Security tab
Getting there
From X Manager, X Manager for Domains, or the X Administrative Console
- (Administrative Console only) Click the Domain Definitions tab.
- In the left pane, select an existing session definition or click
next to Sessions Definitions to create a new one. - In the Session Definition pane on the right, click the Security tab.
The options are:
Allow remote IP connections
|
When cleared, only local X clients can connect to Reflection X Advantage. set up a listening socket only on the local loopback interface.
Note: When you connect to a client using Secure Shell as the connection method (the default), the X11 data is forwarded to Reflection X Advantage from a local port. This means that, for Secure Shell clients, you can clear Allow remote IP connections to help ensure access only from clients running on authenticated hosts.
|
Authorized Hosts
|
This option is visible when Host-based authorization is selected.
To create or edit the Authorized Hosts list, type host names in the text box, separating each name by new lines, spaces, commas or semi-colons.
|
User-based authorization
|
When selected, clients are allowed to run only if they can be verified using MIT-MAGIC-COOKIE-1 authorization.
Notes:
- To edit the xauth command that Reflection X Advantage uses to put an MIT cookie in the user's .XAuthority file, go to the client definition pane; under Connection method click Advanced.
- If both user-based and host-based authorization are enabled, the client connection succeeds if either authorization succeeds; so enabling both reduces your level of security.
|
Authorization timeout (secs)
|
This option is visible only when User-based authorization is selected.
After all clients have stopped, the MIT-MAGIC-COOKIE-1 cookie created for a session remains valid for the specified duration (in seconds). In most cases, there is no reason to change the default. Because Reflection X Advantage creates a new cookie for each new client started from Reflection X Advantage, this setting has no effect on clients you launch from X Manager. Only clients launched from outside X Manager might use an existing cookie.
|
|