In article <m0rRwP6-0000o1C%kro.amtp.cam.ac.uk@damtp.cambridge.ac.uk>, Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk> wrote: | I'd like to add a new authentication mechanism to X which uses Ident (TAP, | RFC-931 etc), to check that a user is permitted. e.g. a server is given a | list of allowed user/machine pairs by a program like xhost: | | (e.g. xhost +fred@jim.jam.org) [ ... ] | Ident is not supposed to be used for authentication I hear people shout. | However, X connections should really only be made from machines you trust as | otherwise anyone with root access can steal the cookie or pretend to be that | user anyway. I.e. using Ident for this is no worse than admitting that you | must trust the remote host is ok anyway. Yup. People are gonna start quoting the RFC on you here, pointing at you and calling you 'Sinner' ... But the bottom line is that ident is better than nothing - xhost fred@jim.jam.org is at *least* as good as xhost jim.jam.org It would also be useful if you could combine xhost and xauth - have a key that's valid only from certain addresses. The ability to revoke keys would indeed also be useful ... Other things that would generally improve X security I think : - syslog logging of failed connections, or for the paranoid, all connections. Right now, X11R5 and 6's X server have a '-audit' option that allows you to make it print, to STDERR, some log info. '-audit 1', the default, lists failed connections only. I believe '-audit 2' lists all connections. But the problem with this is that it goes to STDERR, which is often redirected to /dev/null or just not watched. Making it so it's not ignored is not a trivial endeavor. Has anybody written a patch to X11R6 to move this logging from STDERR to syslogd? I'd like to do this, but haven't taken the time to see how hard it would be (shouldn't be very ...) - Default startup scripts that use xauth - excellent idea! At school, very few people use xauth - they just use what was given to them, and it works, and they don't really care much past that. If they were given stuff that used xauth from day one, they'd use it, and it would work, and they wouldn't care much past that either. - The ability to give a 'limited power' X key/authorization - this would probably NOT be easy to do, but would be very helpful when you want to let somebody show you something on your X screen, but don't want to let them take over your screen entirely.