Re: X-windows security in Gnome



Jim:

> But stronger authentication of connections is a "good thing"; so I'd
> recommend going the Kerberos 5 route; and it may be that the stuff
> you reference helps there (I haven't looked at it carefully; it happened
> during an era I didn't pay much attention to X).  MIT-MAGIC-COOKIE is
> pretty lame, only a step or two up from no authentication at all.

The Security Extension Specification supports any "authorization-protocol-name"
specified when the XSecurityGenerateAuthorization method is called, so
it will support Kerb5 if it is available for use with xauth.

It would be easy to write the code to first try Kerb5, and if that fails
then go with MIT-MAGIC-COOKIE.  This would support the highest X-windows
security available on the machine.

Even though MIT-MAGIC-COOKIE is only a step or two better than no 
authentication, it is still better.  And for those who have installed
Kerb5, they will get reasonable X-windows security.

Brian  




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]