Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
X Window System securityStephen Gildea (gildeax.org)
Wed, 11 Jan 1995 11:13:48 EST
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Jon Peatfield: "Re: Xwindows security?"
- Previous message: Doug McLaren: "Re: Xwindows security?"
- In reply to: Benjamin Fried: "Re: Xwindows security?"
- Next in thread: William McVey: "Re: Xwindows security?"
There are already good tools for setting up keys and passing them around. xdm sets up keys. xrsh passes them to remote clients. Host-based authorization isn't the only revokable access method. Anything that has principals, rather than passwords, has this advantage. In X11R6 there are two such schemes, MIT-KERBEROS-5 and SUN-DES-1. (SUN-DES-1 was also in R5.) So while you can't take an MIT-MAGIC-COOKIE away from someone, you can deny KRB:gildeax.org further connection rights. See the Xsecurity(1) manual page for details. Note that none of these methods allow you to revoke the authorization of an already-connected client. < Stephen X Consortium