Cygwin and XDM-AUTHENTICATION-1
Alexander Gottwald
alexander.gottwald@s1999.tu-chemnitz.de
Wed Dec 10 07:35:00 GMT 2003
On Tue, 9 Dec 2003, Terrence Branscombe wrote:
> Hi,
>
> I'm brand new to Cygwin (and X in general) and would appreciate some
> help understanding how to set up authentication with
> XDM-AUTHENTICATION-1. I'm running the latest Cygwin/XFree86 release and
> connecting to an HP AlphaServer running OpenVMS. The XDM for OpenVMS
> supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention
> anything about how the keys are generated. Does the sysadmin simply
> make up some numbers, or is there a tool for generating a specific key
> format?
man Xsecurity
The following is theoretical since I have never used it but may serve you
as a startig point.
the program xauth can be used to generate the authentication data
$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
the 56bit random key can be generated this way:
$ dd if=/dev/random count=1 | md5sum | cut -b1-14
You must tell the xserver to use the authentication data
$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/xauth.data [more options]
> First of all, does Cygwin support this method?
strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
so I guess the XDM-AUTHORIZATION is not compiled in-
> If so, I guess the next
> thing I need to know is how and where the key is supposed to be stored
> on the system running Cygwin/XFree. FInally, what command-line
> parameters are available to pass the key value to the XDM?
man xdm
DisplayManager.keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication
requires that a private key be shared between xdm
and the terminal. This resource specifies the file
containing those values. Each entry in the file
consists of a display name and the shared key. By
default, xdm does not include support for XDM-
AUTHENTICATION-1, as it requires DES which is not
generally distributable because of United States
export restrictions.
DisplayManager.DISPLAY.authName
authorize is a boolean resource which controls
whether xdm generates and uses authorization for
the local server connections. If authorization is
used, authName is a list of authorization mechaÂ
nisms to use, separated by white space. XDMCP conÂ
nections dynamically specify which authorization
mechanisms are supported, so authName is ignored in
this case. When authorize is set for a display and
authorization is not available, the user is
informed by having a different message displayed in
the login widget. By default, authorize is
``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
if XDM-AUTHORIZATION-1 is available,
``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
HTH
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723
More information about the Cygwin-xfree
mailing list