How can I configure gdm to allow X connections to other servers/workstations?

I have an issue on all new installs of CentOS 6.2 on my network. Connecting to remote machines using X11 gui software fails for reasons associated with the xauth. I'm not sure how to diagnose but have narrowed it down to the following:

gdm can't properly authenticate with remote host
XAUTHORITY is set to a local path not available on the remote machine
there is no .Xauthority file in the local user home dir
missing MIT-MAGIC-COOKIE-1

Here are some logs:

/var/log/Xorg.0.log

[  9273.858] AUDIT: Mon Jun  4 14:41:21 2012: 7778: client 20 connected from local host (
uid=0 gid=0 pid=8800 )
  Auth name: MIT-MAGIC-COOKIE-1 ID: 496
[  9273.870] AUDIT: Mon Jun  4 14:41:21 2012: 7778: client 35 connected from local host (
uid=0 gid=0 pid=8800 )
  Auth name: MIT-MAGIC-COOKIE-1 ID: 496
[  9274.072] AUDIT: Mon Jun  4 14:41:21 2012: 7778: client 20 disconnected
[  9274.072] AUDIT: Mon Jun  4 14:41:21 2012: 7778: client 35 disconnected
[  9277.236] AUDIT: Mon Jun  4 14:41:25 2012: 7778: client 20 connected from local host (
uid=0 gid=0 pid=8804 )
  Auth name: MIT-MAGIC-COOKIE-1 ID: 496
[  9277.248] AUDIT: Mon Jun  4 14:41:25 2012: 7778: client 35 connected from local host (
uid=0 gid=0 pid=8804 )
  Auth name: MIT-MAGIC-COOKIE-1 ID: 496
[  9277.277] AUDIT: Mon Jun  4 14:41:25 2012: 7778: client 20 disconnected
[  9277.277] AUDIT: Mon Jun  4 14:41:25 2012: 7778: client 35 disconnected

/var/log/messages

Jun  4 14:41:21 myhostname abrt[8801]: saved core dump of pid 8800 (/usr/bin/perl) to /var/spo
ol/abrt/ccpp-2012-06-04-14:41:21-8800.new/coredump (18776064 bytes)
Jun  4 14:41:21 myhostname abrtd: Directory 'ccpp-2012-06-04-14:41:21-8800' creation detected
Jun  4 14:41:21 myhostname abrtd: Package 'clusterssh' isn't signed with proper key
Jun  4 14:41:21 myhostname abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-04-14:41:21-8800 (res:2), deleting

I'm sure this is an easy thing to address.

Things I tried that were unsuccessful:

sadly gdmsetup is not part of EL6
configured /etc/gdm/PostLogin to copy $XAUTHORITY to $HOME/.Xauthority (NFS mounted home directories)
explicitly created /etc/sysconfig/desktop with DISPLAYMANAGER=GNOME & DESKTOP=GNOME
tried different combinations of xinit and xauth

Hopefully someone can help diagnose and solve this problem. As visible in the logs, I'm without clusterssh as a result which is an unfortunate thing given I use it daily.

robertmoggach

Posted 2012-06-04T19:11:53.227

Reputation: 283

Does it work after running the command xauth + 127.0.0.1 ? – Jeremy W – 2012-06-13T18:06:28.317

No I have posted the solution below. It was tricky to track down but simple in the end. It's definitely one to remember for future installs. – robertmoggach – 2012-06-14T01:59:36.400

solution i posted was actually NOT the solution... but I've now posted the solution which was related to the system Xresources file. Operator error. – robertmoggach – 2012-10-15T16:45:35.347

Answers

Actually the X11 access controls had nothing to do with the issues I was having. It was all because I had appended the solarized theme Xresources file in the system Xresources file. Removing those lines fixed the problem.

I was able to diagnose by running cssh -e hostname which showed that the color definitions were not understood by xterm. Removed the lines, restarted the X server and all is running smoothly.

robertmoggach

Posted 2012-06-04T19:11:53.227

Reputation: 283

The solution was, as expected, trivial and obscure-

With the vanilla install of CentOS 6.2 the X11 color definition file that is part of the xorg-x11-server-utils package (X.Org X11 X server utilities) is not resolved correctly by X11.

For some apps this results in warning messages but others fail with unrelated errors.

The solution was to add the following explicitly to the /etc/X11/xorg.conf file "Files" section:

Section "Files"
    RgbPath "/usr/share/X11/rgb.txt"
EndSection

With this in place, a simple logout/login to restart the X server fixed the problem.

This thread was what led me to find the working solution:

http://www.nntp.perl.org/group/perl.tcltk/2006/09/msg99.html

robertmoggach

Posted 2012-06-04T19:11:53.227

Reputation: 283

This excerpt might relate to your problem :

7.2. Why does Cygwin/X report AUDIT: client 1 rejected from IP remotehost?

The problem is most likely a wrong DNS (Network name resolution). Make sure your windows host has a hostname which is valid from linux too and an IP address which linux can resolve to that hostname.

If you add a line
192.168.26.1 myhost
to /etc/hosts on the XDMCP server with the IP address and the hostname of your windows host the name resolution should work.

harrymc

Posted 2012-06-04T19:11:53.227

Reputation: 306 093

All forward and reverse name resolution is resolving/working as expected. Thankfully there are no windows hosts on the network to complicate matters.

We also already tried adding explicit hosts in the /etc/hosts file. – robertmoggach – 2012-06-10T14:59:55.503

confirmed that this is not a solution - all hosts are resolving correctly in both directions – robertmoggach – 2012-06-11T16:30:28.277

More info would be nice : What do you use for connecting? What error message do you receive? Have you tried without ClusterSSH? – harrymc – 2012-06-11T17:29:58.610

ssh -X has the same result for anything that requires a local gui window 2) logs are part of the original question but if you'd like to see others let me know 3) I have had similar results with other apps but this cssh is the easiest/fastest way to reproduce the issue

< – robertmoggach – 2012-06-11T18:40:12.110