>>>>> "Bennett" == Bennett Todd <bet@std.sbi.com> writes: [...] Bennett> Don't try to convince all your users to set up xauth(1); Bennett> that's a hideous job, made vastly harder than it should be Bennett> by the cryptic documentation, and the lack of a secure Bennett> standard cookie generator. Instead fix the standard startup Bennett> script that users invoke, so that they begin running with Bennett> proper authentication. There's still some education Bennett> involved; you've gotta also develop suitable tools for Bennett> helping them pass cookies around wherever they need to, and Bennett> teach them how to use them; but I think the bulk of the job Bennett> lies in automating the setup and use of Xauthority so it's Bennett> no additional bother for users. I agree wholeheartedly, especially that better tools are needed to make it easy for users to pass around the keys to their display. Xhost actually has one advantage, of a sort, over xauth: users of xhost can grant access, and later take that access away. Xauth doesn't permit this: there's no way to revoke a key to your display. You've got to restart the X server. Once you've given a key to someone, you can't take it away. What's needed is a way to dynamically create new, different keys for your display, and to be able to tell the X server to individually enable and disable them. Ben