Configuring the Server

Let's look at a very basic server setup. Most X11 systems come with the remote X facilities turned on in the default setup. You may need to edit the /etc/hosts.allow and /etc/hosts.deny files. See the article on Linux Network Security here on Linuxplanet for more on this basic Linux security mechanism.

X Windows Security

Basic security is enabled via the use of the host command. More security options are discussed below. Initially you should say

to disable all client access, then turn it on selectively for each remote host name to be allowed. For instance, if you were on an X11 server mypc1.mydesktop.com, then issuing the command

would allow clients from the system 'freebase' to connect.

This will allow and disallow connections based on host names and is susceptible to IP spoofing and DNS attacks. The link itself is transmitted in plain text and can be intercepted by anyone on your local network. To bypass these security worries use ssh or some of the more advanced features of XDM (see below for details).

Configuring the Client

The client will usually know to which X Server (or display as it is usually referred to) to send your user interface. This is because most clients are launched by another X client. Under normal circumstances the clients inherit the location of the X display from the clients before them. It is sometimes necessary to manually set the display to send the to the client's user interface. Reasons for doing this include wanting to run a program on a display entirely different from the default. This can be done via environment variables or options in programs. Let's look at these concepts one by one:

Next: Software to optimise and secure the link »