This is the mail archive of the mailing list for the Cygwin XFree86 project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: **Fwd: Re: Cygwin and XDM-AUTHENTICATION-1


Thanks for the great info. It's certainly a good starting point as you say.

I read the Xsecurity man page along with those of xauth and xdm, but I'm still a little confused about terminology. The Xsecurity page refers to "XDM-AUTHORIZATION-1" whereas the xdm page refer to "XDM-AUTHENTICATION-1". Any idea which is authoritative?

Kind regards,

Alexander Gottwald wrote::

man Xsecurity

The following is theoretical since I have never used it but may serve you as a startig point.

the program xauth can be used to generate the authentication data

$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]

the 56bit random key can be generated this way:

$ dd if=/dev/random count=1 | md5sum | cut -b1-14

You must tell the xserver to use the authentication data

$ xauth -f /tmp/ add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/ [more options]

First of all, does Cygwin support this method?

strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE" so I guess the XDM-AUTHORIZATION is not compiled in-

If so, I guess the next thing I need to know is how and where the key is supposed to be stored on the system running Cygwin/XFree. FInally, what command-line parameters are available to pass the key value to the XDM?

man xdm

             XDM-AUTHENTICATION-1  style  XDMCP   authentication
             requires  that  a private key be shared between xdm
             and the terminal.  This resource specifies the file
             containing  those  values.   Each entry in the file
             consists of a display name and the shared key.   By
             default,  xdm  does  not  include  support for XDM-
             AUTHENTICATION-1, as it requires DES which  is  not
             generally  distributable  because  of United States
             export restrictions.

             authorize  is  a  boolean  resource  which controls
             whether xdm generates and  uses  authorization  for
             the  local server connections.  If authorization is
             used, authName is a list  of  authorization  mecha­
             nisms to use, separated by white space.  XDMCP con­
             nections dynamically  specify  which  authorization
             mechanisms are supported, so authName is ignored in
             this case.  When authorize is set for a display and
             authorization   is   not  available,  the  user  is
             informed by having a different message displayed in
             the   login   widget.   By  default,  authorize  is
             ``true.''  authName is ``MIT-MAGIC-COOKIE-1,''  or,
             if      XDM-AUTHORIZATION-1      is      available,


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]