Skip to content

Security tab

How do I get to this dialog box?

From X Manager or X Manager for Domains or the X Administrative Console

  1. (Administrative Console only) Click the Domain Definitions tab.

  2. In the left pane, select an existing session definition or click next to Sessions Definitions to create a new one.

  3. In the Session Definition pane on the right, click the Security tab.

The options are:

Option Description
Allow remote IP connections When cleared, only local X clients can connect to Reflection X. Client connectors set up a listening socket only on the local loopback interface.


When you connect to a client using Secure Shell as the connection method (the default), the X11 data is forwarded to Reflection X from a local port. This means that, for Secure Shell clients, you can clear Allow remote IP connections to help ensure access only from clients running on authenticated hosts.

A client connector accepts incoming connection requests from X clients and forwards X protocol requests received from the X client to the protocol router. The client connector also receives X protocol replies, events, and errors from the protocol router and forwards these to the appropriate X client.
Host-based authorization When this option is selected, clients that use this session will be able to connect only to the hosts you include in the Authorized Hosts list.
Authorized Hosts This option is visible when Host-based authorization is selected.
To create or edit the Authorized Hosts list, type host names in the text box, separating each name by new lines, spaces, commas or semi-colons.
User-based authorization When selected, clients are allowed to run only if they can be verified using MIT-MAGIC-COOKIE-1 authorization.
Notes: To edit the xauth command that Reflection X uses to put an MIT cookie in the user's .XAuthority file, go to the client definition pane; under Connection method click Advanced.
If both user-based and host-based authorization are enabled, the client connection succeeds if either authorization succeeds; so enabling both reduces your level of security.
Authorization timeout (secs) This option is visible only when User-based authorization is selected. After all clients have stopped, the MIT-MAGIC-COOKIE-1 cookie created for a session remains valid for the specified duration (in seconds). In most cases, there is no reason to change the default. Because Reflection X creates a new cookie for each new client started from Reflection X, this setting has no effect on clients you launch from X Manager. Only clients launched from outside X Manager might use an existing cookie.
Back to top