Status of Bugzilla #1153
Simon Vallet
svallet at genoscope.cns.fr
Wed Feb 22 08:40:43 EST 2006
On Wed, Feb 22, 2006 at 07:22:15AM +1100, Darren Tucker wrote:
> >
> >And this is were the problem appears : as xauth credentials
> >are set using the FQDN of the external interface of the gateway, any
> >internal X11 client will be denied access to the forwarded X11 server.
>
> This seems to be an argument for mimicking what xauth does.
Actually, this is not ;-) -- it's simply an explanation of what we see here
> An alternative would be to retrieve $DISPLAY from xauth after setting
> the cookie, ie:
>
> xauth> add foo:12 MIT-MAGIC-COOKIE-1 edc426897f65ac50b9ed7f9789b26063
> xauth> list foo:12
> foo.example.com:12 MIT-MAGIC-COOKIE-1 edc426897f65ac50b9ed7f9789b26063
> xauth>
>
> then have sshd set $DISPLAY to foo.example.com:12 returned by "xauth
> list". This would remove the need to second-guess what xauth is going
> to do. (It would also make sshd a bit more sensitive to the output
> format of xauth, though.)
Well, this would solve the problem that we encounter, and has the advantage
of not breaking some existing installs -- as far as I'm concerned,
this is fine
> I don't know how this would work with the HACMP situation that Frank
> described. (We used OpenSSH with X11 on HACMP clusters at a previous
> employer and had no problems, but I can't remember what the name
> resolution setup was.)
Not so sure about this one, however -- this would depend on xauth behaviour
Simon
More information about the openssh-unix-dev
mailing list