Access control/security
The X protocol allows the X server and the X clients to be run on different computers. If you are concerned about your passwords or you didn't want to show your love-mails to anyone other, you have to do some form of access control. There are two methods of access control, host and token authentication.
Host authentication
With host authentication you are able to accept connections based
upon its origin. Typically you specify an IP address or a hostname
from which every client is allowed to connect to your server.
But on systems with multiple users this isn't restrictive enough.
The program xhost
is used
to control the host authentication.
Token authentication
A better way of restricting access to your server is token authentication. Every client has to provide a token to the server to authenticate itself. This allows access control on a per user basis. There exist four mechanisms which provide access control:
MIT-MAGIC-COOKIE-1
: Shared plain-text "cookies"XDM-AUTHORIZATION-1
: Secure DES based private-keysSUN-DES-1
: Based on Sun's secure rpc systemMIT-KERBEROS-5
: Kerberos Version 5 user-to-user
Because of export restrictions not all of them are compiled in
by default. For a more detailed description of those mechanisms
have a look into the Xsecurity
man page.
To control the token authentication you have to use the
xauth
program.
Note: Host authentication has higher priority than token authentication.
Questions, critics and bugfixes to: Alexander+XConfig@Leidinger.net