JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Solaris X Window System Developer's Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Introduction to the Solaris X Server

2.  DPS Features and Enhancements

3.  Visuals on the Solaris X Server

4.  Font Support

5.  Server Overlay Windows

6.  Transparent Overlay Windows

7.  Security Issues

Access Control Mechanisms

User-Based

Host-Based

Authorization Protocols

MIT-MAGIC-COOKIE-1

SUN-DES-1

Changing the Default Authorization Protocol

Manipulating Access to the Server

Client Authority File

Allowing Access When Using MIT-MAGIC-COOKIE-1

Allowing Access When Using SUN-DES-1

Running Clients Remotely, or Locally as Another User

To Run Clients Remotely, or Locally As Another User

A.  Reference Display Devices

Glossary

Index

Access Control Mechanisms

An access control mechanism controls which clients or applications have access to the OpenWindows server. Only properly authorized clients can connect to the server. All unauthorized X clients terminate with the following error message:

Xlib:

connection to hostname refused by server Xlib:

Client is not authorized to connect to

server

The server console displays the following message:

AUDIT:

<Date Time Year>: X: client

6 rejected from IP

129.144.152.193 port

3485     Auth name:

MIT-MAGIC-COOKIE-1

The two types of access control mechanisms are: user-based and host-based. Unless the -noauth option is used with openwin, both the user-based access control mechanism and the host-based access control mechanism are active. See Manipulating Access to the Server for more information.

User-Based

A user-based, or authorization-based mechanism allows you to give access explicitly to a particular user on any host. The user's client passes authorization data to the server. If the data matches the server's authorization data, the user obtains access.

Host-Based

A host-based mechanism is a general purpose mechanism. It allows you to give access to a particular host, such that all users on that host can connect to the server. This is a weak form of access control; if a host has access to the server, all users on that host can connect to the server.

The Solaris environment provides the host-based mechanism for backward compatibility. Applications linked with a version of Xlib older than OpenWindows Version 2 or X11R4 do not recognize the new user-based access control mechanism. To enable these applications to connect to the server, a user must either switch to the host-based mechanism, or relink with the newer version of Xlib.

Note - If possible, clients linked with an older version of Xlib should be relinked with a newer version of Xlib. This enables them to connect to the server with the new user-based access control mechanism.

Copyright © 2002, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next