iceauth

iceauth [ -f authority_file ] [ command [ arg ... ] ]

Commands include:
add displayname protocolname authtype authdata
remove displayname protocolname
list
extract filename displayname ...
merge filename ...
generate protocolname authtype [options]
source filename
exit
quit
help
info

-f authority_file
    Specifies the authority file to be used instead of the default ~/.ICEauthority.

add displayname protocolname authtype authdata
    Adds a new authentication entry to the authority file. displayname is the display (e.g., hostname:0), protocolname is the ICE protocol (e.g., MIT-MAGIC-COOKIE-1), authtype is the authentication type, and authdata is the hexadecimal string representing the authentication data.

remove displayname protocolname
    Removes a specific authentication entry matching the provided displayname and protocolname.

list
    Lists all authentication entries currently stored in the authority file.

extract filename displayname ...
    Extracts specified authentication entries into a new authority file named filename. One or more displaynames must be provided.

merge filename ...
    Merges authentication entries from one or more specified filenames into the current authority file.

generate protocolname authtype [options]
    Generates a new authentication entry for a given protocolname and authtype. Optional options include trusted, untrusted, and timeout timeout_in_seconds.

source filename
    Reads and executes iceauth commands from the specified filename.

exit
    Exits the iceauth program (interactive mode).

quit
    An alias for the exit command.

help
    Displays a summary of iceauth commands and usage.

info
    Displays information about the server's ICE security extension, if available.

iceauth is a utility used to manage authentication information for the Inter-Client Exchange (ICE) protocol. The ICE protocol provides a framework for building distributed applications and is utilized by various X Window System components and extensions, such as the X Display Manager Control Protocol (XDMCP).

Similar in purpose to xauth for X authority files, iceauth specifically handles ICEauthority files, typically located at ~/.ICEauthority. These files contain authentication credentials that ICE-aware applications use to establish secure connections.

The command allows users to perform various operations, including adding new authentication entries, removing existing ones, listing the contents of an authority file, extracting specific entries into a new file, and merging entries from multiple files. It can also generate new authentication data. Proper management of these authority files is crucial for ensuring secure and authorized access for applications communicating via the ICE protocol.

ICE authority files contain sensitive authentication data. Incorrect permissions or misuse of iceauth can lead to security vulnerabilities, allowing unauthorized access to ICE services. It is crucial to protect these files with appropriate file system permissions. While iceauth is a powerful tool, it is generally used for specific X Window System configuration or troubleshooting tasks, often by administrators or scripts, rather than everyday end-user interaction. The generate command's effectiveness can depend on the specific ICE implementation and the X server's capabilities.

By default, iceauth operates on the .ICEauthority file located in the user's home directory (~/.ICEauthority). This file stores the authentication credentials for various ICE connections.

If no command is specified on the command line, iceauth enters an interactive mode, presenting a prompt where users can type commands one by one.

The authdata argument for the add command, and similarly the data managed by iceauth, is typically provided and stored as a hexadecimal string.

iceauth is a long-standing utility within the X.Org project, typically distributed as part of the xorg-x11-apps package. Its origins trace back to the development of the Inter-Client Exchange (ICE) protocol, which was introduced to standardize communication between clients and servers in distributed X environments. The command's functionality has remained largely stable over many years, reflecting the mature and relatively unchanged nature of the underlying ICE protocol. It continues to be an essential tool for managing authentication within complex X Window System setups.

xauth(1), xdm(1), startx(1), X(7), ice(7)