Default local auth policy
James Cloos
cloos at jhcloos.com
Mon Mar 16 10:05:19 PDT 2009
>>>>> "Adam" == Adam Jackson <ajax at nwnk.net> writes:
>> While I disagree that storing cookies in $HOME ‘sucks for NFS’,
Adam> I should have clarified. It sucks because NFS is unencrypted and
Adam> storing your auth cookies there means the whole wire gets to read them.
Adam> If you trust everyone on your local network, great.
Ah, OK. I was presuming a secure config. (Or, perhaps, had a fit of
nostalgia. :)
>> Which leaves the interesting question of what should happen if -auth
>> is not specified, but -ac is?
Adam> -ac means "disable access control".
I must've been just barely awake. While reminding myself of -ac's
purpose, I read "disables host-based access control mechanisms."
and must've only thought about the host-based part....
>> Not to mention whether -nolisten tcp also should be the default?
>> Or perhaps the default only w/o -ac and -auth?
Adam> In the absence of a -listen, that would be unpleasant. Not that
Adam> you're necessarily wrong.
If the point is to make it easier for the currently typical use case of
a single box acting as both server and host-for-the-clients, where unix-
domain sockets are the norm, tcp sockets may be unnecessary.
In any case, just in case I was ambiguous, +1 to the original idea.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the xorg-devel
mailing list