Re: [gdm-list] Why do GDM 2.22.0 set xauth file owner as login user



Hi,

> However, GDM 2.22.0 takes a new way, a new xauth file is created for
> each time calling "AddUserAuthorization", There's always only one entry
> in file. This might be difficult to support multiple displays. It would
> be better if we could copy Xauth key to "$HOME/.Xauthority" like old
> GDM 2.20. Any idea?
So storing gdm's user session cookie in ~/.Xauthority causes pain with
no real value.

The advantage is something like "I have an nfs mounted home directory
and i want immediate access to all X displays that are currently
logged in"

But this advantage isn't real.

1) we don't really support logging in more than once with the same
home directory anyway in gnome (although i've recently commited some
patches to bonobo and gconf to help this)
2) it requires all the displays listening for tcp connections and not
be firewalled off
3) it means things go over the wire in the clear.

The modern day answer to this is "ssh -Y" which generates it's own,
cookie and moves X traffic through a tunnel.

The problems it causes are with root squashing nfs home directories,
encrypted home directories, pam_mkhomedir etc.

The old gdm had an "unbreak me" options like NeverPlaceCookiesOnNFS
and  the pair (UserAuthDir="" ,  UserAuthFBDir="/tmp") to work around
the problems.

Note, the XAUTHORITY environment variable is set to the correct
location of the auth cookies, so anything that needs access to the
cookie should be able to find it.

Is this breaking something for you guys?  If so, maybe we can figure
out a fix together.

--Ray


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]