XConfig - Access control/security

Access control/security

The X protocol allows the X server and the X clients to be run on different computers. If you are concerned about your passwords or you didn't want to show your love-mails to anyone other, you have to do some form of access control. There are two methods of access control, host and token authentication.

Host authentication

With host authentication you are able to accept connections based upon its origin. Typically you specify an IP address or a hostname from which every client is allowed to connect to your server. But on systems with multiple users this isn't restrictive enough. The program xhost is used to control the host authentication.

Token authentication

A better way of restricting access to your server is token authentication. Every client has to provide a token to the server to authenticate itself. This allows access control on a per user basis. There exist four mechanisms which provide access control:

MIT-MAGIC-COOKIE-1: Shared plain-text "cookies"
XDM-AUTHORIZATION-1: Secure DES based private-keys
SUN-DES-1: Based on Sun's secure rpc system
MIT-KERBEROS-5: Kerberos Version 5 user-to-user

Because of export restrictions not all of them are compiled in by default. For a more detailed description of those mechanisms have a look into the Xsecurity man page.

To control the token authentication you have to use the xauth program.

Note: Host authentication has higher priority than token authentication.

[XConfig - Main]

Questions, critics and bugfixes to: Alexander+XConfig@Leidinger.net