(Sorry for the cross-posting; this is somewhat important) Versions 1.20-11.2 and 1.20-12 of wdm contain a configuration error that caused X session authentication data to be stored in a non-existant directory. In situations like this, the X server falls back to a security mode which allows *all* users of the local system to access the display. That is to say, it was essentially running as though "xhost localhost && xhost `hostname -f`" had been run.
People using sid should see 1.20-13 in the archives now. If you are using woody, you should install 1.20-13 from sid now. It is available for i386 at: http://http.us.debian.org/debian/pool/main/w/wdm/wdm_1.20-13_i386.deb It has not yet been built for other architectures. When you install the updated package, you will be asked if you want to install a new version of /etc/X11/wdm/wdm-config. If you install a new version, then the authentication problem will be fixed. If you do not wish to install a new version of that file, then please edit it and change the DisplayManager.authDir resource to /var/lib/wdm Be sure that wdm gets restarted after you make the changes. Once the change is made, you can verify that it worked by running 'xhost'. If it outputs "access control enabled, only authorized clients can connect", and nothing else, then you're all set. Thanks to the several people who pointed this problem out to me in the past couple of days. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg04701/pgp00000.pgp
Description: PGP signature
