Luke Mewburn <lukem@wasabisystems.com> writes:
> > Can we reopen the issue?
> 
> No, I don't think so.
> 
> Have a look at the way that X11Forwarding is implemented. It effectively
> comprises of:
> 	* creating a tunnel for the X traffic (ssh & sshd)
> 	* creating a one-time $DISPLAY (e.g, "server:55") and and
> 	  appropriate xauth cookie for that session (ssh)
> 	* passing this new $DISPLAY and cookie (ssh to remote sshd to deal with)
> 
> Our login(1) can't handle the cookie (or the DISPLAY, unless it's in the
> environment before-hand).

It handles DISPLAY just fine. Try it -- it gets passed properly. What
it isn't handling is the the creation of the X authority file for the
cookie.

> Hacking login(1) to support this cookie
> munging is something that I strongly object to.

So have the sshd create the .Xauthority file and THEN call login. Not
A Big Deal. You can just steal the code from session.c that does it
right now, put it into a pre-amble that gets called before login is
called, and go.

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/