CentOS - Nov 2013 - X11 connection rejected because of wrong authentication

I'd like to run SELinux on my CentOS server in enforcing mode,
but I get the above message when I run sealert.
I assume this is because I am accessing the server from my laptop?

In any case, I googled for the message,
and this threw up dozens of similar queries over many years.
Most of the ones I read offered methods of avoiding the problem
rather than solving it.

Am I right in thinking the message arises from my remote connection?
And if so, is there a simple solution?

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland

On 25 November 2013 01:08, Timothy Murphy <gayleard at eircom.net> wrote:
> I'd like to run SELinux on my CentOS server in enforcing mode,
> but I get the above message when I run sealert.
> I assume this is because I am accessing the server from my laptop?
>
> In any case, I googled for the message,
> and this threw up dozens of similar queries over many years.
> Most of the ones I read offered methods of avoiding the problem
> rather than solving it.
>
> Am I right in thinking the message arises from my remote connection?
> And if so, is there a simple solution?
>
 Too little information at present to tell.

Does it work if the system is in permissive?

Did you ever have the system in disabled and then switched to
permissive/enforcing?

Do you have xauth installed?

9 times out of 10 with this message it's just that there is no (or
incorrect) .Xauthority so the X server rightfully denies the untrusted
connection.

On Sun, November 24, 2013 20:08, Timothy Murphy wrote:
> I'd like to run SELinux on my CentOS server in enforcing mode,
> but I get the above message when I run sealert.
> I assume this is because I am accessing the server from my laptop?
>
> In any case, I googled for the message,
> and this threw up dozens of similar queries over many years.
> Most of the ones I read offered methods of avoiding the problem
> rather than solving it.
>
> Am I right in thinking the message arises from my remote connection?
Yes. It arises from your ssh connection.  You are probably using the -Y or -X
option with xauth.

> And if so, is there a simple solution?
Perhaps.  The error you have is caused by one of two things: 1. incorrect
SELinux settings on the ~/.Xauthority file or your home directory. Run
restorcon -vR ~ to fix those.  2. incorrect ownership or permissions on
~/.Xauthority.

The second condition can also be triggered by logging in via ssh as one user
and su -l to another on the remote host.  In my case I find that the second
circumstance is the most frequent cause of the exact error you report.

HTH


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3