b.king at surrey.ac.uk
2013-Jul-30 14:24 UTC
[LightDM] Removing the /unix specification from the /var/run/lightdm/root/:0 file
Hi Folks I'm currently working on configuring Ubuntu 12.04 Linux to match our user environment - one of the aspects I'm working on is enabling X11 over TCP as we have a large number of graphical applications running on local (same-subnet) compute server systems. Encrypting the X11 stream between clients and servers on the same physical network switch inside a secured floor of offices seems like insanity to me. I've obviously configured Lightdm to start the Xorg X11 server with TCP mode connections enabled, but the -auth argument (which I assume is provided by lightdm) points to a file called /var/run/lightdm/root/:0. Despite the TCP mode connection being enabled, the only MIT-MAGIC-COOKIE-1 key that is placed within this file includes the "hostname/unix:0" specification which limits it's use to Unix domain sockets only. What I need to do is to have lightdm (assuming it is lightdm that is creating this authorisation file) create it with simply "hostname:0" so that the MIT-MAGIC-COOKIE-1 key may be used on X11 over TCP connections as well as those over X11 over Unix Domain socket connections. I have confirmed that extracting the key from the :0 file using Xauth -f :0 list followed by a correspondingly altered re-insertion of the key without the /unix part using Xauth -f :0 add ... command does indeed work. My first question is whether there is something I've missed in the lightdm configuration file that would allow me to specify that I want the MIT-MAGIC-COOKIE-1 enabled for both TCP and Unix domain connections? The second point which follows on from that is whether when allowing TCP connections to the Xserver, maybe lightdm SHOULD remove the /unix element from the MIT_MAGIC-COOKIE-1 stored in the :0 file. It would seem to me to be logical that it should. And the final point is seeking advice on the best recommended way to work around this problem for the time being. I assume I could do the xauth list/xauth add steps within the display-setup-script if necessary. Is this the best place to do it? Thanks in advance for your help. A matching Ubuntu-bug report has been sent as requested on the Wiki. Regards, Bevis.
Robert Ancell
2013-Aug-22 09:39 UTC
[LightDM] Removing the /unix specification from the /var/run/lightdm/root/:0 file
(The bug is https://bugs.launchpad.net/lightdm/+bug/1206533 and it was discussed more there) On 31 July 2013 02:24, <b.king at surrey.ac.uk> wrote:> Hi Folks > > I'm currently working on configuring Ubuntu 12.04 Linux to match our > user environment - one of the aspects I'm working on is enabling X11 > over TCP as we have a large number of graphical applications running on > local (same-subnet) compute server systems. Encrypting the X11 stream > between clients and servers on the same physical network switch inside a > secured floor of offices seems like insanity to me. > > I've obviously configured Lightdm to start the Xorg X11 server with TCP > mode connections enabled, but the -auth argument (which I assume is > provided by lightdm) points to a file called /var/run/lightdm/root/:0. > Despite the TCP mode connection being enabled, the only > MIT-MAGIC-COOKIE-1 key that is placed within this file includes the > "hostname/unix:0" specification which limits it's use to Unix domain > sockets only. > > What I need to do is to have lightdm (assuming it is lightdm that is > creating this authorisation file) create it with simply "hostname:0" so > that the MIT-MAGIC-COOKIE-1 key may be used on X11 over TCP connections > as well as those over X11 over Unix Domain socket connections. > > I have confirmed that extracting the key from the :0 file using Xauth > -f :0 list followed by a correspondingly altered re-insertion of the key > without the /unix part using Xauth -f :0 add ... command does indeed > work. > > My first question is whether there is something I've missed in the > lightdm configuration file that would allow me to specify that I want > the MIT-MAGIC-COOKIE-1 enabled for both TCP and Unix domain connections? > > The second point which follows on from that is whether when allowing TCP > connections to the Xserver, maybe lightdm SHOULD remove the /unix > element from the MIT_MAGIC-COOKIE-1 stored in the :0 file. It would > seem to me to be logical that it should. > > And the final point is seeking advice on the best recommended way to > work around this problem for the time being. I assume I could do the > xauth list/xauth add steps within the display-setup-script if necessary. > Is this the best place to do it? > > Thanks in advance for your help. A matching Ubuntu-bug report has been > sent as requested on the Wiki. > > Regards, Bevis. > > _______________________________________________ > LightDM mailing list > LightDM at lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/lightdm >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20130822/f72a4f7e/attachment.html>