From owner-freebsd-questions Wed Jan 3 12:50: 0 2001 From owner-freebsd-questions@FreeBSD.ORG Wed Jan 3 12:49:57 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id CEC8837B400 for ; Wed, 3 Jan 2001 12:49:55 -0800 (PST) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id WAA06575; Wed, 3 Jan 2001 22:56:29 +0100 Message-ID: <3A5390B3.B531EC19@i-clue.de> Date: Wed, 03 Jan 2001 21:50:59 +0100 From: Christoph Sold Reply-To: christoph.sold@server.i-clue.de Organization: i-clue interactive X-Mailer: Mozilla 4.75 [de] (WinNT; U) X-Accept-Language: de MIME-Version: 1.0 To: Ernst de Haan Cc: FreeBSD Questions mailing list Subject: Re: Invalid MIT-MAGIC-COOKIE-1 key References: <20010103115713.A1027@c187104187.telekabel.chello.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ernst de Haan schrieb: > > I have started X as a normal user. I opened a terminal window, and executed: > > bash-2.04$ su - > Password: > # bash > bash-2.04# export DISPLAY=0:0 > bash-2.04# xterm & > bash-2.04# Xlib: connection to "0:0.0" refused by server > Xlib: Invalid MIT-MAGIC-COOKIE-1 key > Warning: This program is an suid-root program or is being run by the root > user. > The full text of the error or warning message cannot be safely formatted > in this environment. You may get a more descriptive message by running the > program as a non-root user or by removing the suid bit on the executable. > xterm Xt error: Can't open display: %s > > [1]+ Exit 1 xterm > > What's a MIT-MAGIC-COOKIE-1 key, and why do I have an invalid one? I guess > this has something to do with PAM ? > > Any pointers to documentation would be greatly appreciated. No pointers, the whole (short) story follows. Your X server accepts per default only connections from its own machine and user. You may either do 1) Display your xauth line on your standard account: bash-2.04$ xauth list automatix.here.org/unix.0 MIT-MAGIC-COOKIE-1 SoMeGRblEdaNdCryptICString1234567890 2) su to another user: bash-2.04& su - Password: # exec bash 3) Store the auth string of your first session into roots auth file: - copy the auth line from 1) above - type xauth add (do NOT type return here!) - paste the auth line, NOW type return (Note: That's one line below, mail cuts it into pieces) bash-2.04# xauth add automatix.here.org/unix.0 MIT-MAGIC-COOKIE-1 SoMeGRblEdaNdCryptICString1234567890 4) Set your DISPLAY variable: bash-2.04# export DISPLAY=localhost:0.0 5) Use X apps as usual: bash-2.04# xterm & That's the secure way to do it. Alternatively, 1) Disable access control completely: bash-2.04$ xhost + WARNING: This allows ANYONE to connect to your machine from ANY place. This includes crackers, WaReZ DooDz, and other evildoers. You have been warned. 2) su to another user: bash-2.04& su - Password: # exec bash 3) Set your DISPLAY variable: bash-2.04# export DISPLAY=localhost:0.0 4) Use X apps as usual: bash-2.04# xterm & WARNING: The second method is UNSAFE. HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message