Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: X Window System security

X Window System security

Stephen Gildea (gildeax.org)
Wed, 11 Jan 1995 11:13:48 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jon Peatfield: "Re: Xwindows security?"
Previous message: Doug McLaren: "Re: Xwindows security?"
In reply to: Benjamin Fried: "Re: Xwindows security?"
Next in thread: William McVey: "Re: Xwindows security?"

There are already good tools for setting up keys and passing them
around.  xdm sets up keys.  xrsh passes them to remote clients.

Host-based authorization isn't the only revokable access method.
Anything that has principals, rather than passwords, has this
advantage.  In X11R6 there are two such schemes, MIT-KERBEROS-5 and
SUN-DES-1.  (SUN-DES-1 was also in R5.)  So while you can't take an
MIT-MAGIC-COOKIE away from someone, you can deny KRB:gildeax.org
further connection rights.  See the Xsecurity(1) manual page for
details.

Note that none of these methods allow you to revoke the authorization
of an already-connected client.

 < Stephen
   X Consortium

Next message: Jon Peatfield: "Re: Xwindows security?"
Previous message: Doug McLaren: "Re: Xwindows security?"
In reply to: Benjamin Fried: "Re: Xwindows security?"
Next in thread: William McVey: "Re: Xwindows security?"