[LightDM] Removing the /unix specification from the /var/run/lightdm/root/:0 file

b.king at surrey.ac.uk b.king at surrey.ac.uk
Tue Jul 30 07:24:56 PDT 2013 

Hi Folks

I'm currently working on configuring Ubuntu 12.04 Linux to match our
user environment - one of the aspects I'm working on is enabling X11
over TCP as we have a large number of graphical applications running on
local (same-subnet) compute server systems.  Encrypting the X11 stream
between clients and servers on the same physical network switch inside a
secured floor of offices seems like insanity to me.

I've obviously configured Lightdm to start the Xorg X11 server with TCP
mode connections enabled, but the -auth argument (which I assume is
provided by lightdm) points to a file called /var/run/lightdm/root/:0.
Despite the TCP mode connection being enabled, the only
MIT-MAGIC-COOKIE-1 key that is placed within this file includes the
"hostname/unix:0" specification which limits it's use to Unix domain
sockets only.

What I need to do is to have lightdm (assuming it is lightdm that is
creating this authorisation file) create it with simply "hostname:0" so
that the MIT-MAGIC-COOKIE-1 key may be used on X11 over TCP connections
as well as those over X11 over Unix Domain socket connections.

I have confirmed that extracting the key from the :0 file using Xauth
-f :0 list followed by a correspondingly altered re-insertion of the key
without the /unix part using Xauth -f :0 add ... command does indeed
work.

My first question is whether there is something I've missed in the
lightdm configuration file that would allow me to specify that I want
the MIT-MAGIC-COOKIE-1 enabled for both TCP and Unix domain connections?

The second point which follows on from that is whether when allowing TCP
connections to the Xserver, maybe lightdm SHOULD remove the /unix
element from the MIT_MAGIC-COOKIE-1 stored in the :0 file.  It would
seem to me to be logical that it should.

And the final point is seeking advice on the best recommended way to
work around this problem for the time being.  I assume I could do the
xauth list/xauth add steps within the display-setup-script if necessary.
Is this the best place to do it?

Thanks in advance for your help.  A matching Ubuntu-bug report has been
sent as requested on the Wiki.

Regards, Bevis.

More information about the LightDM mailing list