Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
GetNetWise: You
e One Click Away

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 76 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

pam_xauth



SYNOPSIS

       session optional /lib/security/pam_xauth.so arguments


DESCRIPTION

       pam_xauth.so  is designed to forward xauth keys (sometimes
       referred to as "cookies") between users.

       Without pam_xauth, when xauth is enabled and a  user  uses
       the  su command to assume another user's priviledges, that
       user is no longer able to access  the  original  user's  X
       display  because the new user does not have the key needed
       to access the display.  pam_xauth solves  the  problem  by
       forwarding  the  key  from the user running su (the source
       user) to the user whose identity the source user is assum­
       ing  (the  target  user)  when the session is created, and
       destroying the key when the session is torn down.

       This means, for example, that when  you  run  su  from  an
       xterm sesssion, you will be able to run X programs without
       explicitly dealing with the xauth command or ~/.Xauthority
       files.

       pam_xauth  will  only forward keys if xauth can list a key
       connected to the $DISPLAY environment variable.

       Primitive access control is provided by ~/.xauth/export in
       the  invoking user's home directory and ~/.xauth/import in
       the target user's home directory.

       If a user has a ~/.xauth/import file, the user  will  only
       receive  cookies  from users listed in the file.  If there
       is no ~/.xauth/import file, the user will  accept  cookies
       from any other user.

       If  a  user  has  a .xauth/export file, the user will only
       forward cookies to users listed in the file.  If there  is
       no  ~/.xauth/export  file,  and  the  invoking user is not
       root, the user will forward cookies to any other user.  If
       there is no ~/.xauth/export file, and the invoking user is
       root, the user will not forward cookies to other users.

       Both the import and export files support  wildcards  (such
       as  *).   Both  the  import and export files can be empty,
       signifying that no users are allowed.


ARGUMENTS

       debug  Turns on debugging messages sent to syslog.

       xauthpath=/usr/X11R6/bin/xauth
              Specify the path the xauth program (the default  is
              /usr/X11R6/bin/xauth).

       application  in  which the getuid() call returns the id of
       the user running the application, and for  which  PAM  can
       supply the name of the account that the user is attempting
       to assume.  The typical application of this  type  is  su.
       The  application  must  call  both  pam_open_session() and
       pam_close_session() with the ruid set to the  uid  of  the
       calling  user and the euid set to root, and must have pro­
       vided as the PAM_USER item the name of the target user.

       pam_xauth calls xauth as the source user  to  extract  the
       key  for  $DISPLAY, then calls xauth as the target user to
       merge the key into the  a  temporary  database  and  later
       remove the database.

       pam_xauth  cannot  be told not to remove the keys when the
       session is closed.


SEE ALSO

       /usr/share/doc/pam*/html/index.html


FILES

       ~/.xauth/import ~/.xauth/export


BUGS

       Let's hope not, but if you find any,  please  report  them
       via   the   "Bug   Track"   link  at  http://bugzilla.red­
       hat.com/bugzilla/


AUTHOR

       Nalin Dahyabhai <nalin@redhat.com>, based on original ver­
       sion by Michael K. Johnson <johnsonm@redhat.com>

Red Hat Linux               2003/7/24                pam_xauth(8)
  

More information about the site can be found in the FAQ


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds