X Window System security

Stephen Gildea (gildea@x.org)
Wed, 11 Jan 1995 11:13:48 EST

There are already good tools for setting up keys and passing them
around.  xdm sets up keys.  xrsh passes them to remote clients.

Host-based authorization isn't the only revokable access method.
Anything that has principals, rather than passwords, has this
advantage.  In X11R6 there are two such schemes, MIT-KERBEROS-5 and
SUN-DES-1.  (SUN-DES-1 was also in R5.)  So while you can't take an
MIT-MAGIC-COOKIE away from someone, you can deny KRB:gildea@x.org
further connection rights.  See the Xsecurity(1) manual page for
details.

Note that none of these methods allow you to revoke the authorization
of an already-connected client.

 < Stephen
   X Consortium