[3763] in testers
Re: More 8.2 and exmh problems
daemon@ATHENA.MIT.EDU (Aaron M. Ucko)
Mon Jul 13 10:45:19 1998
To: Jacob Morzinski <jmorzins@MIT.EDU>
Cc: bug-sipb@MIT.EDU, "Roger A. Roach" <rar@MIT.EDU>, testers@MIT.EDU
From: amu@MIT.EDU (Aaron M. Ucko)
Date: 13 Jul 1998 10:45:04 -0400
In-Reply-To: Jacob Morzinski's message of "13 Jul 1998 05:02:17 -0400"
<daemon@ATHENA.MIT.EDU> (Jacob Morzinski) writes:
> 3) Find out what happened with xauth authentication. Try to
> fix it, at least on Suns. Be nice if it could be made to
> work on SGIs too.
>
> I don't have knowledge of how to begin a solution like this.
Here's my understanding of the situation.
Athena dm is very simplistic and sticks with traditional host-based
authentication rather than futzing around with magic cookies and the
like. This is fine for most purposes, since it mostly runs on
one-user-at-a-time workstations and requires minimal effort in the
client (which is good for simplistic clients, especially those not
using a normal Xlib for whatever reason); it only really loses when
software like Tk tries to be too clever.
Since neither the Solaris nor the IRIX X server supports the SECURITY
extension, I'm not sure there's a way to generate magic cookies after
logging in, which makes things tricky. Nevertheless, I see some
options here.
(1) Convince the tcl locker maintainers to rebuild Tk with the
security check disabled.
(2) Arrange to fool Tk with the help of a program that saves your X
server's host list, clears the list, waits for some sort of
message, and then restores the host list. (I'm *pretty* sure
servers only check clients' authorization when they attempt to
open displays, so this should probably work if the client keeps
the display open the whole time.)
(3) Have exmh use some IPC mechanism other than TkSend. (Say, a pipe or
a socket or something.) I don't know how difficult this would be.
--
Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)
