X-server configuration
Many X-servers are not configured correctly out-of-the-box and are insecure as a result. An attacker has full access to the screen and keyboard on an insecure X-server so X-servers provide an easy source of user passwords.This document explains how to configure some of the more popular X-servers used in the University. Some of the popular X-servers use to connect to hammer.thor, part of the undergraduate teaching system, are:
- Exceed (Control Data/Hummingbird Communications)
- Xwin (StarNet Communications Corp.)
- XFree86 (The XFree86 Project, Inc)
- HP Entria (Hewlett-Packard Company)
Exceed
Older versions of Exceed are slightly awkward to configure, but fortunately you only need to do it once.- Open the eXceed/W group in the Program Manager.
- Start Xconfig/W and double-click on the "Access" icon.
- Click on "Edit..." This will start Notepad and allow you to alter Exceed's configuration.
- Ensure that "/security" is set, and that there is no line with "/access".
- Save the file and quit Notepad.
- Click on "Compile."
- Open the eXceed/W group in the Program Manager.
- Start Xconfig/W and double-click on the "Security" icon.
- Select "Enabled - No host access".
- Deselect the "Allow clients to modify host access" checkbox.
Xwin
- Open the Xwin group in the program manager.
- Run Xutil. (On Win95/NT, try Start/Programs/Xutil.)
- From the "Options" menu, check the status of "Access control". If it has a tick by it, click on it to deselect it. ("Access control" in Xwin does not refer to the output of the "xhost" command.)
- From the "Options" menu, select "Xhost".
- If the host list is not empty, select each host in turn and click on "Delete".
XFree86
XFree86, the most common X-server used on Linux, has access control enabled by default when used with XDMCP (ie. when -indirect or -query is used, or when the X-server is start by xdm).To start XFree86 on the command line without using XDMCP, use a wrapper script to generate the xauthorization cookie:
#!/bin/sh set -e if [ -z "$XAUTHORITY" ]; then XAUTHORITY=$HOME/.Xauthority export XAUTHORITY fi auth=`mcookie` xauth add :0 . $auth xauth add `hostname -f`:0 . $auth xinit -- :0 -auth $XAUTHORITY[Note: Many graphical Web browsers don't render backquotes around mcookie correctly.]
HP Entria
- Hold down F12 for two seconds. (Try F3 if that doesn't work.)
- Select the "Server" menu.
- Turn on "Client Authorization" and "Access Control".
Last updated by Peter Benie <pjb1008@cam.ac.uk>
unix-support@ucs.cam.ac.uk
[Back to index]
The title of this document is:
X-server configuration
URL:
http://www-uxsup.csx.cam.ac.uk/doc/remote_access/xserver.html