70
Chapter 10: Managing X Window Services
The X11 proxy also requires the user to confirm each new request for a connection to their
display. Because of the lack of strong authentication systems for X11, this reconfirmation
provides an additional opportunity to confirm that you really want to accept the
connection. You can watch for other people trying to hijack your display.
Because the X11 proxy works in conjunction with the TELNET and Rlogin proxies, you
can still configure access based on the source or destination hostname or IP address. The
strong authentication feature is also available. The TELNET and Rlogin proxies also log
X requests and connections.
How the X11 Proxy Works
Unlike some of the other Gauntlet proxies, the firewall does not start the X11 proxy when
it receives display requests. Instead, users must explicitly start the X11 proxy from either
the TELNET or Rlogin proxy. The firewall denies all requests for services on the standard
X port (6000).
A user TELNETs to the firewall, which runs the TELNET proxy. After checking
permissions and authenticating users (as described in chapter 1), the TELNET proxy
(tn-gw) displays a prompt for the user. At the prompt, the user indicates a wish to allow
X displays across the firewall. The TELNET proxy starts the X11 proxy (x-gw) on port
6010 (corresponding to X display “:10”) or higher. The X11 proxy checks its configuration
information (in the netperm-table file) and determines whether the initiating user has
permission to use X11 services related to the desired display.
If the user has permission, the proxy creates a “virtual display” on the firewall for the
requesting client. When the outside X client requests access to the user’s display, the
virtual display server passes a query display to the X server on the display machine. This
X server displays the query window on the real display, prompting the user to confirm
the request. After the user confirms the request, the real X server receives the display
information from the virtual X server. The proxy remains active until either end closes
the connection.
The default policy is to allow both inside and outside hosts to start the X11 proxy.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......