Re: X-windows security in Gnome
- From: Brian Cameron <Brian Cameron sun com>
- To: Brian Cameron sun com, Jim Gettys hp com
- Cc: gnome-hackers gnome org, jwz jwz org
- Subject: Re: X-windows security in Gnome
- Date: Fri, 17 May 2002 09:59:00 +0100 (BST)
Jim:
> But stronger authentication of connections is a "good thing"; so I'd
> recommend going the Kerberos 5 route; and it may be that the stuff
> you reference helps there (I haven't looked at it carefully; it happened
> during an era I didn't pay much attention to X). MIT-MAGIC-COOKIE is
> pretty lame, only a step or two up from no authentication at all.
The Security Extension Specification supports any "authorization-protocol-name"
specified when the XSecurityGenerateAuthorization method is called, so
it will support Kerb5 if it is available for use with xauth.
It would be easy to write the code to first try Kerb5, and if that fails
then go with MIT-MAGIC-COOKIE. This would support the highest X-windows
security available on the machine.
Even though MIT-MAGIC-COOKIE is only a step or two better than no
authentication, it is still better. And for those who have installed
Kerb5, they will get reasonable X-windows security.
Brian
_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
