[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Question about pam_xauth (fwd)



On Fri, 14 Apr 2000, Aaron Konstam wrote:

> #%PAM-1.0
> auth       required	/lib/security/pam_pwdb.so shadow nullok
> account    required	/lib/security/pam_pwdb.so
> password   required	/lib/security/pam_cracklib.so
> password   required	/lib/security/pam_pwdb.so shadow use_authtok nullok
> session    required	/lib/security/pam_pwdb.so
> session    optional	/lib/security/pam_xauth.so

> There just has to be some extra configuration you have done on your system that
> makes it work. You asked about messages. There were none in /var/log/messages.

It has always worked out-of-the-box for me, without configuring anything.  The
only difference between your /etc/pam.d/su file and the one I use is that I've
replaced pam_pwdb with pam_unix, which would have no effect on the behavior of
pam_xauth.

$ ls -l ~/.Xauthority
-rw-------   1 vorlon   vorlon        222 Apr  2 22:47 /home/vorlon/.Xauthority
$ xauth list
host.domain:10  MIT-MAGIC-COOKIE-1  <key1>
host.domain/unix:10  MIT-MAGIC-COOKIE-1  <key1>
host.domain/unix:0  MIT-MAGIC-COOKIE-1  <key2>
host.domain:0  MIT-MAGIC-COOKIE-1  <key2>
$ su
Password:
# ls -l ~/.Xauthority
-rw-------   1 root     vorlon        160 Apr 14 10:29 /root/.Xauthority
# xauth list
host.domain:11 MIT-MAGIC-COOKIE-1  <key3>
host.domain:0  MIT-MAGIC-COOKIE-1  <key4>
host.domain/unix:0   MIT-MAGIC-COOKIE-1  <key2>
# exit
$

After running su, the same key (key2) appears in both .Xauthority files.
However, it appears to only forward it for use with unix sockets.  Perhaps for
some reason, your programs are trying to connect over TCP/IP?

Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []