Security tab
How do I get to this dialog box?
From X Manager or X Manager for Domains or the X Administrative Console
-
(Administrative Console only) Click the Domain Definitions tab.
-
In the left pane, select an existing session definition or click
next to Sessions Definitions to create a new one. -
In the Session Definition pane on the right, click the Security tab.
The options are:
| Option | Description |
|---|---|
| Allow remote IP connections | When cleared, only local X clients can connect to Reflection X. Client connectors set up a listening socket only on the local loopback interface. Notes: When you connect to a client using Secure Shell as the connection method (the default), the X11 data is forwarded to Reflection X from a local port. This means that, for Secure Shell clients, you can clear Allow remote IP connections to help ensure access only from clients running on authenticated hosts. A client connector accepts incoming connection requests from X clients and forwards X protocol requests received from the X client to the protocol router. The client connector also receives X protocol replies, events, and errors from the protocol router and forwards these to the appropriate X client. |
| Host-based authorization | When this option is selected, clients that use this session will be able to connect only to the hosts you include in the Authorized Hosts list. |
| Authorized Hosts | This option is visible when Host-based authorization is selected. |
| To create or edit the Authorized Hosts list, type host names in the text box, separating each name by new lines, spaces, commas or semi-colons. | |
| User-based authorization | When selected, clients are allowed to run only if they can be verified using MIT-MAGIC-COOKIE-1 authorization. |
| Notes: To edit the xauth command that Reflection X uses to put an MIT cookie in the user's .XAuthority file, go to the client definition pane; under Connection method click Advanced. | |
| If both user-based and host-based authorization are enabled, the client connection succeeds if either authorization succeeds; so enabling both reduces your level of security. | |
| Authorization timeout (secs) | This option is visible only when User-based authorization is selected. After all clients have stopped, the MIT-MAGIC-COOKIE-1 cookie created for a session remains valid for the specified duration (in seconds). In most cases, there is no reason to change the default. Because Reflection X creates a new cookie for each new client started from Reflection X, this setting has no effect on clients you launch from X Manager. Only clients launched from outside X Manager might use an existing cookie. |