From owner-freebsd-current@FreeBSD.ORG Sat Sep 6 01:32:58 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD3C816A4BF for ; Sat, 6 Sep 2003 01:32:58 -0700 (PDT) Received: from gate.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 990C043FD7 for ; Sat, 6 Sep 2003 01:32:57 -0700 (PDT) (envelope-from patl@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.13]) by gate.volant.org with asmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.33 #1) id 19vYV1-000IxK-00; Sat, 06 Sep 2003 01:32:51 -0700 Date: Sat, 06 Sep 2003 01:32:50 -0700 From: Pat Lashley To: "Steven G. Kargl" Message-ID: <779232704.1062837170@mccaffrey.phoenix.volant.org> In-Reply-To: <200309060731.h867VHlS063051@troutmask.apl.washington.edu> References: <200309060731.h867VHlS063051@troutmask.apl.washington.edu> X-Mailer: Mulberry/3.1.0b6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: freebsd-current@freebsd.org Subject: Re: PAM, X11, and su as a normal user? (fwd) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Sep 2003 08:32:58 -0000 --On Saturday, September 06, 2003 00:31:17 -0700 "Steven G. Kargl" wrote: > I don't quite understand your suggestion. > > I login as user kargl. I fire up X11 > as user kargl with startx. I use su in a > xterm to connect to my alter ego (su sgk). > Now, as user sgk I want to use a X11 client > such as nedit. AFAICT, it can't be done. > > If as user kargl, I do "ssh -X sgk@troutmask" > to login into the sgk account, I still can > not use a X11 client. Hmm. That should work fine. I do it all the time. Check the log messages to see if the SSH daemon had any non-fatal complaints. The default config for SSHd used to disable X11 forwarding. Look in /etc/ssh/sshd_config for a line which sets X11Forwarding. Make sure it is set to 'yes'. (If the line is commented out, the value listed should be the default. You might want to un-comment it and set it to 'yes' just to be sure.) After changing sshd_config you will need to send a HUP signal to the running sshd to get it to re-load its config file. (kill -HUP `cat /var/run/sshd.pid`) Oh, wait, one more thing - the shell's rc scripts for user sgk must -NOT- modify the DISPLAY environment variable - it will be set properly by ssh. -Pat