**Fwd: Re: Cygwin and XDM-AUTHENTICATION-1
Terrence Branscombe
ue191@victoria.tc.ca
Thu Dec 11 07:12:00 GMT 2003
Alexander,
Thanks for the great info. It's certainly a good starting point as you say.
I read the Xsecurity man page along with those of xauth and xdm, but I'm
still a little confused about terminology. The Xsecurity page refers to
"XDM-AUTHORIZATION-1" whereas the xdm page refer to
"XDM-AUTHENTICATION-1". Any idea which is authoritative?
Kind regards,
Alder
Alexander Gottwald wrote::
>man Xsecurity
>
>The following is theoretical since I have never used it but may serve you
>as a startig point.
>
>the program xauth can be used to generate the authentication data
>
>$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>
>
>
>the 56bit random key can be generated this way:
>
>$ dd if=/dev/random count=1 | md5sum | cut -b1-14
>
>You must tell the xserver to use the authentication data
>
>$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>$ XWin -auth /tmp/xauth.data [more options]
>
>
>
>>First of all, does Cygwin support this method?
>>
>>
>
>strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
>so I guess the XDM-AUTHORIZATION is not compiled in-
>
>
>
>>If so, I guess the next
>>thing I need to know is how and where the key is supposed to be stored
>>on the system running Cygwin/XFree. FInally, what command-line
>>parameters are available to pass the key value to the XDM?
>>
>>
>
>man xdm
>
> DisplayManager.keyFile
> XDM-AUTHENTICATION-1 style XDMCP authentication
> requires that a private key be shared between xdm
> and the terminal. This resource specifies the file
> containing those values. Each entry in the file
> consists of a display name and the shared key. By
> default, xdm does not include support for XDM-
> AUTHENTICATION-1, as it requires DES which is not
> generally distributable because of United States
> export restrictions.
>
> DisplayManager.DISPLAY.authName
> authorize is a boolean resource which controls
> whether xdm generates and uses authorization for
> the local server connections. If authorization is
> used, authName is a list of authorization mechaÂ
> nisms to use, separated by white space. XDMCP conÂ
> nections dynamically specify which authorization
> mechanisms are supported, so authName is ignored in
> this case. When authorize is set for a display and
> authorization is not available, the user is
> informed by having a different message displayed in
> the login widget. By default, authorize is
> ``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
> if XDM-AUTHORIZATION-1 is available,
> ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
>
>HTH
> ago
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3284 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://cygwin.com/pipermail/cygwin-xfree/attachments/20031211/099331df/attachment.bin>
More information about the Cygwin-xfree
mailing list