>> I'd like to add a new authentication mechanism to X which uses Ident >> (TAP, RFC-931 etc), to check that a user is permitted. > This pretty much reduces down to the same problem that xhost has. > [...] If I have physical access the host I can change my username, > run an ident faker, or otherwise compromise any security mechanism > which relies upon the remote machine to provide the authentication. > You allow for a bit more granularity in access control in a trusted > (and trusting) environment, but if you already have this level of > trust xhost is good enough anyway because all you really need to do > is prevent someone from accidentally popping up a window on your > display... I find myself disagreeing with you here. For example, at work we have two or three central serverish machines. I trust the machines in the sense that I trust their admins (I'm one of said admins :-), but no way do I trust all users on them. Thus, I would hesitate to just drop them into my access list to let myself easily run clients there...but I _do_ trust them enough that I would not hesitate to drop myself, IDENT verified, into my access list. This would keep Joe Malicious from siccing xkey on me from there while still allowing me to freely pop up clients from those machines. I feel that IDENT-style user@host authentication has its uses. But I'm of two minds about putting it into the X server. It seems to me it would be more appropriately put into a front-end fancy authenticator process, like a souped-up version of the xconns I've mentioned on bugtraq a few times already. If nothing else, this makes it much easier for me to hack on the front end when I decide I want a new feeping creature in it :-) der Mouse mouse@collatz.mcrcim.mcgill.edu