external X clients cannot open display; maybe need Xorg's SECURITY extension?

[rmrichesjr]

External X clients cannot connect to my TinyCore display, even after I have exported an xauth key and have run "xhosts +$host" and "xhosts +".  The error message from the X client is "Error: Can't open display: t2.localnet:0"  X clients running on the TinyCore machine t2.localnet connect fine.  SSH tunneling is not an option, because I'm trying to get better performance than the 1-2% slower than real time I get with optimized VNC when running full-motion 1080p video at 1920x1080 in mplayer.  I'm wondering whether I need to enable or load Xorg's SECURITY extension to get external X clients to connect, but I don't see a .so file for it.

Any suggestions?  Thanks in advance.

More details: The TinyCore machine will be a PXE-booted zero-client X terminal on a physically private network hung off the second NIC of the machine that runs the X clients.  The firewall on the big machine's second NIC is wide open, and there are no rejected packets in either direction.  TinyCore is running with Xorg-7.5, xorg-7.5-3d, 915resolution, graphics-3.0.3-tinycore, and their deps.  In order to run X on TinyCore at 1920x1200, I have to boot to text mode and then run startx as root from bootlocal.sh.  If I run startx as user tc, it does 1600x1200, not 1920x1200--don't know why.  TinyCore is running on an i3 540 processor with integrated graphics on an Asus P7H55-M motherboard if that matters.

[maro]

What is your X server startup line and are you sure that your server is actually listening to network request?

Because in my test case (Xorg-7.5 on TC 4.1) I'm getting:

Code: (bash) [Select]

tc@box:~$ head -1 ~/.xsession
/usr/local/bin/Xorg -nolisten tcp &
tc@box:~$ netstat -ant 2> /dev/null
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tc@box:~$
Please note that the '-nolisten tcp' option is the default also used for the 'Xvesa' default X server, so no surprises here from my POV.

[rmrichesjr]

Bingo!  That was it.  The '-nolisten tcp' option was indeed set in .xsession.  However, home directory .xsession files do not exist in the initrd image but are created at run time.  A little sleuthing found that /usr/bin/startx calls /usr/bin/xsetup.sh, which writes a user's .xsession file.  Putting a manually generated /home/tc/.xsession into the initrd seems to have made much progress when combined with a fix to /etc/sysconfig/Xerver:

Something in the init scripts were creating /etc/sysconfig/Xserver with Xvesa in it.  Fixing that has allowed me to change things so I can have user tc rather than root running everything.  That will be good for security, even in the protected private physical network environment.  I owe you double thanks, and, maro, I agree with your designation as 'Hero Member'!

Now, I have user tc running Xorg with no '-nolisten tcp' option, and Xorg is listening to port 6000 on the network.  That gives a different result.  Unfortunately, now, I get this:

Invalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyInvalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: t2.localnet:0

I tried using both xauth nextract/nmerge and xauth list/add.  I verified that 'xauth list' gives the same output on both the TinyCore X server system and the system that runs the X clients.  I may be able to solve that wrinkle with some Googling, but any further suggestions on that point would be gratefully received.

Thank you again.

[rmrichesjr]

Invalid key problems solved: I had forgotten to do xhost again.  Now, I'm able to open X clients over the network.  Now, to test mplayer speed...

Thank you, maro, again!