public inbox for cygwin-xfree@sourceware.org
help / color / mirror / Atom feed
* Cygwin and XDM-AUTHENTICATION-1
@ 2003-12-09 20:33 Terrence Branscombe
2003-12-10 7:35 ` Alexander Gottwald
0 siblings, 1 reply; 4+ messages in thread
From: Terrence Branscombe @ 2003-12-09 20:33 UTC (permalink / raw)
To: cygwin-xfree
[-- Attachment #1: Type: text/plain, Size: 802 bytes --]
Hi,
I'm brand new to Cygwin (and X in general) and would appreciate some
help understanding how to set up authentication with
XDM-AUTHENTICATION-1. I'm running the latest Cygwin/XFree86 release and
connecting to an HP AlphaServer running OpenVMS. The XDM for OpenVMS
supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention
anything about how the keys are generated. Does the sysadmin simply
make up some numbers, or is there a tool for generating a specific key
format?
First of all, does Cygwin support this method? If so, I guess the next
thing I need to know is how and where the key is supposed to be stored
on the system running Cygwin/XFree. FInally, what command-line
parameters are available to pass the key value to the XDM?
Many thanks in advance,
Alder
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3284 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Cygwin and XDM-AUTHENTICATION-1
2003-12-09 20:33 Cygwin and XDM-AUTHENTICATION-1 Terrence Branscombe
@ 2003-12-10 7:35 ` Alexander Gottwald
2003-12-11 7:12 ` **Fwd: " Terrence Branscombe
0 siblings, 1 reply; 4+ messages in thread
From: Alexander Gottwald @ 2003-12-10 7:35 UTC (permalink / raw)
To: cygwin-xfree
On Tue, 9 Dec 2003, Terrence Branscombe wrote:
> Hi,
>
> I'm brand new to Cygwin (and X in general) and would appreciate some
> help understanding how to set up authentication with
> XDM-AUTHENTICATION-1. I'm running the latest Cygwin/XFree86 release and
> connecting to an HP AlphaServer running OpenVMS. The XDM for OpenVMS
> supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention
> anything about how the keys are generated. Does the sysadmin simply
> make up some numbers, or is there a tool for generating a specific key
> format?
man Xsecurity
The following is theoretical since I have never used it but may serve you
as a startig point.
the program xauth can be used to generate the authentication data
$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
the 56bit random key can be generated this way:
$ dd if=/dev/random count=1 | md5sum | cut -b1-14
You must tell the xserver to use the authentication data
$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/xauth.data [more options]
> First of all, does Cygwin support this method?
strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
so I guess the XDM-AUTHORIZATION is not compiled in-
> If so, I guess the next
> thing I need to know is how and where the key is supposed to be stored
> on the system running Cygwin/XFree. FInally, what command-line
> parameters are available to pass the key value to the XDM?
man xdm
DisplayManager.keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication
requires that a private key be shared between xdm
and the terminal. This resource specifies the file
containing those values. Each entry in the file
consists of a display name and the shared key. By
default, xdm does not include support for XDM-
AUTHENTICATION-1, as it requires DES which is not
generally distributable because of United States
export restrictions.
DisplayManager.DISPLAY.authName
authorize is a boolean resource which controls
whether xdm generates and uses authorization for
the local server connections. If authorization is
used, authName is a list of authorization mechaÂ
nisms to use, separated by white space. XDMCP conÂ
nections dynamically specify which authorization
mechanisms are supported, so authName is ignored in
this case. When authorize is set for a display and
authorization is not available, the user is
informed by having a different message displayed in
the login widget. By default, authorize is
``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
if XDM-AUTHORIZATION-1 is available,
``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
HTH
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: **Fwd: Re: Cygwin and XDM-AUTHENTICATION-1
2003-12-10 7:35 ` Alexander Gottwald
@ 2003-12-11 7:12 ` Terrence Branscombe
2003-12-11 9:02 ` Alexander Gottwald
0 siblings, 1 reply; 4+ messages in thread
From: Terrence Branscombe @ 2003-12-11 7:12 UTC (permalink / raw)
To: cygwin-xfree
[-- Attachment #1: Type: text/plain, Size: 2993 bytes --]
Alexander,
Thanks for the great info. It's certainly a good starting point as you say.
