Re: [mtools] floppyd authentication

info-mtools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mtools] floppyd authentication

From:	Alain Knaff
Subject:	Re: [mtools] floppyd authentication
Date:	Fri, 11 Nov 2005 00:28:18 +0100
User-agent:	KMail/1.8.92

On Thursday 10 November 2005 10:56, Denis Cardon wrote:
> Hi people,
>
> I've been using mtools utils since back in '98 and I've to thanks all
> the mtools dev team for this great piece of software.
>
> Back then in the 90's, I was using mtools to avoid the mount hell when
> accessing floppy drive. Now I have found it very effective for usb key
> access !
>
> I use it regularly in a ltsp (http://www.ltsp.org) environment using the
> floppyd daemon. I think it is the only effective way to access securely
> local device since it is based on X cookie authentication. It is very
> smart!

Glad to hear this! Thanks.

> I wanted to know how if you could shed some light on the floppyd access
> the X cookie information of the X server.

Xauthority is used by floppyd to authenticate the user (i.e. find out
whether the guy who runs mtools is entitled to access the hardware of
floppyd's machine). In order to do so, it reuses the X Window system's
Xauthority system. In a nutshell, if the user is entitled to access
the display, floppyd considers that he should also be entitled to
access the floppy drive (or USB drive, or whatever ;-))

The way this mechanism works is as follows:

 1. mtools reads the secret information from the user's Xauthority file
 on the backend machine
 2. it then passes that information to floppyd.
 3. floppyd attempts to establish a bogus session to the X server
 using that info. If the session can be established, then the user is
 allowed to use floppyd, else he is rejected.

> Indeed there does not seem to
> have any Xauthority file on the ltsp client side (where floppyd is
> running)

Floppyd uses an xauthority file in a temporary location (in the /tmp
directory, and having a randomly generated filename). It then uses the
XAUTHORITY environment variable to point the X library to this
location, so that it can perform the authentication test.
When done with the authentication, the Xauthority file has served its
purpose, and is deleted by floppyd.

> and so the xauth program is of no use.

The xauth program is useful on the machine where mtools is running,
but not on the machine where floppyd is running.

One situation where xauth may be useful if a user (sitting in front of
terminal T) logs in to terminal server TS (which gets the Xauth cookie
via xdm or whatever program is used to manage the X session). If he
then logs in to a third machine C, he will need to use xauth to copy
the cookies over from TS to C before he can use mtools. (... but that
being said, there are many program which manage these details
automatically: if he uses ssh -X, xauthority management is performed
automatically via ssh)

> Cheers,
>
> Denis Cardon

Regards,

Alain

_______________________________________________
mtools mailing list
address@hidden
http://www.tux.org/mailman/listinfo/mtools

[Prev in Thread]

Current Thread

[Next in Thread]

[mtools] floppyd authentication, Denis Cardon, 2005/11/10
- Re: [mtools] floppyd authentication, Alain Knaff <=

Prev by Date: [mtools] floppyd authentication
Previous by thread: [mtools] floppyd authentication
Index(es):
- Date
- Thread