**Fwd: Re: Cygwin and XDM-AUTHENTICATION-1

Terrence Branscombe ue191@victoria.tc.ca
Thu Dec 11 07:12:00 GMT 2003 

Alexander,

Thanks for the great info.  It's certainly a good starting point as you say.

I read the Xsecurity man page along with those of xauth and xdm, but I'm 
still a little confused about terminology.  The Xsecurity page refers to 
"XDM-AUTHORIZATION-1" whereas the xdm page refer to 
"XDM-AUTHENTICATION-1".  Any idea which is authoritative?

Kind regards,
Alder

Alexander Gottwald wrote::

>man Xsecurity
>
>The following is theoretical since I have never used it but may serve you 
>as a startig point.
>
>the program xauth can be used to generate the authentication data
>
>$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>
>  
>
>the 56bit random key can be generated this way:
>
>$ dd if=/dev/random count=1 | md5sum | cut -b1-14
>
>You must tell the xserver to use the authentication data
>
>$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>$ XWin -auth /tmp/xauth.data [more options]
>
>  
>
>>First of all, does Cygwin support this method?  
>>    
>>
>
>strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
>so I guess the XDM-AUTHORIZATION is not compiled in-
>
>  
>
>>If so, I guess the next 
>>thing I need to know is how and where the key is supposed to be stored 
>>on the system running Cygwin/XFree.  FInally, what command-line 
>>parameters are available to pass the key value to the XDM?
>>    
>>
>
>man xdm
>
>      DisplayManager.keyFile
>              XDM-AUTHENTICATION-1  style  XDMCP   authentication
>              requires  that  a private key be shared between xdm
>              and the terminal.  This resource specifies the file
>              containing  those  values.   Each entry in the file
>              consists of a display name and the shared key.   By
>              default,  xdm  does  not  include  support for XDM-
>              AUTHENTICATION-1, as it requires DES which  is  not
>              generally  distributable  because  of United States
>              export restrictions.
>
>       DisplayManager.DISPLAY.authName
>              authorize  is  a  boolean  resource  which controls
>              whether xdm generates and  uses  authorization  for
>              the  local server connections.  If authorization is
>              used, authName is a list  of  authorization  mecha­
>              nisms to use, separated by white space.  XDMCP con­
>              nections dynamically  specify  which  authorization
>              mechanisms are supported, so authName is ignored in
>              this case.  When authorize is set for a display and
>              authorization   is   not  available,  the  user  is
>              informed by having a different message displayed in
>              the   login   widget.   By  default,  authorize  is
>              ``true.''  authName is ``MIT-MAGIC-COOKIE-1,''  or,
>              if      XDM-AUTHORIZATION-1      is      available,
>              ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
>
>HTH
>	ago
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3284 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://cygwin.com/pipermail/cygwin-xfree/attachments/20031211/099331df/attachment.bin>

More information about the Cygwin-xfree mailing list