HP-UX 11i December 2004 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

271

272

273

274

275

276

277

278

279

280

Table Of Contents

Internet and Networking Services

Low Bandwidth X Extension (LBX)

Chapter 12

274

The xrx helper program has been added to the /usr/bin/X11 directory. End users

must set up their Web browsers to use this program for files with the rx extension.

2. libxrx.6.3 (the browser plug-in)

The browser plug-in, libxrx.6.3, has been added to the /usr/lib/X11R6 directory.

End users must copy this to their $(HOME)/.netscape/plugins directory (or the

equivalent) so that files with the rx extension are interpreted correctly. In order to

use the plug-in, do not set up the browser to also use the helper program.

Security Extension

The security extension adds the X protocol needed to provide enhanced X server security.

This extension adds the concepts of trusted and untrusted clients. The trust status of a

client is determined by the authorization used at connection setup. All clients using

host-based authorization are considered trusted. Clients using other authorization

protocols may be either trusted or untrusted depending on the data included in the

connection authorization phase.

When a connection identifying an untrusted client is accepted, the client is restricted

from performing certain operations that would steal or modify data that is held by the

server for trusted clients. An untrusted client performing a disallowed operation will

receive protocol errors.

When a client is untrusted, the server will also limit the extensions that are available to

the client. Each X protocol extension is responsible for defining what operations are

permitted to untrusted clients; by default, the entire extension is hidden.

Application Group Extension (XC-APPGROUP)

The application group extension provides new protocol to implement Application Groups

(AppGroups). The AppGroup facility allows other clients to share the

SubstructureRedirect mechanism with the window manager. This allows another

client (called the application group leader) such as a Web browser to intercept a

MapRequest made by a third application and re-parent its window into the Web browser

before the window manager takes control. The AppGroup leader may also limit the

screens and visuals available to the applications in the group.

This extension, along with the Mozilla remote execution plug-in, allows Mozilla to run

programs remotely over the Web with the output appearing in the Web browser display.

The only way for an application to become a member of an AppGroup is by using an

authorization generated using the new security extension. Whenever an application

connects to the server, the authorization that it used to connect is tested to see if it

belongs to an AppGroup. This means that the authorization data must be transmitted to

the remote host where the application will be run. In the case of X, HTTP is used to send

the authorization. Sites that have concerns about sending un-encrypted authorization

data such as MIT-MAGIC-COOKIE-1 via HTTP should configure their Web servers and

Web browsers to use SHTTP or SSL.

SLS/d - Distributed SLS (HP Visualize Center Support)

SLS/d is an extension of the SLS (Single Logical Screen) functionality provided by the X

server that allows the X desktop to span graphics displays that reside on distributed

systems. By distributing the display across several systems, a larger logical array of