An access control mechanism controls which clients or applications have access to the OpenWindows server. Only properly authorized clients can connect to the server. All unauthorized X clients terminate with the following error message:
Xlib: connection to hostname refused by server Xlib: Client is not authorized to connect to server
The server console displays the following message:
AUDIT: <Date Time Year>: X: client 6 rejected from IP 184.108.40.206 port 3485 Auth name: MIT-MAGIC-COOKIE-1
The two types of access control mechanisms are: user-based and host-based. Unless the -noauth option is used with openwin, both the user-based access control mechanism and the host-based access control mechanism are active. See Manipulating Access to the Server for more information.
A user-based, or authorization-based mechanism allows you to give access explicitly to a particular user on any host. The user's client passes authorization data to the server. If the data matches the server's authorization data, the user obtains access.
A host-based mechanism is a general purpose mechanism. It allows you to give access to a particular host, such that all users on that host can connect to the server. This is a weak form of access control; if a host has access to the server, all users on that host can connect to the server.
The Solaris environment provides the host-based mechanism for backward compatibility. Applications linked with a version of Xlib older than OpenWindows Version 2 or X11R4 do not recognize the new user-based access control mechanism. To enable these applications to connect to the server, a user must either switch to the host-based mechanism, or relink with the newer version of Xlib.