Article 33546 of comp.lang.tcl:
Path: cs.man.ac.uk!fellowsd
From: Donal K. Fellows
Newsgroups: comp.lang.tcl
Subject: Re: What does it mean?the network is "INSECURE",when using Tk "send" command
Date: 15 Nov 1995 10:04:04 GMT
Organization: Dept of Computer Science, University of Manchester, U.K.
Lines: 66
Message-ID: <48cduk$9aj@m1.cs.man.ac.uk>
References: <47l8bh$nmg@due.unit.no> <DHpB91.EnK@taurus.cs.nps.navy.mil>

In article <DHpB91.EnK@taurus.cs.nps.navy.mil>, Mozgen <mozgen> wrote:
Anh Ngoe Le <leanh> wrote:

The network that I am running is "INSECURE". This means that I can not use the tk "SEND" command for sending information between tk widgets. If I want to use the "SEND" command then I have to change something that make the network to be SECURE (not insecure). But I don't know how to do that.


It isn't that the network is insecure (though it probably isn't secure :^)), but that the X server you're running on is insecure.

Please help me (send me the information) if you know how to solve my problem or where I can find the information about that. I would be grateful for your help.


I'm having the same problem on Linux and if anyone has a solution I would appreciate.


The URL is:
http://ce-toolkit.crd.ge.com/tkxauth/
though I thought this was a touch confusing when I read it. So, here is the potted explanation:

If you are running X under xdm (graphical login) then: 

      xhost -
      xhost -{each host that you did `xhost +' for}

You can always find out the state of the host authorisation by typing: 

      xhost

which should come up with a message like: 

      access control enabled, only authorized clients can connect

Try this out, and if it still doesn't work, you'll probably need to see your sysadmin, or read the xdm documentation very carefully. Good luck!

If you are running X under xinit or startx or something like that (textual login), then you'll probably need to create a .Xauthority file (assuming that you are on the host foo.org): 

    xauth add foo.org:0 . 1234567890abcdef1234567890abcdef
    xauth add foo.org/unix:0 . 1234567890abcdef1234567890abcdef

where you should replace `1234567890abcdef1234567890abcdef' with some other long (even-length) hex string. Compose your own, don't use what I've suggested, and you don't need to use the same string each time.

Once you've done this (and you don't need to be running X to do so), just create an executable .xserverrc in your home directory which finishes with the line: 

    exec X -auth ~/.Xauthority

(always assuming the shell you're running in performs tilde expansion :^) and the next time you start up X, you should be secure, provided you don't use xhost.

Of course, there are loads of minor details to add to that, but the above is the essence of the thing for people who don't need real security (ie. no users deliberately trying to scan the network and things like that). Your only real problem is what to do when running clients from several machines. For that, read the xauth(1) manpage, the HTML docs, and have a good long think... :^)

Donal.

--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ fellowsd@cs.man.ac.uk
Department of Computer Science, University of Manchester, U.K. +44-161-275-6137
--
If you staple a penguin to the head of a gnu, the result won't catch herring...

Additional notes from: * Tong * <sun_tong@users.sourceforge.net> which some people might find useful.

So I did some searching on this and found the newest link to Vivek
Khera's discusses is at 
http://www.neosoft.com/tcl/ftparchive/sorted/misc/Xauthority

And the article that explained in the most clearly way is at:
http://ciac.llnl.gov/ciac/documents/ciac2316.html#2.0

Now I've got it going. Setting secure X server with xauth is not
that hard than I thought.

Valid HTML 4.0!