This was writen in the openssh mailinglist:
/M
>På 2000-Mar-28 klokka 22:58:03 +0200 skrivet Klaus Knopper:
>: I believe the source of the problem is the automatic setup of the
>: XAUTHORITY environment variable in different distributions
>: (Mandrake, RedHat, others...) during login. openssh seems to create
>: its own Xauthority cookie file in /tmp rather than create an entry
>: in the user's $HOME/.Xauthority (why?). After successful ssh login,
>: XAUTHORITY points to /tmp/ssh-randomstring/cookies, but the
>: shell's profiles (/etc/profile.d/xhost.* in Mandrake 7.0) reset
>: this variable to its default location $HOME/.Xauthority (except
>: for root, this is why it works in the above context). So, the
>: valid X11-cookie cannot be found by X11-applications because
>: XAUTHORITY points to the wrong file.
>Distributions that blindly set XAUTHORITY are broken. They should
>check whether it's already set first, e.g.:
>
> if [ -z "${XAUTHORITY}" ]; then
> XAUTHORITY="${HOME}/.Xauthority"
> export XAUTHORITY
> fi
>
>If the system administrator were to use PAM to set XAUTHORITY to a
>desired value on login, it would be silently overridden, in the same
>way that sshd's XAUTHORITY is. Violates principle of least surprise.
>
>If i recall correctly, the reasons why OpenSSH doesn't use
>~/.Xauthority are:
>
> (1) alleviates problems with NFS-mounted home directories.
>
> (2) authority entries can be cleaned up properly on logout instead of
> sitting around.
>
>Someone correct me there, please; i'm bound to be wrong.
>
>--
>jim knoble
>[EMAIL PROTECTED]