Re: Why does xhost+ no longer work (not seeking xauth or ssh workaround advice) ?
Re: Why does xhost+ no longer work (not seeking xauth or ssh workaround advice) ?
- Subject: Re: Why does xhost+ no longer work (not seeking xauth or ssh workaround advice) ?
- From: Todd Sampson <email@hidden>
- Date: Thu, 09 Feb 2006 09:26:14 -0500
- Thread-topic: Why does xhost+ no longer work (not seeking xauth or ssh workaround advice) ?
Title: Re: Why does xhost+ no longer work (not seeking xauth or ssh workaround advice) ?
Hi David,
I hope Leroy won’t mind me forwarding the email that he sent to me regarding this issue. It solved my problem. Lately though, I’ve switched to OroborOSX, which is an application that seems to me does what Apple’s X11 does plus it is much richer, with lots of options.
You have to quit and relaunch X11 after following the instructions below.
Regards,
todd
The parameters of the X Window server have been chosen by Apple to allow only ssh -Y connexions and remote display. Generally "xhost +hostname" is not secure. In those cases where the network is secure (or if there is no other solution), it is possible to activate the traditional method.
All you have to do is to type the following command, in a X11 xterm on your Mac :
defaults write com.apple.x11 nolisten_tcp -boolean false
You can check the value of the nolisten_tcp parameter with the command
defaults read com.apple.x11
You will see the value "nolisten_tcp" = 0 (the value was "1" before)
Note that if you change your X11 preferences via the menu X11 -> Preferences... the parameter nolisten_tcp will be reset to "1" (true); you will have to change it again.
There is another method which can be used : MIT-Magic-Cookie. You don't use xhost +, just setenv DISPLAY on the remote host. Both the X11 server and the X11 client must run xauth.
Once again xauth must be enabled on the Mac :
defaults write com.apple.x11 no_auth -boolean false
You must exchange keys between the Mac and the remote unix station. It is heavier to use, but it is secure.
I hope your problem will be solved (tell me). I can now use rlogin, rsh on remote Sun Stations and send the display to my Mac with setenv DISPLAY myhost:0.
Kind regards.
Jacques Leroy
Faculté Polytechnique
MONS (Belgium)
> From: David Clunie <email@hidden>
> Reply-To: <email@hidden>
> Date: Thu, 09 Feb 2006 07:42:06 -0500
> To: <email@hidden>
> Subject: Why does xhost+ no longer work (not seeking xauth or ssh workaround
> advice) ?
>
> I would like to know how to make xhost+ work again (and
> I don't need any patronizing lectures on why xauth or
> ssh is "better" thanks).
>
> I have been using xhost for decades on closed trusted
> internal networks and would prefer to contain to use
> the "standard" behavior in those scenarios.
>
> Something has broken recently and I would like to know
> how to fix it, not work around it. If this is hard-coded
> rather than configurable it is a bug, not a feature.
>
> Port 6000 is open on the xserver host (can telnet to it from
> another host).
>
> If I do an "xhost +" or similar, I get a message claiming
> that access control has been disabled, but then when one
> looks at the access control list the command has not had
> any effect.
>
> % setenv DISPLAY :0.0
> % xhost +
> access control disabled, clients can connect from any host
> [helgray:~] dclunie% xhost
> access control enabled, only authorized clients can connect
> INET6:localhost
> INET6:fe80::1
> INET:localhost
> INET6:helgray.local
> INET:192.168.1.100
> LOCAL:
> [helgray:~] dclunie% xhost +192.168.1.95
> 192.168.1.95 being added to access control list
> [helgray:~] dclunie% xhost
> access control enabled, only authorized clients can connect
> INET6:localhost
> INET6:fe80::1
> INET:localhost
> INET6:helgray.local
> INET:192.168.1.100
> LOCAL:
>
> On the console in which Xquartz was invoked I get the
> following message:
>
> AUDIT: Thu Feb 9 07:16:37 2006: 525 Xquartz: client 1 rejected from IP
> 192.168.1.95
>
> Am I wasting my time without finding the problem in the source
> and recompiling, or can this be configured to work ?
>
> Thanks ... David
>
> PS. None of my experiments with values of nolisten_tcp
> in ~/Library/Preferences/com.apple.X11.plist or using defaults
> to set com.apple.x11 with defaults seems to make a difference
> (despite "http://www.macosx.com/forums/showthread.php?t=265834").
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> X11-users mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden