Re: [gdm-list] strange XAUTHORITY setting



Hi,

On Fri, Dec 17, 2010 at 1:02 PM, Josselin Mouette <joss debian org> wrote:
> Le vendredi 17 décembre 2010 à 08:33 -0500, Ray Strode a écrit :
>> Using ~/.Xauthority caused a lot of problems so at some point in the
>> distant past we switched to putting auth cookies elsewhere.
>
> While I fully agree that having a specific cookie for each session in a
> specific file is a cleaner design, I often have trouble justifying it to
> old-schoolers who prefer .Xauthority “because it has always worked like
> that”. Do you have any real-world examples of such problems?

It's been a long time and I don't remember all the issues off hand (I
think we changed to not using ~/.Xauthority around 2.16 or earlier).

- One thing is if you have a shared home directory on NFS then you've
got multiple people writing the file at once.  libXau does have a
primitive file locking mechanism, but I think it caused problems (all
very vague)

- The files would tend to grow with stale entries over time if your
hostname changed frequently (if there was a crash or whatever before
the entry got cleaned up)

- There were issues where users would mess up the permissions of the
file on accident and then bad things would happen.

The only real advantage to using ~/.Xauthority is if you want every
machine on your network that's using  network mounted home directories
to be able to run programs on every other machine without
authentication.  There are better ways to achieve that same effect,
though, than a shared ~/.Xauthority.

Also, if someone really has a valid, specialized use case, they can
always move the auth cookie over with the xauth command in there login
scripts.

--Ray


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]