Cygwin and XDM-AUTHENTICATION-1

Cygwin and XDM-AUTHENTICATION-1

[Terrence Branscombe]

[-- Attachment #1: Type: text/plain, Size: 802 bytes --]

Hi,

I'm brand new to Cygwin (and X in general) and would appreciate some 
help understanding how to set up authentication with 
XDM-AUTHENTICATION-1.  I'm running the latest Cygwin/XFree86 release and 
connecting to an HP AlphaServer running OpenVMS.  The XDM for OpenVMS 
supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention 
anything about how the keys are generated.  Does the sysadmin simply 
make up some numbers, or is there a tool for generating a specific key 
format?

First of all, does Cygwin support this method?  If so, I guess the next 
thing I need to know is how and where the key is supposed to be stored 
on the system running Cygwin/XFree.  FInally, what command-line 
parameters are available to pass the key value to the XDM?

Many thanks in advance,

Alder





[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3284 bytes --]

Re: Cygwin and XDM-AUTHENTICATION-1

[Alexander Gottwald]

On Tue, 9 Dec 2003, Terrence Branscombe wrote:

> Hi,
> 
> I'm brand new to Cygwin (and X in general) and would appreciate some 
> help understanding how to set up authentication with 
> XDM-AUTHENTICATION-1.  I'm running the latest Cygwin/XFree86 release and 
> connecting to an HP AlphaServer running OpenVMS.  The XDM for OpenVMS 
> supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention 
> anything about how the keys are generated.  Does the sysadmin simply 
> make up some numbers, or is there a tool for generating a specific key 
> format?

man Xsecurity

The following is theoretical since I have never used it but may serve you 
as a startig point.

the program xauth can be used to generate the authentication data

$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]

the 56bit random key can be generated this way:

$ dd if=/dev/random count=1 | md5sum | cut -b1-14

You must tell the xserver to use the authentication data

$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/xauth.data [more options]

> First of all, does Cygwin support this method?  

strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
so I guess the XDM-AUTHORIZATION is not compiled in-

> If so, I guess the next 
> thing I need to know is how and where the key is supposed to be stored 
> on the system running Cygwin/XFree.  FInally, what command-line 
> parameters are available to pass the key value to the XDM?

man xdm

      DisplayManager.keyFile
              XDM-AUTHENTICATION-1  style  XDMCP   authentication
              requires  that  a private key be shared between xdm
              and the terminal.  This resource specifies the file
              containing  those  values.   Each entry in the file
              consists of a display name and the shared key.   By
              default,  xdm  does  not  include  support for XDM-
              AUTHENTICATION-1, as it requires DES which  is  not
              generally  distributable  because  of United States
              export restrictions.

       DisplayManager.DISPLAY.authName
              authorize  is  a  boolean  resource  which controls
              whether xdm generates and  uses  authorization  for
              the  local server connections.  If authorization is
              used, authName is a list  of  authorization  mecha­
              nisms to use, separated by white space.  XDMCP con­
              nections dynamically  specify  which  authorization
              mechanisms are supported, so authName is ignored in
              this case.  When authorize is set for a display and
              authorization   is   not  available,  the  user  is
              informed by having a different message displayed in
              the   login   widget.   By  default,  authorize  is
              ``true.''  authName is ``MIT-MAGIC-COOKIE-1,''  or,
              if      XDM-AUTHORIZATION-1      is      available,
              ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''

HTH
	ago
-- 
 Alexander.Gottwald@s1999.tu-chemnitz.de 
 http://www.gotti.org           ICQ: 126018723

Re: **Fwd: Re: Cygwin and XDM-AUTHENTICATION-1

[Terrence Branscombe]

[-- Attachment #1: Type: text/plain, Size: 2993 bytes --]

Alexander,

Thanks for the great info.  It's certainly a good starting point as you say.

I read the Xsecurity man page along with those of xauth and xdm, but I'm 
still a little confused about terminology.  The Xsecurity page refers to 
"XDM-AUTHORIZATION-1" whereas the xdm page refer to 
"XDM-AUTHENTICATION-1".  Any idea which is authoritative?

Kind regards,
Alder

Alexander Gottwald wrote::

>man Xsecurity
>
>The following is theoretical since I have never used it but may serve you 
>as a startig point.
>
>the program xauth can be used to generate the authentication data
>
>$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>
>  
>
>the 56bit random key can be generated this way:
>
>$ dd if=/dev/random count=1 | md5sum | cut -b1-14
>
>You must tell the xserver to use the authentication data
>
>$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
>$ XWin -auth /tmp/xauth.data [more options]
>
>  
>
>>First of all, does Cygwin support this method?  
>>    
>>
>
>strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
>so I guess the XDM-AUTHORIZATION is not compiled in-
>
>  
>
>>If so, I guess the next 
>>thing I need to know is how and where the key is supposed to be stored 
>>on the system running Cygwin/XFree.  FInally, what command-line 
>>parameters are available to pass the key value to the XDM?
>>    
>>
>
>man xdm
>
>      DisplayManager.keyFile
>              XDM-AUTHENTICATION-1  style  XDMCP   authentication
>              requires  that  a private key be shared between xdm
>              and the terminal.  This resource specifies the file
>              containing  those  values.   Each entry in the file
>              consists of a display name and the shared key.   By
>              default,  xdm  does  not  include  support for XDM-
>              AUTHENTICATION-1, as it requires DES which  is  not
>              generally  distributable  because  of United States
>              export restrictions.
>
>       DisplayManager.DISPLAY.authName
>              authorize  is  a  boolean  resource  which controls
>              whether xdm generates and  uses  authorization  for
>              the  local server connections.  If authorization is
>              used, authName is a list  of  authorization  mecha­
>              nisms to use, separated by white space.  XDMCP con­
>              nections dynamically  specify  which  authorization
>              mechanisms are supported, so authName is ignored in
>              this case.  When authorize is set for a display and
>              authorization   is   not  available,  the  user  is
>              informed by having a different message displayed in
>              the   login   widget.   By  default,  authorize  is
>              ``true.''  authName is ``MIT-MAGIC-COOKIE-1,''  or,
>              if      XDM-AUTHORIZATION-1      is      available,
>              ``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
>
>HTH
>	ago
>  
>


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3284 bytes --]

Re: Cygwin and XDM-AUTHENTICATION-1

[Alexander Gottwald]

On Wed, 10 Dec 2003, Terrence Branscombe wrote:

> Alexander,
> 
> Thanks for the great info.  It's certainly a good starting point as you say.
> 
> I read the Xsecurity man page along with those of xauth and xdm, but I'm 
> still a little confused about terminology.  The Xsecurity page refers to 
> "XDM-AUTHORIZATION-1" whereas the xdm page refer to 
> "XDM-AUTHENTICATION-1".  Any idea which is authoritative?

The source (xc/lib/X11/ConnDis.c) says:
MIT-KERBEROS-5
SUN-DES-1
XDM-AUTHORIZATION-1
MIT-MAGIC-COOKIE-1

bye
	ago
-- 
 Alexander.Gottwald@s1999.tu-chemnitz.de 
 http://www.gotti.org           ICQ: 126018723