VMS Help  —  XAUTH  Viewing and Editing File Entries
    Each X authority file assumes the default protections of the
    account and directory in which it resides. If you have the
    appropriate privileges, you can view or edit the contents of
    an X authority file. To ensure the appropriate level of security,
    access to this file is typically limited to either the local
    SYSTEM account, the file owner, or both.

                                   NOTE

       When an X authority file is open for viewing or editing,
       one or more lock files are created by adding -L or -C to the
       file extension (such as, *.DECW$XAUTH-C). This renders the
       X authority file locked from further use. When the file is
       closed, the lock is subsequently removed, and the lock files
       deleted.

       If a DECwindows Motif session is terminated abruptly, one
       or more locked files can remain. Use the XAUTH command with
       options -b or -i to either break or ignore the locks and
       gain access to the file.

1  –  Displaying File Entries

    Use the XAUTH LIST command to display the contents of an X
    authority file.

    For example, the following XAUTH command displays the entries in
    the X authority file UNTRUSTED.DECW$XAUTH:

    $  XAUTH -f UNTRUSTED.DECW$XAUTH LIST
    local/ZEPHYR:0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62
    decnet/ZEPHYR::0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62
    116.94.24.187:0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62

                                   NOTE

       TCP/IP is considered the default transport for X authority
       file entries. As a result, the transport portion of the
       display name is assumed and not displayed for entries that
       use the TCP/IP transport.

    To limit the list to entries related to a particular display,
    enter the display name at the end of the XAUTH LIST command, as
    follows:

    $ XAUTH -f UNTRUSTED.DECW$XAUTH LIST ZEPHYR::0
    decnet/ZEPHYR::0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62

    With the TCPIP transport, multiple addresses may correspond to
    the same display name. When displaying X authority file entries,
    it may be difficult to distinguish which entry applies to which
    address. To differentiate the entries, use the -n qualifier to
    list them in numeric format, as follows:

    $ XAUTH LIST
    test13_2:0  MIT-MAGIC-COOKIE-1  12
    test13_2:0  MIT-MAGIC-COOKIE-1  23
    $ XAUTH -n LIST
    #0006#fe800000000000000200f8fffe101905#:0  MIT-MAGIC-COOKIE-1  12
    #0000#c0a70209#:0  MIT-MAGIC-COOKIE-1  23

2  –  Adding and Removing File Entries

    Use the XAUTH ADD and XAUTH REMOVE commands to add entries to or
    delete entries from an X authority file.

    If you have created a display device (using the SET DISPLAY
    command), you can specify the device name on the xauth command
    line to insert or remove entries related to the display device.
    Typically, the X authority file entry for a display device
    corresponds to the display server specified by the SET DISPLAY
    command. However, if the SET DISPLAY command specifies that
    a proxy server be used, the file entry pertains to that proxy
    server.

    For example, the following X authority file has a single
    entry for the LOCAL transport on node ZEPHYR. To use the same
    authorization key for the DECnet transport and to specify
    that Kerberos be used when connecting to remote node HUBBUB,
    you could add the following entries to the X authority file
    UNTRUSTED.DECW$XAUTH:

    $  XAUTH -f UNTRUSTED.DECW$XAUTH
    Using authority file untrusted.decw$xauth

    xauth>  LIST
    local/ZEPHYR:0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62

    xauth>  ADD ::0 . cfcc5ef98f9718f90154f355c0ae9f62
    xauth>  ADD HUBBUB::0 MIT-KERBEROS-5 ""

    xauth>  LIST
    local/ZEPHYR:0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62
    decnet/ZEPHYR::0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62
    decnet/HUBBUB::0  MIT-KERBEROS-5

    xauth> EXIT
    Writing X authority file untrusted.decw$xauth

    Client applications running on systems in the same cluster
    share a single X authority file. As a result, in cluster
    configurations, adding an entry for the DECnet transport to the
    local system grants client applications running on other nodes in
    the cluster access to that system.

    To discontinue remote access to HUBBUB, you could use the XAUTH
    REMOVE command to remove the entry, as follows:

    $  XAUTH -f UNTRUSTED.DECW$XAUTH
    Using authority file untrusted.decw$xauth

    xauth> REMOVE HUBBUB::0
    1 entries removed

    xauth> LIST
    local/ZEPHYR:0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62
    decnet/ZEPHYR::0  MIT-MAGIC-COOKIE-1  cfcc5ef98f9718f90154f355c0ae9f62

    xauth> EXIT
    Writing X authority file untrusted.decw$xauth

3  –  Copying Entries Between Files

    Use one or more of the following XAUTH commands to copy entries
    for a particular display from one X authority file to another.

    This enables you to use an existing entry to grant another user
    access to a particular display or to obtain access to a remote
    host from the current display device.

    o  EXTRACT - Creates a new X authority file whose entries match
       those in the original file.

    o  MERGE - Appends the contents of one file to another, replacing
       entries for the same display name or adding entries for
       different names.

    o  NEXTRACT and NMERGE - These commands are designed to be used
       with the PIPE command. NEXTRACT extracts file entries in a
       text format that can then be used as input for the NMERGE
       command.

       For example, the following command extracts the X
       authority file entry for the local transport from the file
       UNTRUSTED.DECW$XAUTH and adds it to a new X authority file
       NEW_XAUTHORITY.DECW$XAUTH:

       $  PIPE XAUTH -f UNTRUSTED.DECW$XAUTH NEXTRACT SYS$OUTPUT :0 | -
       _$ XAUTH -f NEW_XAUTHORITY.DECW$XAUTH NMERGE SYS$INPUT

    These commands can also be used with the rsh command to
    copy entries from an X authority file on an OpenVMS host to
    an X authority file on a remote UNIX system. For example,
    the following command extracts the entry for TCP/IP access
    (TCPIP/0:0) and adds it to the current file for user SMITH on
    the remote UNIX system FLOPSY:

    $  PIPE XAUTH -f UNTRUSTED.DECW$XAUTH NEXTRACT TCPIP/0:0 | -
    _$ rsh/user=smith/password=secret flopsy "xauth nmerge -"

                                   NOTE

       When using the PIPE and XAUTH commands to pass information
       to a UNIX host, you must press Ctrl/C to terminate the
       connection to the UNIX host and return control to OpenVMS.
Close Help