xauth man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

xauth(1X)							     xauth(1X)

       xauth - X authority file utility

       xauth [-f authfile] [-vqib] [commandarg...]

       The  following options may be used with xauth.  They may be given indi‐
       vidually (for example, -q -i) or may combined (for example, -qi).  This
       option  specifies  the  name of the authority file to use.  By default,
       xauth will use the file specified by the XAUTHORITY  environment	 vari‐
       able or in the user's home directory.  This option indicates that xauth
       should operate quietly and not print unsolicited status messages.  This
       is  the	default if an xauth command is given on the command line or if
       the standard output is not directed to a terminal.  This	 option	 indi‐
       cates  that  xauth  should  operate verbosely and print status messages
       indicating the results of various operations  (for  example,  how  many
       records	have  been  read  in  or written out).	This is the default if
       xauth is reading commands from its standard input and its standard out‐
       put is directed to a terminal.  This option indicates that xauth should
       ignore any authority file locks.	 Normally, xauth will refuse  to  read
       or  edit	 any  authority	 files that have been locked by other programs
       (usually xdm or another	xauth).	  This	option	indicates  that	 xauth
       should  attempt	to  break  any authority file locks before proceeding.
       Use this option only to clean up stale locks.

       The xauth program is used to edit and display the authorization	infor‐
       mation  used  in	 connecting  to the X server.  This program is usually
       used to extract authorization records from one machine and  merge  them
       in  on  another	(as  is	 the case when using remote logins or granting
       access to other users).	Commands  (described  below)  may  be  entered
       interactively,  on  the	xauth  command line, or in scripts.  Note that
       this program does not contact the X server. Normally xauth is not  used
       to create the authority file entry in the first place; xdm does that.

       The  following  commands	 may be used to manipulate authority files: An
       authorization entry for the indicated display using the given  protocol
       and key data is added to the authorization file.	 The data is specified
       as an even-lengthed string of hexadecimal digits, each pair  represent‐
       ing one octet.  The first digit of each pair gives the most significant
       4 bits of the octet, and the second digit of the pair gives  the	 least
       significant 4 bits.  For example, a 32 character hexkey would represent
       a 128-bit value.	 A protocol name consisting of just a single period is
       treated	as  an	abbreviation  for  MIT-MAGIC-COOKIE-1.	 Authorization
       entries for each of the specified displays are written to the indicated
       file.   If  the	nextract command is used, the entries are written in a
       numeric format suitable for non-binary  transmission  (such  as	secure
       electronic  mail).  The extracted entries can be read back in using the
       merge and nmerge commands.  If the filename consists of just  a	single
       dash,  the  entries will be written to the standard output.  Authoriza‐
       tion entries for each of the specified displays (or all if no  displays
       are named) are printed on the standard output.  If the nlist command is
       used, entries will be shown in the numeric format used by the  nextract
       command;	 otherwise,  they  are	shown in a textual format. Key data is
       always displayed in the hexadecimal format given in the description  of
       the  add	 command.   Authorization  entries are read from the specified
       files and are merged into the authorization database,  superceding  any
       matching	 existing  entries. If the nmerge command is used, the numeric
       format given in the description of the extract command is used.	 If  a
       filename	 consists  of  just  a single dash, the standard input will be
       read if it has not been read before.   Authorization  entries  matching
       the specified displays are removed from the authority file.  The speci‐
       fied file is treated as a script containing xauth commands to  execute.
       Blank  lines  and lines beginning with a sharp sign (#) are ignored.  A
       single dash may be used to indicate the standard input, if it  has  not
       already	been  read.   Information  describing  the authorization file,
       whether or not any changes have been made, and from  where  xauth  com‐
       mands are being read is printed on the standard output.	If any modifi‐
       cations have been made, the authority file is written out (if allowed),
       and  the	 program exits.	 An end of file is treated as an implicit exit
       command.	 The program exits, ignoring any modifications.	 This may also
       be  accomplished by pressing the interrupt character.  A description of
       all commands that begin with the given string (or all  commands	if  no
       string  is  given)  is printed on the standard output.  A short list of
       the valid commands is printed on the standard output.

       Display names for the add, [n]extract, [n]list,	[n]merge,  and	remove
       commands	 use  the  same format as the DISPLAY environment variable and
       the common -display command line argument.   Display-specific  informa‐
       tion  (such  as	the screen number) is unnecessary and will be ignored.
       Same-machine connections (such as local-host  sockets,  shared  memory,
       and  the Internet Protocol hostname localhost) are referred to as host‐
       name/unix:displaynumber so that local entries  for  different  machines
       may be stored in one authority file.

       The  most  common use for xauth is to extract the entry for the current
       display, copy it to another machine,  and  merge	 it  into  the	user's
       authority file on the remote machine:

	       %  xauth extract - $DISPLAY | rsh otherhost xauth merge -

       This xauth program uses the following environment variables: to get the
       name of the authority file to use if the -f option is not used.	to get
       the user's home directory if XAUTHORITY is not defined.

       default authority file if XAUTHORITY is not defined.

       Users  that  have  unsecure  networks should take care to use encrypted
       file  transfer  mechanisms  to  copy  authorization   entries   between
       machines. Similarly, the MIT-MAGIC-COOKIE-1 protocol is not very useful
       in unsecure environments.  Sites	 that  are  interested	in  additional
       security	 may  need  to	use encrypted authorization mechanisms such as

       Spaces are currently not allowed in the protocol name.	Quoting	 could
       be added for the truly perverse.

       Jim Fulton, MIT X Consortium


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net