Date: Wed, 13 Jun 2007 13:45:06 -0400 From: "Eric W. Bates" <ericx@vineyard.net> To: freebsd-x11@freebsd.org Subject: Re: Invalid MIT-MAGIC-COOKIE after 7.2 upgrade Message-ID: <46702D22.3010108@vineyard.net> In-Reply-To: <46700C33.2080300@vineyard.net> References: <466D8682.10905@vineyard.net> <466DB363.1070806@vineyard.net> <46700C33.2080300@vineyard.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Fixed.
The 6.9 version of startx was, in fact, executing xauth to create/add
session cookies which ssh, in turn, was copying over to remote machines
to give them authority to display on the originating X server.
The xinit source file startx.cpp has a conditional which tests for the
executable 'mcookie' (which doesn't appear to exist anywhere in ports?).
If mcookie can be found, it appears that the compile will include an
additional snippet which will behave similarly as in the past. However,
the older behavior using /dev/urandom does not appear to be available.
To restore the old behavior, I added the following to the installed
/usr/local/bin/startx:
***************
*** 107,112 ****
--- 102,119 ----
fi
removelist=
+
+ # set up default Xauth info for this machine
+ authdisplay=${display:-:0}
+ mcookie=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | hexdump -e
\\"%08x\\"`
+ for displayname in $authdisplay `hostname`$authdisplay; do
+ if ! xauth list "$displayname" | grep "$displayname " >/dev/null
2>&1; then
+ xauth add $displayname . $mcookie
+ removelist="$displayname $removelist"
+ fi
+ done
+
+
xinit $client $clientargs -- $server $display $serverargs
Perhaps it is inappropriate to expect startx to configure .Xauthority?
Anyone suggest a better login methodology?
Thanks.
Eric W. Bates wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Seems xauth is not being invoked to create an authentication cookie when
> I use startx.
>
> I'm still digging and comparing with the 6.9 version of xorg; but can
> anyone shorten this for me?
>
> Does xauth create the cookies?
>
> Do fresh ones normally get created every time you start a session?
>
> Can cookies hang around indefinitely? i.e. can I just add some to my
> .Xauthority file and forget about this?
>
> Does startx do the xauth invocation, or xinit or some other tool in the
> chain?
>
> Thanks for your time.
>
> Eric W. Bates wrote:
>> hm...
>>
>> I can't actually launch a local X process. KDE starts, and apache and
>> Thunderbird launch (because of a saved session); but I can't start an X
>> process from a command line:
>>
>> $ echo $DISPLAY
>> :0
>> $ xterm
>> Xlib: connection to ":0.0" refused by server
>> Xlib: No protocol specified
>>
>> That explains why ssh forwarding fails... but I'm still clueless.
>>
>> Eric W. Bates wrote:
>>> Anyone else run into X authentication issues after the 7.2 upgrade?
>>> I get the same error from every machine I ssh to after the 6.9 --> 7.2
>>> upgrade process:
>>> Xlib: connection to "localhost:10.0" refused by server
>>> Xlib: Invalid MIT-MAGIC-COOKIE-1 key
>>> Thanks.
>> _______________________________________________
>> freebsd-x11@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-x11
>> To unsubscribe, send any mail to "freebsd-x11-unsubscribe@freebsd.org"
>>
>
> - --
> Eric W. Bates
> ericx@vineyard.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGcAwzD1roJTQ4LlERAm4NAJ4yNVd1QdVVre4Plv7OZ3tkHbV0owCgsXH7
> GXqzYROvrTbdVzuupqODnz4=
> =sAZs
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-x11@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-x11
> To unsubscribe, send any mail to "freebsd-x11-unsubscribe@freebsd.org"
>
>
--
Eric W. Bates
ericx@vineyard.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46702D22.3010108>