[prev in list] [next in list] [prev in thread] [next in thread]
List: fwtk-users
Subject: x-gw per-user configuration (undocumented?)
From: Chris Wakelin <c.d.wakelin () reading ! ac ! uk>
Date: 1999-11-19 12:55:12
[Download RAW message or body]
[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]
Has anybody used the "user" option in the x-gw? :
x-gw: user someone -display 101
This seems to be undocumented, but makes user "someone" always get display
number 101. It is based on the "-user" option given to x-gw by the tn-gw, which
gives the authenticated username (*if* the user was authenticated, which ours
generally aren't for the x-gw).
There seems also to be a "-permit" option to automatically allow or
disallow connections to the proxied X server without asking the user:
x-gw: user someone -display 101 -permit trusted.somewhere.com
The latter is probably risky as you have no guarantee that the connection from
trusted.somewhere.com is from the correct user.
I discovered this while poking through the x-gw source code. I've made a
similar provision for per-host configuration by copying the per-user code and
making a couple of minor modifications to it; I'm not really a 'C' programmer,
but I can imitate ;-) . The result is something like
x-gw: from machine.mydomain.com -display 101
This is based on the "from" parameter passed to x-gw by tn-gw, which gives the
name of machine which connected to tn-gw (as opposed to the display host,
which may be different) ** as understood by tn-gw ** (ours gives the
fully-qualified domain name, but others may just give the hostname).
If people are intersted, ask me and I'll send you the diffs.
Best Wishes,
Chris
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--
Christopher Wakelin, c.d.wakelin@reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 931 6630
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic