows, VNC server exports the main Windows display. Nowadays, you have VNC servers which act as X11 clients and export whatever X11 display you point them at. Those are the VNC servers which come with GNOME and KDE as their remote desktop offerings. Here's one: http://www.karlrunge.com/x11vnc/ BTW, those kind of VNC servers only became possible (with reasonable performance) with the introduction of the DAMAGE extension, so they pretty much have to run on a modern X server - or otherwise there'll be very CPU-intensive screen polling.
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
On Feb 3, 2008 12:49 PM, Ilya Konstantinov [EMAIL PROTECTED] wrote: On Feb 3, 2008 11:15 AM, Shachar Shemesh [EMAIL PROTECTED] wrote: VNC on Windows behaves differently than on Linux. On Linux, it opens its own unique X server, and then exports its display using the VNC protocol. On Windows, VNC server exports the main Windows display. Nowadays, you have VNC servers which act as X11 clients and export whatever X11 display you point them at. Those are the VNC servers which come with GNOME and KDE as their remote desktop offerings. Here's one: http://www.karlrunge.com/x11vnc/ BTW, those kind of VNC servers only became possible (with reasonable performance) with the introduction of the DAMAGE extension, so they pretty much have to run on a modern X server - or otherwise there'll be very CPU-intensive screen polling. This describes a configuration more like Xvnc: http://www.karlrunge.com/x11vnc/#faq-xvfb See also the discussion there about using x11vnc from inetd for spawning new X sessions on demand in response to VNC connections.
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
On Feb 3, 2008 11:15 AM, Shachar Shemesh [EMAIL PROTECTED] wrote: VNC on Windows behaves differently than on Linux. On Linux, it opens its own unique X server, and then exports its display using the VNC protocol. On Windows, VNC server exports the main Windows display. their client is a windows machine, then an unimaginately-named linux machine xserver runs Xvnc for 12 users, and from there they dispatch jobs to a cluster of CPU machines via a dispatcher whose name I forgot. The target machines already mount the same homedirs, so of course I have the MIT and XDM cookies in the .Xauthority at the far end as well. The problem is an interactive job tries to spawn at the target node but Xvnc ignores the xauth mechanism and blocks the client (and as I said - xhost + works but is too permissive) They just moved to that VNC setup because they are trying to stop using a local Xserver on the windows. they are surprised to discover vnc is slower, even though I explain the plusses and minuses. The local server is a commercial one, I was told they triend the local X from Cygwin with bad results but never gave me a full explanation. I'll have to either test the current cygwin-xorg and see if it's better for thזm, or test their propriatery/commercial Xserver-for-windows for any sort of MIT cookie support. Quoting Ilya Konstantinov, from the post of Sun, 03 Feb: Nowadays, you have VNC servers which act as X11 clients and export whatever X11 display you point them at. Those are the VNC servers which come with GNOME and KDE as their remote desktop offerings. I'm not going to run 12 full xorgs on the machine. Xvnc does the correct job, just misses support for some of the security models (supports only xhost, basically) See also the discussion there about using x11vnc from inetd for spawning new X sessions on demand in response to VNC connections. that means I lose sessions on disconnect, AS WELL as get sluggy GUI reactions. that's less useful than a local Xsserver on the windows. -- Target of opportunity Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
howdie gang! I have two clients with a similar problem: the run a job dispatcher that sends their requests to a free node in a compute cluster to run a compilation or simulation of the system. Some of those jobs are supposed to open an interactive X connection. the display is set right but of course one needs authority to access the user's display. right now it means the user has to run it with xhost + and that's just too permissive. The users run with vnc clients to Xvnc servers, that don't seem to support secure-RPC either, so looks like xhost +nis:[EMAIL PROTECTED] can't work either. is the RHEL-supplied Xvnc ignoring MIT-MAGIC-COOKIE because of configuration, or something missing at compile time? the Xsecurity manpage is not giving too many hints... Thanks, Ira. -- All your base are belong to us Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
On Feb 2, 2008 11:49 PM, Ira Abramov [EMAIL PROTECTED] wrote: howdie gang! I have two clients with a similar problem: the run a job dispatcher that sends their requests to a free node in a compute cluster to run a compilation or simulation of the system. Some of those jobs are supposed to open an interactive X connection. the display is set right but of course one needs authority to access the user's display. right now it means the user has to run it with xhost + and that's just too permissive. How about copying over the cookie using xauth nextract ... | ssh ... xauth nmerge ... (or whatever is required to pass over the cookie, you get the idea)? Also try setting up the XAUTHORITY envariable to point to a .Xauthority file with the right cookies in it. --Amos
Re: Xsecurity - how do I turn on MIT-MAGIC-COOKIE-1 and .Xauthority support?
Ira Abramov wrote: is the RHEL-supplied Xvnc ignoring MIT-MAGIC-COOKIE because of configuration, or something missing at compile time? I believe they ignore it because their X server doesn't support it. A VNC server is also an X server, which means that you are NOT using a X.org or XFree86 based server. If the server does not support an extension, then nothing you will do with the files will make it. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]