[comp.windows.x] Xauth/xhost question

doug@genmri.UUCP (Doug Becker) (07/29/90)

Many users have an account on my machine, but I would prefer they
didn't use my machine to run X clients remotely.  Can I use
xhost/xauth to accomplish this, without frotzing with /etc/passwd?  If
so, how?  (I've tried looking at the xhost/xauth man pages, and
mit/doc/XDMCP/xdmcp.ms, but I guess I'm a little slower than usual
today).

Incidentally, we're all running R4; some of us are using xdm, but most
aren't (in particular, I'm not).

--

Douglas H. Becker
doug@nmri.GE.COM
{somewhere}!crdgw1.GE.COM!sane!doug

mouse@LARRY.MCRCIM.MCGILL.EDU (07/29/90)

> Many users have an account on my machine, but I would prefer they
> didn't use my machine to run X clients remotely.

Just to make sure I understand precisely what you mean: you don't want
X programs running on your machine displaying elsewhere, right?

> Can I use xhost/xauth to accomplish this, without frotzing with
> /etc/passwd?  If so, how?  (I've tried looking at the xhost/xauth man
> pages, and mit/doc/XDMCP/xdmcp.ms, but I guess I'm a little slower
> than usual today).

> Incidentally, we're all running R4; some of us are using xdm, but
> most aren't (in particular, I'm not).

I can't see how to do this even *with* mucking with /etc/passwd.  The
only thing all X clients have in common is that they all speak the X
protocol.  If you're running over TCP, they generally (but even this is
merely convention, not inherent) connect to port 6000 + small integer.

You could mess with your kernel's IP code to drop all TCP packets whose
foreign port is in the range [6000,6009], say.  This will defeat most
people.  (It can be gotten around, but it's awkward.)

This may sound stupid, but have you considered simply asking them not
to?  It's been my experience that you get much better results by being
polite and asking for what you want than by being draconian and trying
to enforce your wishes.  (In general.  If you must have 100% compliance
from a large number of people, you must, alas, force it.)

					der Mouse

			old: mcgill-vision!mouse
			new: mouse@larry.mcrcim.mcgill.edu