[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-xorg
Subject: Re: hostname change breaks X - how to connect 127.0.0.1 ?
From: Keith Packard <keithp () keithp ! com>
Date: 2004-08-31 21:39:09
Message-ID: E1C2GLN-0002Aa-N5 () evo ! keithp ! com
[Download RAW message or body]
Around 20 o'clock on Aug 31, Alan Cox wrote:
> Especially since DNS is not trustable so hostnames are not trustable so X
> host based auth is worth rather less than you might think (ie near zilch).
We're not discussing the (obviously insecure) host based auth scheme here,
but rather the local hostname-based keying of the shared secret key auth
schemes (MIT-MAGIC-COOKIE-1 and XDM-AUTHORIZATION-1). The database of
avaialble secrets is keyed off of the local hostname so that multiple
hosts can share the same key file. The database is *also* keyed off of
the display number, so multiple displays on the same machine are supported.
If the database contains an entry with an empty hostname, it will match
any hostname, so a .Xauthority file which is used only on a single host
could use this method quite reliably.
Not that MIT-MAGIC-COOKIE-1 is secure when used across a bare X network
connection, but it is fine when tunneled over ssh.
-keith
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic