HP Visualize J5000 HP Workstations - Graphics Administration Guide For Red Hat - Page 70

In addition, the server provides support for a DES-based authorization scheme, XDMAUTHORIZATION-1, which is more secure (given a secure key distribution mechanism), but as DES is not generally distributable, the implementation is missing routines to encrypt and decrypt the authorization data. This authorization scheme can be used in conjunction with XDMCP's authentication scheme, XDMAUTHENTICATION-1 or in isolation. The authorization data is passed to the server in a private file named with the -auth command line option. Each time the server is about to accept the first connection after a reset (or when the server is starting), it reads this file. If this file contains any authorization records, the local host is not automatically allowed access to the server, and only clients which send one of the authorization records contained in the file in the connection setup information will be allowed access. See the Xau manual page for a description of the binary format of this file. Maintenance of this file, and distribution of its contents to remote sites for use there is left as an exercise for the reader. The sample server also uses a host-based access control list for deciding whether or not to accept connections from clients on a particular machine. This list initially consists of the host on which the server is running as well as any machines listed in the file /etc/Xn.hosts, where n is the display number of the server. Each line of the file should contain an Internet hostname (e.g., expo.lcs.mit.edu.) There should be no leading or trailing spaces on any lines. For example: joesworkstation corporate.company.com Users can add or remove hosts from this list and enable or disable access control using the xhost command from the same machine as the server. For example: Graphics Administration Guide For Red Hat Linux 6.2