mtr@mentor.cc.purdue.edu (Michael Rowan) (05/02/89)
A recent article prompted me to see if anyone wants the changes I have done here at Purdue. RWS has said that the system they are working on/have is better than what I have, but the "forces that be" where I work wanted something 6 months ago - So I implemented a fairly simple user based authentication system with X. It someone can break the unix file system, this scheme is useless. It simply looks in either in the file $HOME/.xauth or in the file specified in $XAUTH -- this file has to be mode -xxx------ (other and group modes must be 0) If its modes are right, the first line of this file is passed to the server in the connection packet. If it matches the passwd the server read in at start up - the connection is ok'ed - otherwise it fails. What the user has to do is this: Create a file called .xauth and put a passwd (up to 99 letters I think) in it. chmod it to 600 or something similar. rdist it to all machines that you will run X clients on. Thats it. The obvious disadvantage is you can't run X clients that were not compiled with your libX11.a. Like I said, it is far from perfect, but it works for us until something better comes along. If you want the diff's let me know via email. If you use this I suggest using RCS so that when the consortium comes out with what they have you can back out of these changes painlessly. mtr