Hi everyone, I'm trying to understand the internals of the xauth authentification protocol, especially in the context of making the X display accessible to locally running Docker containers.
I know if I add a cookie to the ".Xauthority" file of the X session owner and a guest has the same MIT-MAGIC-COOKIE-1 that later is granted access to the X server. And indeed it works nicely. But I try to understand *how* it works. There are at least three things that are not clear in my mind. And Xserver(1) and Xsecurity(7) were not of very much help here: 1) When is the "$XAUTHORITY" file (re-)read by the server? ================================================ According to the Xauth man: """ Note that this program [xauth] does not contact the X server except when the generate command is used. """ But it _seems_ to me when I update the cookie with "xauth add ..." from Xephyr, the X server takes that change into account immediately. Does that mean the ".Xauthority" file of the session owner is checked each time a new client is trying to connect to the server? 2) When is the system authorization cookie generated? ================================================ On my system, Xorg (Debian Linux w/lightdm) is started with the option "-auth /var/run/lightdm/root/:0" ":0" is an xauth file. If I understand it correctly, this is the authorization file the client $AUTHORIZATION credentials are checked against. But how that ":0" file is initially populated? On my system, the cookie seems to change each time I restart the X server. But somehow the new cookie _seems_ to be propagated to the logged in user $XAUTHORIZATION file. Is there a way to ensure a cookie will remain valid across Xorg restarts? 3) Are Xorg and Xephyr handling xauth the same way? ================================================ I'm using both a genuine Xorg server and Xephyr. Are both of them consistent in their way to handle xauth authorizations? Sorry for that long message. But as you've seen, things are unclear in my mind. So any comment or pointer to the relevant documentation would be very appreciated. Thanks in advance for your help, - Sylvain PS/FWIW I'm running: - Linux Debian 9.0 - xfce 4.12 - lightdm 1.18 - xorg/xephyr 1.19.2 -- -- Sylvain Leroux -- sylv...@chicoree.fr -- http://www.chicoree.fr _______________________________________________ email@example.com: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: https://lists.x.org/mailman/listinfo/xorg Your subscription address: %(user_address)s