>>>>> "Jon" == Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk> writes: Jon> It is a little better as you don't have to copy arround cookies Jon> (usually done in very insecure ways) and all the authentication Jon> is done in the X server rather than just trusting anyone who Jon> has got a copy of the cookie. You can also revoke a Jon> (user,host) pair at the server end once you have finished using Jon> that machine. I see your point; the functionality looks better. But the actual security is still at the level of trusting the host. Jon> One trick you can do with this is to get the X server to run Jon> through all current windows and perform the check again on Jon> their existing connection based on the current rules. A server This is a decent idea, though you'd have to keep state about the user associated with the display connection in the server. If you're going to be keeping this kind of information in the server on a per-connection basis, you may as well keep some sort of token or cookie Jon> The actual code to do an Ident based checker is pretty small, Jon> not much more than the size of the current cookie checker and Jon> generator. Not *much* more complex. Authentication is now moved to an external process on a different machine possibly at a different site. Again, this gives a very nice paradigm for managing authorization, but I do not see how it can be said in any way to provide authentication. Jon> I don't see how multiple cookies would help unless you generate Jon> a different one for each host and require a (cookie,host) pair Jon> to match. one for each (host, user), actually. Yes, cookie distribution remains a problem. Jon> encrypted system (like say krb5) could be much better if done Yeah, clearly. kerberos is so heavyweight, though that few sites end up installing it. Perhaps a pgp-based thing would catch on more. No gnarly key distribution architecture needed. -Rens