Re: [CentOS] X11 connection rejected because of wrong authentication
On 25 November 2013 01:08, Timothy Murphy gayle...@eircom.net wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it. Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution? Too little information at present to tell. Does it work if the system is in permissive? Did you ever have the system in disabled and then switched to permissive/enforcing? Do you have xauth installed? 9 times out of 10 with this message it's just that there is no (or incorrect) .Xauthority so the X server rightfully denies the untrusted connection. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11 connection rejected because of wrong authentication
James Hogarth wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? .. Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution? Too little information at present to tell. Does it work if the system is in permissive? The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above. Did you ever have the system in disabled and then switched to permissive/enforcing? No, CentOS-6.4 was recently installed, and the system has always been in permissive mode. Do you have xauth installed? This is the response to yum install xauth: Package 1:xorg-x11-xauth-1.0.2-7.1.el6.x86_64 already installed and latest version 9 times out of 10 with this message it's just that there is no (or incorrect) .Xauthority so the X server rightfully denies the untrusted connection. On the server === [tim@grover ~]$ ls -lsZ .Xauthority -rw---. tim tim unconfined_u:object_r:xauth_home_t:s0 .Xauthority === Same on the connecting laptop === [tim@rose ~]$ ls -lsZ .Xauthority -rw---. tim tim unconfined_u:object_r:xauth_home_t:s0 .Xauthority === Incidentally, if there was something wrong with .Xauthority shouldn't sealert point this out? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11 connection rejected because of wrong authentication
On 25 November 2013 11:15, Timothy Murphy gayle...@eircom.net wrote: James Hogarth wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? .. Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution? Too little information at present to tell. Does it work if the system is in permissive? The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above. Just to be clear - does it work (X forwarding) as it is now with the system in permissive mode ... Does it only fail after you go setenforce 1 ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11 connection rejected because of wrong authentication
On Sun, November 24, 2013 20:08, Timothy Murphy wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it. Am I right in thinking the message arises from my remote connection? Yes. It arises from your ssh connection. You are probably using the -Y or -X option with xauth. And if so, is there a simple solution? Perhaps. The error you have is caused by one of two things: 1. incorrect SELinux settings on the ~/.Xauthority file or your home directory. Run restorcon -vR ~ to fix those. 2. incorrect ownership or permissions on ~/.Xauthority. The second condition can also be triggered by logging in via ssh as one user and su -l to another on the remote host. In my case I find that the second circumstance is the most frequent cause of the exact error you report. HTH -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11 connection rejected because of wrong authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 08:50 AM, James B. Byrne wrote: On Sun, November 24, 2013 20:08, Timothy Murphy wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it. Am I right in thinking the message arises from my remote connection? Yes. It arises from your ssh connection. You are probably using the -Y or -X option with xauth. And if so, is there a simple solution? Perhaps. The error you have is caused by one of two things: 1. incorrect SELinux settings on the ~/.Xauthority file or your home directory. Run restorcon -vR ~ to fix those. 2. incorrect ownership or permissions on ~/.Xauthority. The second condition can also be triggered by logging in via ssh as one user and su -l to another on the remote host. In my case I find that the second circumstance is the most frequent cause of the exact error you report. HTH What AVC messages are you getting? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKTVwYACgkQrlYvE4MpobPk+wCfdWhaWr9nWb9+qoPEndU2yfek iiwAnjJnV4j868i8g98SZt2sByxYIv72 =ur4z -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X11 connection rejected because of wrong authentication
James Hogarth wrote: I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? .. Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution? Too little information at present to tell. Does it work if the system is in permissive? The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above. Just to be clear - does it work (X forwarding) as it is now with the system in permissive mode ... Does it only fail after you go setenforce 1 ? The system works perfectly (with X forwarding) in permissive mode. I haven't tried it in enforcing mode, as it is a remote server and it would be inconvenient if I could not communicate with it. It has been suggested to me that the problem has nothing to do with selinux. The reason I thought there was a connection is that the warning only appears in the output of sealert. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
