x11xauthudeploy

xauth and $DISPLAY questions


Below is some steps a developer use to start a manual deployment for a Vitria application. Now we want to understand how to automate this process using IBM UrbanCode uDeploy.

  1. In the multiple entries of "xauth list" output, what does the number 11 mean in "unix:11".
  2. In $DISPLAY=localhost:11.0, what does this "11" mean? Does it related to the above "unix:11"? This localhost means my local PC or the remote server?
  3. To automated with UCD, we will have an UCD agent running under "pyaz5b", do we still need to do all this?
  4. I don't understand why X-Window is required here, because afterwards, the developer just runs "vdadmin" to do the deployment, not from a GUI at all.

All ids below has been changed for security reasons.

*******************************************************************************
*                                                                             *
*                                                                             *
*  Welcome to AIX Version 7.1!                                                *
*                                                                             *
*                                                                             *
*  Please see the README file in /usr/lpp/bos for information pertinent to    *
*  this release of the AIX Operating System.                                  *
*                                                                             *
*                                                                             *
*******************************************************************************
[ /users/qhwms3] :~> xauth list
uavitg04/unix:12  MIT-MAGIC-COOKIE-1  c29a18c4363b8b65c78b26bf28ec
uavitg04/unix:13  MIT-MAGIC-COOKIE-1  aaf848b52f00ab4ce30e8d58209a8
uavitg04/unix:10  MIT-MAGIC-COOKIE-1  025d33bb6094e1fac5cbb465333220
uavitg04/unix:11  MIT-MAGIC-COOKIE-1  c20ec7900e35c679f9263ed64ec8c87
[ /users/qhwms3] :~> echo $DISPLAY
localhost:11.0
[ /users/qhwms3] :~> sudo su - pyaz5b
uavitg04:/home/pyaz5b > export DISPLAY=localhost:11.0
uavitg04:/home/pyaz5b > xauth add uavitg04/unix:11  MIT-MAGIC-COOKIE-1  c20ec7900e35c679f92d641ec8c87

Solution

  • 1) You can have multiple X servers/sessions running in a machine (either on local hardware, using a virtual server or remotely). Numbering for these servers normally start at 0; your DISPLAY variable would then be ":0" or perhaps ":0.0".

    However when using X11 forwarding through SSH, the SSH daemon starts numbering at 10. So there are 4 remote sessions on your server, all with X11 forwarding enabled, numbered 10 through 13.

    2) Yes. The DISPLAY variabele is used by X programs to connect to the correct X server. The MIG-MAGIC-COOKIE acts as a password so that other users cannot connect to your X session (they are accessible through sockets).

    3) I can't comment on that. However, I find it odd to login with one account (qhwms3), then sudo to another account (pyaz5b) and manually add the magic cookie. Why nog login into pyaz5b directly (it does seem to have a regular shell)?

    4) If you are not starting an X application, then all this is not necessary. However, some tools have a 'hidden' dependency on X; they can operate in both command line and GUI mode, the latter by specificying a command switch. So even though you are using the command line interface they are still linked against the X11 libraries and sometimes always open a connection. I can't remember right now, there was a popular tool some years ago that had this annoying habit; you couldn't run it remotely unless you had X11 forwarding on, even though you didn't need an X server.