[3676] in testers
Re: sun4 8.2.4: sshd
daemon@ATHENA.MIT.EDU (Dan Winship)
Fri Jun 26 12:48:14 1998
To: Greg Hudson <ghudson@MIT.EDU>
Cc: "Kevin L. Mitchell <klmitch@MIT.EDU>" <klmitch@MIT.EDU>, testers@MIT.EDU
In-Reply-To: Your message of "Fri, 26 Jun 1998 12:15:06 EDT."
<199806261615.MAA13257@small-gods.mit.edu>
Date: Fri, 26 Jun 1998 12:48:08 EDT
From: Dan Winship <danw@MIT.EDU>
> * Create a directory /tmp/xauth-$USER and set XAUTHORITY to
> /tmp/xauth-$USER/Xauthority. This proposal has the
> advantage that we can do it totally in /etc/sshrc running as
> the user.
Well, if you're not using ~/.Xauthority for the authority file, you
need to set the XAUTHORITY environment variable, which you can't do
from sshrc, because its environment doesn't reach the login
environment.
I'd had an idea for getting around this is to create ~/.Xauthority as
a symlink to /tmp/xauth-$USER/Xauthority. But this behaves
sufficiently poorly if the user ever wants to use xauth without ssh
that I think it's the wrong thing.
I think I vote for a combination of your two suggestions: hack sshd,
but make it use directories in /tmp so we don't have to worry about
cleanup. I'm not concerned about the denial of service issue: if
someone tries that on you, you can just complain to the machine
maintainer and they can smite the offending user.
-- Dan
