-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK, let's see if the list still lives up to my memories of it: How can I use Kerberos to authenticate X Window sessions? I mean, I know I can move the xauth cookie around like this: ycsapo@sampa # ssh -Y light ycsapo@light # xauth list light.Mines.EDU/unix:10 MIT-MAGIC-COOKIE-1 (lots of hex gibberish) ycsapo@light # sudo su - oracle LDAP Password: oracle@light # xauth add light.Mines.EDU/unix:10 MIT-MAGIC-COOKIE-1 (lots of hex gibberish) xauth: creating new authority file /u/pa/ci/oracle/.Xauthority And now I can run the Oracle installer on the headless VM light and have its GUI show under X on my Mac, through sudo and ssh encryption. Although this works well, I don't feel comfortable telling users to do this. And frankly the whole copy-and-paste thing is not very elegant, not to mention it's not too safe. I have read enough about this to know there should be some way to use Kerberos authentication as opposed to the infamous MIT MAGIC COOKIE. xOrg is supposed to allow a MIT-KERBEROS-5 mechanism and I read somewhere they were implementing this through the GSSAPI. Does anybody know anything about this who could point me to a howto or any form of documentation? The way I envision this (well, fantasize might be a better word) is, as long as the user as whom I'm running the application has the correct Kerberos ticket, things should work. something like: ycsapo@sampa # kinit Please enter the password for ycsapo@xxxxxxxxx: ycsapo@sampa # ssh -Y light ycsapo@light # sudo su - oracle LDAP Password: oracle@light # kinit ycsapo Password for ycsapo@xxxxxxxxx: oracle@light # xclock And I should be able to run xclock on the remote host light but have it display on my local box, sampa, as simple as that. TIA Yuri - -- Yuri Csapo Academic Computing & Networking Colorado School of Mines CT-256 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@xxxxxxxxx Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. - --Peter J. Schoenster -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJLoAVsAAoJEKIAUGoymiHAal8H/3o3SK3ngQjOAnU+/GnwOA5K XbrwCp6Wa+OeuacjU5/zxR7pPBmmHnfVMv6EPP6RrKPW9RBxLTGLh1IR+EOLMCTE 9RDtGevpwoWWypQL7miaEjwg+IUXB+JQXfXzQ3pEClD6u41NemTKCGXt/kTS8/wg 5cTfrzGQVZDcU23lu0Q8iXD3lAHzlDSYMJY5zLsIE8Udyky9/nw7+BLZt2i0/dZc rlrHZM/HOlSgOKPQqhcZfrsDpqXsTyOZn2rC9sWuzTicoUZCHxNw2yYuGn+xqqjy u2PhZeNAHA9JAGOQ4mErRzDZftFOjshgzojgicAAs6cipwQlqWvuEQANOYwrkYU= =SVAz -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
