From owner-freebsd-questions  Sat Apr 20 16:40:57 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id QAA08427
          for questions-outgoing; Sat, 20 Apr 1996 16:40:57 -0700 (PDT)
Received: from Fieber-John.campusview.indiana.edu (Fieber-John.campusview.indiana.edu [149.159.1.34])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id QAA08418
          for <questions@freebsd.org>; Sat, 20 Apr 1996 16:40:53 -0700 (PDT)
Received: from localhost (jfieber@localhost) by Fieber-John.campusview.indiana.edu (8.6.12/8.6.12) with SMTP id SAA01391; Sat, 20 Apr 1996 18:40:47 -0500
X-Authentication-Warning: Fieber-John.campusview.indiana.edu: jfieber owned process doing -bs
Date: Sat, 20 Apr 1996 18:40:46 -0500 (EST)
From: John Fieber <jfieber@indiana.edu>
X-Sender: jfieber@Fieber-John.campusview.indiana.edu
To: Khetan Gajjar <khetan@iafrica.com>
cc: questions@freebsd.org
Subject: Re: xhost
In-Reply-To: <Pine.BSF.3.91.960421004940.239B-100000@localhost.iafrica.com>
Message-ID: <Pine.NEB.3.93.960420182316.435H-100000@Fieber-John.campusview.indiana.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 21 Apr 1996, Khetan Gajjar wrote:

> Everytime I run xdm, I then have to login as root, xhost + and
> then restart xdm.

I'm not exactly sure I follow...

> Anyway I can get xhost to retain it's settings permanently (i.e. xhost + 
> - all clients)  ? It doens't seem to retain settings.....

You put whatever xhost command you want to execute in your
$HOME/.xsession file.  However, using xhost is a Bad Thing in terms
of security since it allows *anyone* on the remote system unrestricted
access to your display and keyboard.  

A better way is using xauth.  When you log in via xdm, it creates an
entry in your $HOME/.Xauthority file that contains a session key that
clients must present to be allowed to connect.  For remote hosts, you
have to transfer that information from your local .Xauthority file to
the remote one.  I use the script below start up an xterm on another
host. It certainly isn't perfect security, but its much better than
xhost. See the xauth man page for more information.

  #!/bin/sh
  host=`basename $0`
  xauth extract - `hostname`:0 | rsh $host xauth merge -
  xon $host xterm -n $host -T $host -ls

It gets the name of the remote host from the name of the script, i.e.
if the script was named `copper', the host would be copper.  You can
just make one script and use links or copy it for other hosts.

-john

== jfieber@indiana.edu ===========================================
== http://fallout.campusview.indiana.edu/~jfieber ================