Invalid MIT-MAGIC-COOKIE after 7.2 upgrade

Eric W. Bates ericx at vineyard.net
Wed Jun 13 17:45:09 UTC 2007


Fixed.

The 6.9 version of startx was, in fact, executing xauth to create/add 
session cookies which ssh, in turn, was copying over to remote machines 
to give them authority to display on the originating X server.

The xinit source file startx.cpp has a conditional which tests for the 
executable 'mcookie' (which doesn't appear to exist anywhere in ports?). 
If mcookie can be found, it appears that the compile will include an 
additional snippet which will behave similarly as in the past. However, 
the older behavior using /dev/urandom does not appear to be available.


To restore the old behavior, I added the following to the installed 
/usr/local/bin/startx:


***************
*** 107,112 ****
--- 102,119 ----
   fi

   removelist=
+
+ # set up default Xauth info for this machine
+ authdisplay=${display:-:0}
+ mcookie=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | hexdump -e 
\\"%08x\\"`
+ for displayname in $authdisplay `hostname`$authdisplay; do
+     if ! xauth list "$displayname" | grep "$displayname " >/dev/null 
2>&1; then
+ 	xauth add $displayname . $mcookie
+ 	removelist="$displayname $removelist"
+     fi
+ done
+
+
   xinit $client $clientargs -- $server $display $serverargs


Perhaps it is inappropriate to expect startx to configure .Xauthority? 
Anyone suggest a better login methodology?

Thanks.

Eric W. Bates wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Seems xauth is not being invoked to create an authentication cookie when
> I use startx.
> 
> I'm still digging and comparing with the 6.9 version of xorg; but can
> anyone shorten this for me?
> 
> Does xauth create the cookies?
> 
> Do fresh ones normally get created every time you start a session?
> 
> Can cookies hang around indefinitely? i.e. can I just add some to my
> .Xauthority file and forget about this?
> 
> Does startx do the xauth invocation, or xinit or some other tool in the
> chain?
> 
> Thanks for your time.
> 
> Eric W. Bates wrote:
>> hm...
>>
>> I can't actually launch a local X process. KDE starts, and apache and
>> Thunderbird launch (because of a saved session); but I can't start an X
>> process from a command line:
>>
>> $ echo $DISPLAY
>> :0
>> $ xterm
>> Xlib: connection to ":0.0" refused by server
>> Xlib: No protocol specified
>>
>> That explains why ssh forwarding fails... but I'm still clueless.
>>
>> Eric W. Bates wrote:
>>> Anyone else run into X authentication issues after the 7.2 upgrade?
>>> I get the same error from every machine I ssh to after the 6.9 --> 7.2
>>> upgrade process:
>>> Xlib: connection to "localhost:10.0" refused by server
>>> Xlib: Invalid MIT-MAGIC-COOKIE-1 key
>>> Thanks.
>> _______________________________________________
>> freebsd-x11 at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-x11
>> To unsubscribe, send any mail to "freebsd-x11-unsubscribe at freebsd.org"
>>
> 
> - --
> Eric W. Bates
> ericx at vineyard.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGcAwzD1roJTQ4LlERAm4NAJ4yNVd1QdVVre4Plv7OZ3tkHbV0owCgsXH7
> GXqzYROvrTbdVzuupqODnz4=
> =sAZs
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-x11 at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-x11
> To unsubscribe, send any mail to "freebsd-x11-unsubscribe at freebsd.org"
> 
> 

-- 
Eric W. Bates
ericx at vineyard.net


More information about the freebsd-x11 mailing list