iceauth
Manage X server authorization files
SYNOPSIS
iceauth [ -f authority_file ] [ command [ arg ... ] ]
Commands include:
add displayname protocolname authtype authdata
remove displayname protocolname
list
extract filename displayname ...
merge filename ...
generate protocolname authtype [options]
source filename
exit
quit
help
info
PARAMETERS
-f authority_file
Specifies the authority file to be used instead of the default ~/.ICEauthority.
add displayname protocolname authtype authdata
Adds a new authentication entry to the authority file. displayname is the display (e.g., hostname:0), protocolname is the ICE protocol (e.g., MIT-MAGIC-COOKIE-1), authtype is the authentication type, and authdata is the hexadecimal string representing the authentication data.
remove displayname protocolname
Removes a specific authentication entry matching the provided displayname and protocolname.
list
Lists all authentication entries currently stored in the authority file.
extract filename displayname ...
Extracts specified authentication entries into a new authority file named filename. One or more displaynames must be provided.
merge filename ...
Merges authentication entries from one or more specified filenames into the current authority file.
generate protocolname authtype [options]
Generates a new authentication entry for a given protocolname and authtype. Optional options include trusted, untrusted, and timeout timeout_in_seconds.
source filename
Reads and executes iceauth commands from the specified filename.
exit
Exits the iceauth program (interactive mode).
quit
An alias for the exit command.
help
Displays a summary of iceauth commands and usage.
info
Displays information about the server's ICE security extension, if available.
DESCRIPTION
iceauth is a utility used to manage authentication information for the Inter-Client Exchange (ICE) protocol. The ICE protocol provides a framework for building distributed applications and is utilized by various X Window System components and extensions, such as the X Display Manager Control Protocol (XDMCP).
Similar in purpose to xauth for X authority files, iceauth specifically handles ICEauthority files, typically located at ~/.ICEauthority. These files contain authentication credentials that ICE-aware applications use to establish secure connections.
The command allows users to perform various operations, including adding new authentication entries, removing existing ones, listing the contents of an authority file, extracting specific entries into a new file, and merging entries from multiple files. It can also generate new authentication data. Proper management of these authority files is crucial for ensuring secure and authorized access for applications communicating via the ICE protocol.
CAVEATS
ICE authority files contain sensitive authentication data. Incorrect permissions or misuse of iceauth can lead to security vulnerabilities, allowing unauthorized access to ICE services. It is crucial to protect these files with appropriate file system permissions. While iceauth is a powerful tool, it is generally used for specific X Window System configuration or troubleshooting tasks, often by administrators or scripts, rather than everyday end-user interaction. The generate command's effectiveness can depend on the specific ICE implementation and the X server's capabilities.
DEFAULT AUTHORITY FILE
By default, iceauth operates on the .ICEauthority file located in the user's home directory (~/.ICEauthority). This file stores the authentication credentials for various ICE connections.
INTERACTIVE MODE
If no command is specified on the command line, iceauth enters an interactive mode, presenting a prompt where users can type commands one by one.
AUTHENTICATION DATA FORMAT
The authdata argument for the add command, and similarly the data managed by iceauth, is typically provided and stored as a hexadecimal string.
HISTORY
iceauth is a long-standing utility within the X.Org project, typically distributed as part of the xorg-x11-apps package. Its origins trace back to the development of the Inter-Client Exchange (ICE) protocol, which was introduced to standardize communication between clients and servers in distributed X environments. The command's functionality has remained largely stable over many years, reflecting the mature and relatively unchanged nature of the underlying ICE protocol. It continues to be an essential tool for managing authentication within complex X Window System setups.