|
add DisplayName
ProtocolName Hexkey |
An authorization entry is added to the authorization file for the
indicated display using the given protocol and key data. The data is specified
as an even-length string of hexadecimal digits, each pair representing one
octet. The first digit of each pair gives the most significant 4 bits of the
octet, and the second digit of the pair gives the least significant 4 bits.
For example, a 32-character hexkey would represent a 128-bit value. A protocol
name consisting of just a single period is treated as an abbreviation for MIT-MAGIC-COOKIE-1. |
|
extract FileName DisplayName... |
Authorization entries for each of the specified displays are written
to the indicated file. The extracted entries can be read back in using the merge and nmerge commands. If the
file name consists of just a single dash, the entries are written to the binary
output. |
generate DisplayName
ProtocolName
[trusted | untrusted] [timeout seconds]
[group group-id] [data hexdata] |
This command is similar to add. The main difference
is that instead of requiring the user to supply the key data, it connects
to the server specified in displayname and uses the SECURITY extension in order to get the key data to
store in the authorization file. If the server cannot be contacted or if
it does not support the SECURITY extension, the
command fails. Otherwise, an authorization entry for the indicated display
using the given protocol is added to the authorization file. A protocol name
consisting of just a single period is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
If the trusted option is used, clients that connect
using this authorization will have full run of the display, as usual. If
untrusted is used, clients that connect using this authorization will be considered
untrusted and prevented from stealing or tampering with data belonging to
trusted clients. See the SECURITY extension specification
for full details on the restrictions imposed on untrusted clients. The default
is untrusted.
The timeout option specifies how long in seconds this
authorization will be valid. If the authorization remains unused (no clients
are connected with it) for longer than this time period, the server purges
the authorization, and future attempts to connect using it will fail. Note
that the purging done by the server does not delete the authorization entry
from the authorization file. The default timeout is 60 seconds.
The
group option specifies the application group that clients connecting with
this authorization should belong to. See the application group extension
specification for more details. The default is to not belong to an application
group.
The data option specifies data that the server should use to
generate the authorization. Note that this is not the same data that gets
written to the authorization file. The interpretation of this data depends
on the authorization protocol. The hexdata is in
the same format as the hexkey described in the add command. The default is to send no data. |
|
list [DisplayName...] |
Authorization entries for each of the specified displays (or all
displays if none are named) are printed on the standard output in a textual
format. Key data is always displayed in the hexadecimal format given in the
description of the add command. |
|
merge [FileName...] |
Authorization entries are read from the specified files and are merged
into the authorization database, superseding any matching existing entries.
If a file name consists of just a single dash, the binary input is read if
it has not been read before. |
|
[n]extract Filename DisplayName... |
Authorization entries for each of the specified displays are written
to the indicated file. The entries are written in a numeric format suitable
for non-binary transmission (such as secure electronic mail). The extracted
entries can be read back in using the merge and nmerge commands. If the file name consists of just a single
dash, the entries are written to the standard output. |
|
[n]list [DisplayName...] |
Authorization entries for each of the specified displays (or all
displays if none are named) are printed on the standard output in the numeric
format used by the nextract command. Key data is always
displayed in the hexadecimal format given in the description of the add command. |
|
[n]merge [FileName...] |
Authorization entries are read from the specified files and are merged
into the authorization database, superseding any matching existing entries.
The numeric format given in the description of the extract command is used. If a file name consists of just a single dash, the
standard input is read if it has not been read before. |
|
remove DisplayName... |
Authorization entries matching the specified displays are removed
from the authority file. |
|
source FileName |
The specified file is treated as a script containing xauth commands to execute. Blank lines and lines beginning with a # (pound
sign) are ignored. A single dash can be used to indicate the standard input,
if it has not already been read. |
|
info |
Information describing the authorization file, whether or not any
changes have been made, and from where xauth commands
are being read is printed on the standard output. |
|
exit |
If any modifications have been made, the authority file is written
out (if allowed), and the program exits. An end of file is treated as an implicit
exit command. |
|
quit |
The program exits, ignoring any modifications. This may also be accomplished
by pressing the interrupt character. |
|
help [String] |
A description of all commands that begin with the given string (or
all commands if no string is given) is printed on the standard output. |
|
? |
A short list of the valid commands is printed on the standard output. |