From gnb@itga.com.au  Fri Jun 23 01:09:42 2000
Return-Path: <gnb@itga.com.au>
Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210])
	by hub.freebsd.org (Postfix) with ESMTP id 847D437BA64
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Jun 2000 01:09:40 -0700 (PDT)
	(envelope-from gnb@itga.com.au)
Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20])
	by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id SAA88066
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Jun 2000 18:09:38 +1000 (EST)
	(envelope-from gnb@itga.com.au)
Received: from hellcat.itga.com.au (hellcat.itga.com.au [192.168.71.163])
	by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id SAA24683;
	Fri, 23 Jun 2000 18:09:38 +1000 (EST)
Received: (from gnb@localhost)
	by hellcat.itga.com.au (8.9.3/8.9.3) id SAA01784;
	Fri, 23 Jun 2000 18:09:37 +1000 (EST)
	(envelope-from gnb@itga.com.au)
Message-Id: <200006230809.SAA01784@hellcat.itga.com.au>
Date: Fri, 23 Jun 2000 18:09:37 +1000 (EST)
From: Gregory Bond <gnb@itga.com.au>
To: FreeBSD-gnats-submit@freebsd.org
Subject: X authentication doesn't work because crypto is broken
X-Send-Pr-Version: 3.2

>Number:         19461
>Category:       conf
>Synopsis:       X authentication doesn't work off the CD due to crypto problems
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 23 01:10:01 PDT 2000
>Closed-Date:    Sat Jul 21 21:16:21 PDT 2001
>Last-Modified:  Sat Jul 21 21:17:28 PDT 2001
>Originator:     Gregory Bond
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
ITG Australia Limited
>Environment:

4.0 installed off the CD, no crypto or international crypto.
XDM running from /etc/ttys.

>Description:

X refused to start on my system, a new install from the 4.0 CD.  Symptoms were
that xdm would start, I'd log in, then get kicked straight off. xdm-errors 
had a bunch of lines like
	XDM-AUTHORIZATION-1 failed: -1
(exact message no longer in the logs :< )

No clients could get access to the server, not even xhost.

Much hair-pulling, truss-ing of processes etc later, I discovered that
XDM-AUTHORIZATION-1 is not working.  If I disable this in xdm-config
by forcing use of MIT-MAGIC-COOKIE-1, everything works as normal.

>How-To-Repeat:

Iinstall from CD, no crypto, boot & log in to xdm.  Check errors in 
/usr/X11R6/lib/X11/xdm/xdm-errors

>Fix:


--- /usr/X11R6/lib/X11/xdm/xdm-config-DIST	Sat Jan  8 17:09:54 2000
+++ /usr/X11R6/lib/X11/xdm/xdm-config	Fri Jun 23 05:09:10 2000
@@ -10,11 +10,12 @@
 ! X terminals will be configured that way, so by default
 ! use authorization only for local displays :0, :1, etc.
 DisplayManager._0.authorize:	true
+DisplayManager._0.authName:	MIT-MAGIC-COOKIE-1
 DisplayManager._1.authorize:	true
 ! The following three resources set up display :0 as the console.
 DisplayManager._0.setup:	/usr/X11R6/lib/X11/xdm/Xsetup_0

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: mike 
State-Changed-When: Sat Jul 21 21:16:21 PDT 2001 
State-Changed-Why:  

Two days after this PR was opened, crypto became required.  See 
src/UPDATING for details. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19461 
>Unformatted:
