This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: Cygwin and XDM-AUTHENTICATION-1
- From: Alexander Gottwald <alexander dot gottwald at s1999 dot tu-chemnitz dot de>
- To: cygwin-xfree at cygwin dot com
- Date: Wed, 10 Dec 2003 08:35:14 +0100 (MET)
- Subject: Re: Cygwin and XDM-AUTHENTICATION-1
- References: <3FD63179.1030009@victoria.tc.ca>
- Reply-to: cygwin-xfree at cygwin dot com
On Tue, 9 Dec 2003, Terrence Branscombe wrote:
> Hi,
>
> I'm brand new to Cygwin (and X in general) and would appreciate some
> help understanding how to set up authentication with
> XDM-AUTHENTICATION-1. I'm running the latest Cygwin/XFree86 release and
> connecting to an HP AlphaServer running OpenVMS. The XDM for OpenVMS
> supports the XDM-AUTHENTICATION-1 method, but the docs fail to mention
> anything about how the keys are generated. Does the sysadmin simply
> make up some numbers, or is there a tool for generating a specific key
> format?
man Xsecurity
The following is theoretical since I have never used it but may serve you
as a startig point.
the program xauth can be used to generate the authentication data
$ xauth add displayname:0.0 XDM-AUTHORIZATION-1 [key]
the 56bit random key can be generated this way:
$ dd if=/dev/random count=1 | md5sum | cut -b1-14
You must tell the xserver to use the authentication data
$ xauth -f /tmp/xauth.data add displayname:0.0 XDM-AUTHORIZATION-1 [key]
$ XWin -auth /tmp/xauth.data [more options]
> First of all, does Cygwin support this method?
strings XWin.exe revealed no string "XDM-AUTHORIZATION-1" but "MIT-MAGIC-COOKIE"
so I guess the XDM-AUTHORIZATION is not compiled in-
> If so, I guess the next
> thing I need to know is how and where the key is supposed to be stored
> on the system running Cygwin/XFree. FInally, what command-line
> parameters are available to pass the key value to the XDM?
man xdm
DisplayManager.keyFile
XDM-AUTHENTICATION-1 style XDMCP authentication
requires that a private key be shared between xdm
and the terminal. This resource specifies the file
containing those values. Each entry in the file
consists of a display name and the shared key. By
default, xdm does not include support for XDM-
AUTHENTICATION-1, as it requires DES which is not
generally distributable because of United States
export restrictions.
DisplayManager.DISPLAY.authName
authorize is a boolean resource which controls
whether xdm generates and uses authorization for
the local server connections. If authorization is
used, authName is a list of authorization mecha
nisms to use, separated by white space. XDMCP con
nections dynamically specify which authorization
mechanisms are supported, so authName is ignored in
this case. When authorize is set for a display and
authorization is not available, the user is
informed by having a different message displayed in
the login widget. By default, authorize is
``true.'' authName is ``MIT-MAGIC-COOKIE-1,'' or,
if XDM-AUTHORIZATION-1 is available,
``XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1.''
HTH
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723