I read the Xsecurity man page along with those of xauth and xdm, but I'm
still a little confused about terminology. The Xsecurity page refers to
"XDM-AUTHORIZATION-1" whereas the xdm page refer to
"XDM-AUTHENTICATION-1". Any idea which is authoritative?
Kind regards,
Alder
Alexander Gottwald wrote::
>man Xsecurity
>
>The following is theoretical since I have never used it but may serve you
>as a startig point.
>
>the program xauth can be used to generate the authentication data
>
>$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>
>
>
>the 56bit random key can be generated this way:
>
>$ dd if=/dev/random count=1 | md5sum | cut -b1-14
>
>You must tell the xserver to use the authentication data
>
>$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>$ XWin -auth /tmp/xauth.data [more options]
>
>
>
>>First of all, does Cygwin support this method?
>>
>>
>
>strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
>so I guess the XDM-AUTHORIZATION is not compiled in-
>
>
>
>>If so, I guess the next
>>thing I need to know is how and where the key is supposed to be stored
>>on the system running Cygwin/XFree. FInally, what command-line
>>parameters are available to pass the key value to the XDM?
>>
>>
>
>man xdm
>
> DisplayManager.keyFile
> XDM-AUTHENTICATION-1 style XDMCP authentication
> requires that a private key be shared between xdm
> and the terminal. This resource specifies the file
> containing those values. Each entry in the file
> consists of a display name and the shared key. By
> default, xdm does not include support for XDM-
> AUTHENTICATION-1, as it requires DES which is not
> generally distributable because of United States
> export restrictions.
>
> DisplayManager.DISPLAY.authName
> authorize is a boolean resource which controls
> whether xdm generates and uses authorization for
> the local server connections. If authorization is
> used, authName is a list of authorization mechaÂ
> nisms to use, separated by white space. XDMCP conÂ
> nections dynamically specify which authorization
> mechanisms are supported, so authName is ignored in
> this case. When authorize is set for a display and
> authorization is not available, the user is
> informed by having a different message displayed in
> the login widget. By default, authorize is
> ``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
> if XDM-AUTHORIZATION-1 is available,
> ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
>
>HTH
> ago
>
>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3284 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Cygwin and XDM-AUTHENTICATION-1
2003-12-11 7:12 ` **Fwd: " Terrence Branscombe
@ 2003-12-11 9:02 ` Alexander Gottwald
0 siblings, 0 replies; 4+ messages in thread
From: Alexander Gottwald @ 2003-12-11 9:02 UTC (permalink / raw)
To: cygwin-xfree
On Wed, 10 Dec 2003, Terrence Branscombe wrote:
> Alexander,
>
> Thanks for the great info. It's certainly a good starting point as you say.
>
> I read the Xsecurity man page along with those of xauth and xdm, but I'm
> still a little confused about terminology. The Xsecurity page refers to
> "XDM-AUTHORIZATION-1" whereas the xdm page refer to
> "XDM-AUTHENTICATION-1". Any idea which is authoritative?
The source (xc/lib/X11/ConnDis.c) says:
MIT-KERBEROS-5
SUN-DES-1
XDM-AUTHORIZATION-1
MIT-MAGIC-COOKIE-1
bye
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-12-11 7:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-12-09 20:33 Cygwin and XDM-AUTHENTICATION-1 Terrence Branscombe
2003-12-10 7:35 ` Alexander Gottwald
2003-12-11 7:12 ` **Fwd: " Terrence Branscombe
2003-12-11 9:02 ` Alexander Gottwald
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).