Hello,

I posted this question on Apple's X11 mailing list, but couldn't get a solution. I am hoping y'all can give me some tips.

I am having problems getting xhosting to work with Apple's X11. The remote machine can't seem to figure out how to send the display back to my Mac.

Here is what I am doing, step by step:

(connect to VPN server using Cisco's VPN client)

Launch Apple X11

local% xhost +

local% rlogin remote_Sun_machine

remote% setenv DISPLAY address_on_VPN_server

(This sends the display from the Sun machine to the VPN
server, which then sends it to my Mac. This always
worked just fine on OroborOSX.)

remote% acroread &

(Error message: "acroread: Error: Can't open
display...")


Also, I was previously using OroborOSX. I did all the same steps, and it always worked (though slow, since I'm on a dialup). I could run Solaris versions of FrameMaker, Acrobat Exchange, Acrobat Reader, etc., and see and control them from my Mac.

(Pretty nice, since the Solaris machine is in California and I'm in the remote Arizona desert!)

But now with Apple X11, I get these display errors, and just can't get it to work at all.

I did not do any local configuration of my Apple X11 setup -- nothing at all (I am pretty new to X11 and wouldn't know what to change, anyway!). I have the default settings. (I didn't do any configuring of OroborOSX either).


Any help would be greatly appreciated! I am relying on X11 to do essential work tasks remotely, and I'd really like to stick with Apple X11! :)

BTW, I'm using Apple's X11 version 0.2. I am running Jaguar 10.2.4.


Thanks very much,
-Seraphim

As far as I know, you need to:

xhost IP_or_DNS_name_of_sunworkstation

Then once you login to that workstation:

setenv DISPLAY IP_or_DNS_of_localMac:0.0

And then it should display properly from the Sun to your X11 server on the Mac.

OR, you could just ssh into the Sun and use the -X flag (captial X) [ssh -X] and the displays will be negotiated for you.

Hi Yellow,

Thanks for your post.

> As far as I know, you need to:
>
> xhost IP_or_DNS_name_of_sunworkstation

The "xhost +" command basically allows ANY workstation that can see my Mac, to send display to my Mac. So, that shouldn't be an issue. (And using "xhost +" worked just fine with OroborOSX.)

As far as I understand, the main reason one would want to use "xhost IP_or_DNS_name_of_sunworkstation" instead of "xhost +", is for security -- if you're not careful using "xhost +", ANYONE can send display to your Mac, and that is basically a sercurity risk.

But since I'm using VPN, and my Mac is at that point invisible to the Internet, it's not an issue for me.


> Then once you login to that workstation:
>
> setenv DISPLAY IP_or_DNS_of_localMac:0.0
>
> And then it should display properly from the Sun to your
> X11 server on the Mac.

Yes, that is normally what one should do. But it doesn't
work for me, again because of the VPN. The Sun machine
can't see my Mac directly. It only sees the VPN server,
which then relays the connection to the Mac.

Mac ..... VPN_Server ..... Sun_workstation


So, the solution is to tell the Sun_workstation to send the display to the VPN server. I get the correct address with the

who am i

command. I'm not sure why that works -- it's just what the corporate Sysadmin told me to do.

Then, the VPN_server forwards the display to my Mac.

Again, the setup I was using (sending the display to the VPN server) was working fine under OroborOSX. It stopped working when I switched to Apple X11.


> OR, you could just ssh into the Sun and use the -X flag
> (captial X) [ssh -X] and the displays will be negotiated
> for you.

Yes, others have suggested this. But the Sun workstations to which I have access, don't support ssh logins. So I'm limited to rlogin (unless there are yet other choices?) and setting the DISPLAY manually.


Thanks again,
-Seraphim

How old is the Solaris box if it doesn't support ssh? While you might trust others that can see this Sun behind the VPN server, I would never want to be sending my password cleartext with rlogin. Also, you're right, security is important to me. I would never use xhost + :). I'd encourage you to contact your sysadmin and get the ssh daemon running on that Solaris box and kill rsh/rlogin/telnet/ftp. Cleartext baaaad.

I was under the impression that OroborOSX was just a aquafied window manager for XDarwin?

What other suggestions can I offer? Try bagging the beta X11 server and sticking with XDarwin until Apple's X11 is a full release? Not much of a suggestion.

Hi Yellow,

Thanks again for your help.


> How old is the Solaris box if it doesn't support ssh?

> I would never use xhost + . I'd encourage you to contact your
> sysadmin and get the ssh daemon running on that Solaris box and kill
> rsh/rlogin/telnet/ftp. Cleartext baaaad.

The machine is only a year or two old, it's an Ultra 10 running Solaris
7. I just think the sysadmin turned off ssh support. Don't know for
sure. Is there an easy way I can turn it on? (I do have terminal
access to the machine.) I can always ask the sysadmins to do it, but I
don't like asking too many questions since they "don't support Macs"
and I don't want to irk them too much.


