On Monday 08 September 2008 07:59:29 [EMAIL PROTECTED] wrote: > >>> I need to understand X authorization so if anybody can explain to a > >>> bear of little brain :-) > >>> > >>> Once-upon-a-time xhost + would allow anybody to write to your > >>> display. > >>> That is no longer true > >> > >> What makes you think that? There have been some changes to X > >> security > >> over the years, but the fundamental mechanisms are still in place... > > > > saturn is a CentOS 5 machine: > > > > [eeyore] /home/jam [53]% ssh -X saturn xhost + > > access control disabled, clients can connect from any host > > [eeyore] /home/jam [54]% export DISPLAY=saturn:0 && xmessage hello > > world > > Error: Can't open display: saturn:0 > > argh. WRONG WRONG WRONG. > > xhost also uses X protocol to modify the access control, so all your > first command did was disable access control in your client's X server > (on eeyore?, not on saturn).
Sorry, tried to be too clever and confused things. For this EG I am on eeyore and want to display a message on saturn, so indeed this is correct > ssh -X saturn xhost + > The reason why xhost + doesn't seem to work on a lot of linux systems > is that TCP sessions are disabled by default in most deployments > (forcing you to use unix domain sockets), forcing you to use a X11 > protocol forwarder (such as ssh) to get to the Xserver. As many have pointed out TCP is the issue. Why is port 6000 closed with no tcp ? (clearly security, is it just to disable the xhost suit of ways) How would you use ssh to run a program on eeyore, from eeyore, but display on saturn? The opposite is trivial ie display HERE a program running THERE. > If security is not a concern, start the X server on saturn with -ac so > access control is disabled completely in that server rather than > trying to xhost it. This thin clients DO (-ac) and it does not work, which is how this thread started :-) (but almost certainly the thin clients do no-tcp) Thanks James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
