This command is similar to add. The main difference is that instead of requiring the user to supply the key data, it connects to the server specified in displayname and uses the SECURITY extension in order to get the key data to store in the authorization file. If the server cannot be contacted or if it does not support the SECURITY extension, the command fails. Otherwise, an authorization entry for the indicated display using the given protocol is added to the authorization file. A protocol name consisting of just a single period
is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
<snip>
EXAMPLE
The most common use for xauth is to extract the entry for the current display, copy it to another machine, and merge it into the user's authority file on the remote machine:
The following command contacts the server :0 to create an authorization using the MIT-MAGIC-COOKIE-1 protocol. Clients that connect with this authorization will be untrusted.
% xauth generate :0 .
<snip>
BUGS
Users that have unsecure networks should take care to use encrypted file transfer mechanisms to copy authorization entries between machines. Similarly, the MIT-MAGIC-COOKIE-1 protocol is
not very useful in unsecure environments. Sites that are interested in additional security may need to use encrypted authorization mechanisms such as Kerberos.
ok I seem to have made some head way on this & I think this file is definitely created by a bug within xauth:
┌─(t0m5k1@ b0x)-(1221/ pts/1)- (10:59am: 16/05/13) - 14KUKW 2BUBLW 2PZXCW 3MGKKW 3Q8BPW 5GBPSW BPSMTW BY59IW CJI2SW EDXHTW HL66VW N0KDPW X56DPW XG3ENW
└─>(%:~)
└─>> la | grep '.goutputstream-*' && strings .goutputstream-*
-rw------- 1 t0m5k1 users 44 Sep 13 2012 .goutputstream-
-rw------- 1 t0m5k1 users 44 Sep 25 2012 .goutputstream-
-rw------- 1 t0m5k1 users 0 Apr 14 2012 .goutputstream-
-rw------- 1 t0m5k1 users 44 Sep 13 2012 .goutputstream-
-rw------- 1 t0m5k1 users 44 Dec 13 00:01 .goutputstream-
-rw------- 1 t0m5k1 users 44 Feb 28 15:55 .goutputstream-
-rw------- 1 t0m5k1 users 44 Mar 9 01:15 .goutputstream-
-rw------- 1 t0m5k1 users 44 Aug 29 2012 .goutputstream-
-rw------- 1 t0m5k1 users 44 Feb 19 23:55 .goutputstream-
-rw------- 1 t0m5k1 users 44 Mar 3 00:30 .goutputstream-
-rw------- 1 t0m5k1 users 44 Apr 20 15:05 .goutputstream-
-rw------- 1 t0m5k1 users 44 Dec 15 11:08 .goutputstream-
-rw------- 1 t0m5k1 users 44 Dec 15 11:20 .goutputstream-
-rw------- 1 t0m5k1 users 44 Nov 4 2012 .goutputstream-
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MTVG
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
MIT-MAGIC-COOKIE-1
┌─(t0m5k1@ b0x)-(1223/ pts/1)- (11:02am: 16/05/13) -
[timeout seconds] [group group-id] [data hexdata]
└─>(%:~)
└─>> man xauth
<snip>
generate displayname protocolname [trusted|untrusted]
This command is similar to add. The main difference is that instead of requiring the user to supply the key data, it connects to the server specified in displayname and uses the
SECURITY extension in order to get the key data to store in the authorization file. If the server cannot be contacted or if it does not support the SECURITY extension, the command
fails. Otherwise, an authorization entry for the indicated display using the given protocol is added to the authorization file. A protocol name consisting of just a single period
is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
<snip>
EXAMPLE
The most common use for xauth is to extract the entry for the current display, copy it to another machine, and merge it into the user's authority file on the remote machine:
% xauth extract - $DISPLAY | ssh otherhost xauth merge -
The following command contacts the server :0 to create an authorization using the MIT-MAGIC-COOKIE-1 protocol. Clients that connect with this authorization will be untrusted.
% xauth generate :0 .
<snip>
BUGS
Users that have unsecure networks should take care to use encrypted file transfer mechanisms to copy authorization entries between machines. Similarly, the MIT-MAGIC-COOKIE-1 protocol is
not very useful in unsecure environments. Sites that are interested in additional security may need to use encrypted authorization mechanisms such as Kerberos.