Access Control Mechanisms

An access control mechanism controls which clients or applications have access to the X11 server. Only properly authorized clients can connect to the server. All other clients are denied access, and are terminated with the following error message.

Xlib: connection to hostname refused by server
Xlib: Client is not authorized to connect to server

The connection attempt logs to the server console as:

AUDIT: <Date Time Year>: X: client 6 rejected from IP 129.144.152.193 
   port 3485	Auth name: MIT-MAGIC-COOKIE-1

Two different types of access control mechanisms are used: user based and host based. That is, one mechanism grants access to a particular user's account, while the other mechanism grants access to a particular host, or machine. Unless the -noauth option is used with Xsun, both the user-based access control mechanism and the host-based access control mechanism are active. For more information see Manipulating Access to the Server.

User-Based Access

A user-based, or authorization-based, mechanism allows you to give access explicitly to a particular user on any host machine. The user's client passes authorization data to the server. If the data match the server's authorization data, the user is allowed access.

Host-Based Access

A host-based mechanism is a general-purpose mechanism. This type of mechanism enables you to give access to a particular host, in which all users on that host can connect to the server. A host-based mechanism is a weaker form of access control. If the host has access to the server, all users on that host are allowed to connect to the server.

The Solaris environment provides the host-based mechanism for backward compatibility.

Relink clients that are linked with older versions of Xlib or libcps to enable them to connect to the server with the new user-based access control mechanism.