Linux Configure Xauthority

  • Xhost. By default, Xhost allows only the localhost XClient to communicate with XServer. If you choose to allow a remote XClient to access XServer, the Xhost command must be run to grant permission on the specific machine. Or, you can alternately use xhost + to allow any XClient to connect to XServer.
  • Xauthority. The .Xauthority file can be found in each user’s home directory. It is used to store credentials in cookies used by xauth for authentication of XServer. When an XServer instance (Xorg) is started, the cookie is used to authenticate connections to that specific display.

How it works

  • Display number
  • Remote request protocol
  • Cookie number
# xauth -f ~/.Xauthority# > list# > us01msip06:107  MIT-MAGIC-COOKIE-1  fb228d1b695729242616c5908f11624b
  • Set the DISPLAY environment variable to the remote XServer.
  • Get the .Xauthority file which contains one of the cookie numbers in Xorg.

Configure Xauthority

sudo /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\Xorg" -t "REG_DWORD" -v "XauthEnabled" -d "0x00000001" --forcesudo /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\Xorg" -t "REG_DWORD" -v "ListenTCP" -d "0x00000001" --force
  • Pass the .Xauthority file to XClient manually
  • After launching an ICA session, the Linux VDA generates the .Xauthority file for the XClient and stores the file in the logon user’s home directory. You can copy this .Xauthority file to the remote XClient machine, and set the DISPLAY and XAUTHORITY environment variables. DISPLAY is the display number stored in the .Xauthority file and XAUTHORITY is the file path of Xauthority. For an example, see the following command:
  • export DISPLAY={Display number stored in the Xauthority file} export XAUTHORITY={the file path of .Xauthority}
  • If the XAUTHORITY environment variable is not set, the ~/.Xauthority file is used by default.
  • Pass the .Xauthority file to XClient by mounting a shared home directory
  • The convenient way is to mount a shared home directory for the logon user. When the Linux VDA starts an ICA session, the .Xauthority file is created under the logon user’s home directory. If this home directory is shared with XClient, the user does not need to transmit this .Xauthority file to XClient manually. After the DISPLAY and XAUTHORITY environment variables are set correctly, the GUI is displayed in XServer desktop automatically.

Troubleshooting

  1. As an administrator with root privilege, retrieve all of Xorg cookies:
  • ps aux | grep -i xorg
  1. This command displays the Xorg process and the parameters passed to Xorg while starting. Another parameter displays which .Xauthority file is used. For example:
  • /var/xdl/xauth/.Xauthority110
  1. Display the cookies using the Xauth command:
  • Xauth -f /var/xdl/xauth/.Xauthority110
  1. Use the Xauth command to show the cookies contained in ~/.Xauthority. For the same display number, the displayed cookies must be the same in the .Xauthority files of Xorg and XClient.
  2. If the cookies are the same, check the remote display port accessibility by using the IP address of the Linux VDA (for example, 10.158.11.11) and the published desktop display number (for example, 160).
  3. Run the following command on the XClient machine:
  • telnet 10.158.11.11 6160

--

--

--

Senior Software Development Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DevOps / SRE — Top Links Last Week

3 Industries Where Forex APIs Can Have An Impact

{UPDATE} Smarte ordgåtes - Sette sammen ordene ved å kombinere bokstavenhetene Hack Free Resources…

Guide to PostgreSQL Cursors

Flutter from the perspective of a Product Manager

The first Newsletter — A catch-up of January/2021

Forecast Precious Metals Rates Using An API

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hasan Yılmaz

Hasan Yılmaz

Senior Software Development Engineer

More from Medium

LINUX LOOPS

Linux Shorts -2

Bash scripting

Add Execute Permission 755 on Linux file — Ansible module file