[18553] in Athena Bugs
Re: linux 8.4.17: dm not using xauth
daemon@ATHENA.MIT.EDU (Michael P Phillips)
Mon Nov 27 23:44:26 2000
Message-Id: <200011280444.XAA08706@holygrail.mit.edu>
To: Greg Hudson <ghudson@MIT.EDU>
Cc: bugs@MIT.EDU
In-Reply-To: Your message of "Mon, 27 Nov 2000 09:56:33 EST."
<200011271456.JAA23092@egyptian-gods.MIT.EDU>
Date: Mon, 27 Nov 2000 23:44:22 -0500
From: Michael P Phillips <mpp@MIT.EDU>
Thanks for the response. It helps explain some of the issues to me. I
have a few comments in reply.
I'm relatively unconcerned with trying to use xauth on a public
cluster machine; I'm concerned more with my private (Linux) Athena
workstation which I may want to grant other users access to (but don't
currently). Of course supporting two different configurations would be
annoying.
I think adding xauth-/dev/random support for those platforms (Linux) which
support it is a great idea. Possibly the Entropy Gathering Daemon might be
handy for other platforms (the openSSL project supports egd as a possible
solution to the lack of entropy, for example. I've not used it myself.)
But in general I agree that X is sucking in this arena. Thanks for explaining
how awful the state of affairs is.
> * Cluster machines don't have keytabs, and can't because they
> can't keep secrets from their users.
Not that I would wish rebuilding X with kerb support on anyone, but
doesn't it use user-to-user authentication and thus not require a
keytab? The Xsecurity manpage is misleading me, perhaps.
For now, I think I will use startx or gdm (or xdm if it works) to acquire
xauth support if I want to let other users in to the machine, or if I want
to use ssh's ability to forward X credentials around.
Thanks
Mike
