Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Re: Network Security Fest


\begin{chesty}
> I'd be interested in hearing more about application proxy servers with
> authentication, in particular I'd like to know more about proxying X
> with authentication.

random ways of doing this (off the top of my head):

xhost - authentication by IP (not very secure)

xauth - authentication by whoever holds a token (pretty good assuming
no sniffing / encryption isn't important). rstart/rstartd is a way of
using this easily (using rsh). very good for NFS /home environments,
since the cookie is stored in $HOME and it all "just works".

redirecting over ssh - probably the most secure. the encryption slows
things down a bit. automatically running xauth on other machines tends
to upset the really paranoid, so don't forward X unnecessarily.

none of them is very hard to setup, once you know the right command.


related:

xfwp - X proxy for use on gateways. not really an authentication thing
- more of a firewall/sysadmin thing.

lbxproxy, dxpc, etc - compression/caching proxies for low-bandwidth
(eg: over a modem) X connections. lbxproxy is the "official" X11 LBX
extension implementation, dxpc is not.

-- 
 - Gus