Xauthority location: only per-user setting possible

[Pekka Savola]

Hello all,

$XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2.

The commit message was:
---
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh
you can use .ssh/sshrc and .ssh/environment if you want to customize
the location of the xauth cookies
---

The latter is true, but can only be enabled in per-user basis as far as I
see.  To make it work for one user, you need to do like:

.ssh/environment:
XAUTHORITY=/tmp/some/where

.ssh/rc or /etc/ssh/rc:
if read proto cookie; then
	echo add $DISPLAY $proto $cookie | /usr/X11R6/bin/xauth -q -
fi

However, .ssh/environment handling does not parse environment variables
(good thing; they might not even be known at this point) or provide much
flexibility.

To provide xauthority in /tmp for _everyone_, everyone has to pick one
$XAUTHORITY location and put it in .ssh/environment.

This does not seem too scalable.

One other application of this is an SSH gateway where users _don't_ even
have a writable home directory.  There are probably more.

I can't figure out how this could be done in a flexible manner today.
Any thoughts would be greatly appreciated.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords