On Tue, 9 Dec 2003, Terrence Branscombe wrote:
> Hi,
>
> I'm brand new to Cygwin (and X in general) and would appreciate some
> help understanding how to set up authentication with
> XDM-AUTHENTICATION-1. I'm running the latest Cygwin/XFree86 release and
> connecting to an HP AlphaServer running OpenVMS. The XDM for OpenVMS
> supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention
> anything about how the keys are generated. Does the sysadmin simply
> make up some numbers, or is there a tool for generating a specific key
> format?
man Xsecurity
The following is theoretical since I have never used it but may serve you
as a startig point.
the program xauth can be used to generate the authentication data
$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
the 56bit random key can be generated this way:
$ dd if=/dev/random count=1 | md5sum | cut -b1-14
You must tell the xserver to use the authentication data
$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/xauth.data [more options]
> First of all, does Cygwin support this method?
strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
so I guess the XDM-AUTHORIZATION is not compiled in-
> If so, I guess the next
> thing I need to know is how and where the key is supposed to be stored
> on the system running Cygwin/XFree. FInally, what command-line
> parameters are available to pass the key value to the XDM?
man xdm
DisplayManager.keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication
requires that a private key be shared between xdm
and the terminal. This resource specifies the file
containing those values. Each entry in the file
consists of a display name and the shared key. By
default, xdm does not include support for XDM-
AUTHENTICATION-1, as it requires DES which is not
generally distributable because of United States
export restrictions.
DisplayManager.DISPLAY.authName
authorize is a boolean resource which controls
whether xdm generates and uses authorization for
the local server connections. If authorization is
used, authName is a list of authorization mecha�
nisms to use, separated by white space. XDMCP con�
nections dynamically specify which authorization
mechanisms are supported, so authName is ignored in
this case. When authorize is set for a display and
authorization is not available, the user is
informed by having a different message displayed in
the login widget. By default, authorize is
``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
if XDM-AUTHORIZATION-1 is available,
``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
HTH
ago
--
[EMAIL PROTECTED]
http://www.gotti.org ICQ: 126018723