> While you might trust others that can see this Sun behind the VPN
> server, I would never want to be sending my password cleartext with
> rlogin.

If I thought there were other employees who were snooping for
passwords, then yes I'd be worried about it too. But it's not really a
concern.


> Also, you're right, security is important to me.

It's important to me, too. Maybe I am just too trusting of my fellow
employees. :)


> I was under the impression that OroborOSX was just a aquafied window
> manager for XDarwin?

Yes, I believe that's correct.


> What other suggestions can I offer? Try bagging the beta X11 server
> and sticking with XDarwin until Apple's X11 is a full release? Not
> much of a suggestion.

:) I like Apple's version better. I wish I could figure out why
it's not working (or whether it's even the Apple X11 at all -- maybe
it's something on the Sun side? Or maybe there's something I need to
put in my .xinit or .cshrc or .login?)


Thanks again,
-Seraphim

Perhaps I'm paranoid, but all it takes is one disgruntled/curious employee with a google search, a download, an install, and a machine capable of sniffing packets..

Paranoia aside, without superuser access/sudo you won't be able to turn ssh on. I'd still try to get them to turn it on, no need to mention that you have a Mac. You're just a XWindows user who is concerned about security who wants to have the display properties properly adujsted for you. :) (BTW, the performance hit that you would take doing this stuff over ssh [encrypted ssh packets over encrypted VPN packets] is small.)

Through our (Cisco) VPN, when I get to the otherside, I am assigned a dynamic IP. When I log into one of our Solaris boxes, I just check what IP I'm coming from and forward the display properties to that IP and it works for me. I'm not as familiar with the hows and whys of VPN to be able to be of much help I guess.

> Perhaps I'm paranoid, but all it takes is one
> disgruntled/curious employee with a google search, a
> download, an install, and a machine capable of sniffing
> packets..

Yes, you're right... And I really should be more careful. These days anything can happen!


> Paranoia aside, without superuser access/sudo you won't
> be able to turn ssh on.

OK, I think I'll ask them about it (on Monday). I'll let you know how it goes.


> (BTW, the performance hit that you would take
> doing this stuff over ssh [encrypted ssh packets over
> encrypted VPN packets] is small.)

That's good, since I'm running this on a 56K modem. :)


> Through our (Cisco) VPN, when I get to the otherside, I
> am assigned a dynamic IP. When I log into one of our
> Solaris boxes, I just check what IP I'm coming from and
> forward the display properties to that IP and it works
> for me.

That's essentially the same thing I'm doing, I suppose. I'm also using Cisco VPN client. After I connect, the "who am i" command gives something like

sll terminal_type (xxxvpn33-5.company.com)

I then set the display to

setenv DISPLAY xxxvpn33-5.company.com:0.0

and that always used to work. But not with Apple X11. I've also tried doing

nslookup xxxvpn33-5.company.com

to get the IP address, and then

setenv DISPLAY IP.IP.IP.IP:0.0

But that doesn't seem to work either.


> I'm not as familiar with the hows and whys of VPN
> to be able to be of much help I guess.

I suspect that it's not a VPN issue per se, but an Apple X11 issue of some kind, since I did have it working under XDarwin/OroborOSX. Maybe there are some other configuration things I forgot to do? Is there anything else you have had to do, to get your Cisco VPN stuff to work?


Thanks again!
-Seraphim

Usually I use ssh -X to take the guesswork out of it. Technology makes us lazy. When you're logged into the Sun, try using the who command. Somewhere in that list should be you and what IP you're connecting from.

A new thought occurs to me (took long enough, eh?), are you using a firewall? Are your X11 ports blocked? 6000-6063/tcp & udp are used by X11 to support remote connections. Is there anything in your local logs?

Unfortunatly, I don't think that you can try using XDarwin without completely reinstalling it. But that would help rule out if it's Apple's X11 or something else. Or am I being a fool and missing that you just moved from XDarwin to X11 and it stopped working?

Well, there are tornado warnings here right now, so I'm going to make myself scarce.

> When you're logged into the Sun, try using the who
> command. Somewhere in that list should be you and what IP
> you're connecting from.

OK, I'll try that.


> are you using a firewall?

Nope, no firewall.


> Is there anything in your local logs?

Where would I look?


> Unfortunatly, I don't think that you can try using
> XDarwin without completely reinstalling it.

Yes, that's what I'm trying to avoid... :)


> But that would help rule out if it's Apple's X11 or
> something else.

Yes, but it's a big hassle to reinstall XDarwin et al. :)


> Well, there are tornado warnings here right now, so I'm
> going to make myself scarce.

Lord have mercy! What do you do, leave town? or hide in the basement? Having come from California, I know how to deal with earthquakes, and now in the Arizona desert, I'm learning to deal with heat, rattlesnakes, and scorpions, but how does one deal with a tornado???


Thanks again for your help!
-Seraphim

/var/log/system.log carries most of the logs that you'd be interested in. You might want to peek at the console log too (just use the console app found in the Utilities directory).