词条 | X Window authorization |
释义 |
In the X Window System, programs run as X clients, and as such they connect to the X display server, possibly via a computer network. Since the network may be accessible to other users, a method for forbidding access to programs run by users different from the one who is logged in is necessary. There are five standard access control mechanisms that control whether a client application can connect to an X display server. They can be grouped in three categories:
Additionally, like every other network connection, tunneling can be used. Host-based accessThe host-based access method consists in specifying a set of hosts that are authorized to connect to the X display server. This system has inferior security, as it allows every user who has access to such a host to connect to the display. The Cookie-based accessThe cookie-based authorization methods are based on choosing a magic cookie (an arbitrary piece of data) and passing it to the X display server when it is started; every client that can prove having knowledge of this cookie is then authorized connection to the server. These cookies are created by a separate program and stored in the file The two systems using this method are The xauth application is a utility for accessing the The Inter-Client Exchange (ICE) Protocol implemented by the [https://www.x.org/releases/X11R7.7/doc/libICE/ICElib.html Inter-Client Exchange Library] for direct communication between X11 clients uses the same User-based accessThe user-based access methods work by authorizing specific users to connect to the server. When a client establishes a connection to a server, it has to prove being controlled by an authorized user. The two methods based on authenticating users using networked identity management systems are A third method is limited to local connections, using system calls to ask the kernel what user is on the other end of a local socket. The TunnelingThe SSH utility (when invoked with option X11 connections between client and server over a network can also be protected using other secure-channel protocols, such as Kerberos/GSSAPI or TLS, although such options are now far more rarely used than SSH. References1. ^{{cite web|title=Server-interpreted Authentication Types "localuser" and "localgroup" |url=https://cgit.freedesktop.org/xorg/proto/x11proto/tree/specs/SIAddresses/localuser.txt |publisher=X.Org Foundation |accessdate=16 January 2015}} External links
1 : X Window System |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。