Thursday, 9 May 2013

PuTTY X11 proxy: wrong authentication protocol attempted

OK, here's the scenario

[root@oradb ~]# xhost +
access control disabled, clients can connect from any host
[root@oradb ~]# su - oracle
[oracle@oradb:-/home/oracle]$ echo $DISPLAY
[oracle@oradb:-/home/oracle]$ xclock
PuTTY X11 proxy: wrong authentication protocol attemptedError: Can't open display: localhost:10.0
[oracle@oradb:-/home/oracle]$ xauth list
xauth:  creating new authority file /home/oracle/.Xauthority
[oracle@oradb:-/home/oracle]$ exit

The first xterm executed as root, works just fine sending its display back to the client. In this case using PuTTY. However once you've switched to the Oracle user this fails. This is because the oracle xterm is seen as a different session that hasn't been authenticated. The simplest way to resolve this is to transfer the session keys from your own session to the oracle session

[root@oradb ~]# xauth list
oradb.localdomain:2  MIT-MAGIC-COOKIE-1  a13838db54c2163896acc1923d58bb32
oradb.localdomain/unix:2  MIT-MAGIC-COOKIE-1  a13838db54c2163896acc1923d58bb32
oradb.localdomain/unix:10  MIT-MAGIC-COOKIE-1  53915d0abbf1508e63d1b967311561b0

[root@oradb ~]# su - oracle

[oracle@oradb:-/home/oracle]$ xauth add oradb.localdomain/unix:10  MIT-MAGIC-COOKIE-1  53915d0abbf1508e63d1b967311561b0
xauth:  creating new authority file /home/oracle/.Xauthority

[oracle@oradb:-/home/oracle]$ xclock
Warning: Missing charsets in String to FontSet conversion

No comments: