Re: xhost/Xauthority/etc?
Re: xhost/Xauthority/etc?
- Subject: Re: xhost/Xauthority/etc?
- From: Jay Levitt <email@hidden>
- Date: Thu, 05 Jun 2008 18:14:19 -0400
Brandon Allbery wrote:
On 2008 Jun 5, at 15:59, Jay Levitt wrote:
I'm using 10.5.3 with Xquartz 2.1.1. (Which itself is odd, because I
know I installed 2.2.1 over 10.5.3, and in fact the About pane says
"Xquartz 2.1.1 - (xorg-server-1.3.0-apple20)". Hmm.)
You probably forgot that Xquartz has to be reinstalled after every Apple
update because Software Update will happily overwrite the newer XQuartz
with Apple's older one. (The alternative would be Software Update
failing, which would be Bad.)
Nope, I did install 2.2.1 over 10.5.3, as I said... what I didn't do was
remember that I'd started moving apps out of the default folders (yeah, I
know, I live on the edge), and while Software Update was smart enough to
find everything, the Xquartz installer didn't. Combine that with
QuickSilver, and I was running the wrong X11. So now I'm properly running
X11.app 2.2.1.
Anyway, I am using X clients on a Fedora Core 9 machine. Every time I
restart X11.app, I need to open a terminal window and enter "xhost +"
to allow micro to connect.
It would be better to find a proper way to do this, such as ssh X11
forwarding (ssh -X -Y) or possibly copying the xauth key (man xauth).
Ah, the xauth key was the trick. (I don't want to use ssh -X -Y; I'm on a
home LAN, and SSH makes X11 very bursty.)
It's very hard these days to find useful info on X11 over a network; since
X11 is the base for every Linux desktop GUI, all that talk pops up first in
Google. Which isn't very helpful when you're trying to figure out which
commands run on the server and which run on the client. (Not to mention the
age-old client/server confusion.)
For future reference, what I did was:
* On the Mac, type "xauth list". Up comes a list of hostnames the Mac X
server knows about; they will all have MIT-MAGIC-COOKIE-1 keys. Find the
local hostname (in my case, macpro.home.jay.fm:0), and copy that line into
the clipboard.
* On the remote machine, type "xauth add" and paste the line you just copied.
* Quit X11.app, restart it, and verify that you can run xeyes on the remote
machine without any "xhost" commands on the Mac.
* success!
That said, sometimes commercial applications refuse to play by the rules
and you have to expose yourself to significant security issues (i.e.
anyone can read any password you type in) by turning off connection
authorization with xhost.
Having considered the matter carefully and done a thorough risk analysis: If
someone has broken into my 16th-floor apartment and tapped my gigabit
switch, the security of my cleartext X11 socket comes in around #7 on my
priority list.
Jay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden