| add DisplayName
ProtocolName Hexkey
| An authorization entry is added to the authorization file for the
indicated display using the given protocol and key data. The data is
specified as an even-length string of hexadecimal digits, each pair
representing one octet. The first digit of each pair gives the most
significant 4 bits of the octet, and the second digit of the pair gives the
least significant 4 bits. For example, a 32-character hexkey would
represent a 128-bit value. A protocol name consisting of just a single
period is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
|
| extract FileName
DisplayName...
| Authorization entries for each of the specified displays are written to
the indicated file. The extracted entries can be read back in using the
merge and nmerge commands. If the file name
consists of just a single dash, the entries are written to the binary
output.
|
generate DisplayName
ProtocolName
[trusted | untrusted] [timeout seconds]
[group group-id] [data hexdata]
| This command is similar to add. The main difference is
that instead of requiring the user to supply the key data, it connects to the
server specified in displayname and uses the SECURITY
extension in order to get the key data to store in the authorization
file. If the server cannot be contacted or if it does not support the
SECURITY extension, the command fails. Otherwise, an
authorization entry for the indicated display using the given protocol is
added to the authorization file. A protocol name consisting of just a
single period is treated as an abbreviation for
MIT-MAGIC-COOKIE-1.
If the trusted option is used, clients that connect using this
authorization will have full run of the display, as usual. If untrusted
is used, clients that connect using this authorization will be considered
untrusted and prevented from stealing or tampering with data belonging to
trusted clients. See the SECURITY extension specification
for full details on the restrictions imposed on untrusted clients. The
default is untrusted.
The timeout option specifies how long in seconds this authorization will be
valid. If the authorization remains unused (no clients are connected
with it) for longer than this time period, the server purges the
authorization, and future attempts to connect using it will fail. Note
that the purging done by the server does not delete the authorization entry
from the authorization file. The default timeout is 60 seconds.
The group option specifies the application group that clients connecting
with this authorization should belong to. See the application group
extension specification for more details. The default is to not belong
to an application group.
The data option specifies data that the server should use to generate the
authorization. Note that this is not the same data that gets written to
the authorization file. The interpretation of this data depends on the
authorization protocol. The hexdata is in the same format as
the hexkey described in the add command. The
default is to send no data.
|
| list
[DisplayName...]
| Authorization entries for each of the specified displays (or all displays
if none are named) are printed on the standard output in a textual
format. Key data is always displayed in the hexadecimal format given in
the description of the add command.
|
| merge
[FileName...]
| Authorization entries are read from the specified files and are merged
into the authorization database, superseding any matching existing
entries. If a file name consists of just a single dash, the binary
input is read if it has not been read before.
|
| [n]extract
Filename DisplayName...
| Authorization entries for each of the specified displays are written to
the indicated file. The entries are written in a numeric format
suitable for non-binary transmission (such as secure electronic mail).
The extracted entries can be read back in using the merge and
nmerge commands. If the file name consists of just a single
dash, the entries are written to the standard output.
|
| [n]list
[DisplayName...]
| Authorization entries for each of the specified displays (or all displays
if none are named) are printed on the standard output in the numeric format
used by the nextract command. Key data is always displayed
in the hexadecimal format given in the description of the add
command.
|
| [n]merge
[FileName...]
| Authorization entries are read from the specified files and are merged
into the authorization database, superseding any matching existing
entries. The numeric format given in the description of the
extract command is used. If a file name consists of just a
single dash, the standard input is read if it has not been read before.
|
| remove
DisplayName...
| Authorization entries matching the specified displays are removed from
the authority file.
|
| source
FileName
| The specified file is treated as a script containing xauth
commands to execute. Blank lines and lines beginning with a # (pound
sign) are ignored. A single dash can be used to indicate the standard
input, if it has not already been read.
|
| info
| Information describing the authorization file, whether or not any changes
have been made, and from where xauth commands are being read is
printed on the standard output.
|
| exit
| If any modifications have been made, the authority file is written out
(if allowed), and the program exits. An end of file is treated as an
implicit exit command.
|
| quit
| The program exits, ignoring any modifications. This may also be
accomplished by pressing the interrupt character.
|
| help
[String]
| A description of all commands that begin with the given string (or all
commands if no string is given) is printed on the standard output.
|
| ?
| A short list of the valid commands is printed on the standard
output.
|
| -f
AuthFile
| Specifies the name of the authority file to use. By default,
xauth uses the file specified by the XAUTHORITY
environment variable or .xauthority in the user's home
directory.
|
| -v
| Indicates that xauth should operate verbosely and print status
messages indicating the results of various operations (for example, how many
records have been read in or written out). This is the default if
xauth is reading commands from its standard input and its standard
output is directed to a terminal.
|
| -q
| Indicates that xauth should operate quietly and not print
unsolicited status messages. This is the default if an xauth
command is given on the command line or if the standard output is not directed
to a terminal.
|
| -i
| Indicates that xauth should ignore any authority file
locks. Normally, xauth refuses to read or edit any authority
files that have been locked by other programs (usually xdm or
another xauth).
|
| -b
| Indicates that xauth should attempt to break any authority
file locks before proceeding. Use this option only to clean up stale
locks.
|