Home

Xauthority

Xauthority refers to the authentication mechanism used by the X Window System to control access to an X server. It is commonly associated with the per-user file called at ~/.Xauthority, which stores authorization records that permit X clients to connect to the user’s display. When an X client starts, it must present a valid authorization cookie; the X server checks the cookie against the records in the Xauthority file. The most widely used scheme is MIT-MAGIC-COOKIE-1, though other schemes such as XDM-AUTHORIZATION-1 exist. The cookies are managed by the xauth program, which can display, merge, or extract cookies, and is used by login and session startup processes to populate the file.

Location and format: The file is usually located at ~/.Xauthority in the user’s home directory, or at

SSH and X11 forwarding: When SSH X11 forwarding is enabled, the system manages a temporary cookie for

Security considerations: Access to the Xauthority file should be restricted; insecure permissions can allow another user

a
location
specified
by
the
XAUTHORITY
environment
variable.
It
is
a
binary
database
rather
than
a
human-readable
text
file.
xauth
can
present
its
contents
in
a
readable
form
with
commands
like
xauth
list.
Each
entry
associates
a
display
name
with
a
protocol
and
a
cookie
value,
enabling
the
X
server
to
validate
connecting
clients.
the
forwarded
display.
The
cookie
is
distributed
between
the
local
and
remote
sides
so
that
remote
X
clients
can
display
on
the
local
server
without
exposing
credentials
more
than
necessary.
This
mechanism
relies
on
the
same
Xauthority
framework
to
maintain
trust
boundaries.
to
impersonate
the
owner
on
the
X
server.
Typical
protections
include
restricting
the
file
to
the
owner
(and
the
directory)
and
using
SSH
X11
forwarding
for
remote
access.