Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)
Image of Operating System Concepts
Image of Modern Operating Systems (3rd Edition)
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)

Could not update .ICEauthority

Today I hit the Could not update .ICEauthority /home//.ICEauthority error message when I rebooted one of my Fedora 15 systems and attempted to login.

The fix is trivial. Login on a virtual terminal or via SSH, become root and execute:

chmod -R  /home/
rm /var/lib/gdm/.ICEauthority*

Typically this problem occurs when your .ICEauthority file is no longer owned by you because you ran some graphical applications as sudo root.

So what is the .ICEauthority file and what is its purpose? Basically ICE is a acronym for the Inter-Client Exchange protocol which is an inter process communication protocol with authentication, protocol negotiation and potentially multiplexing built in.

ICE protocol provides a generic framework for building protocols on top of reliable, byte-stream transport connections. It provides basic mechanisms for setting up and shutting down connections, for performing authentication, for negotiating versions, and for reporting errors. The protocols running within an ICE connection are referred to here as subprotocols. ICE provides facilities for each subprotocol to do its own version negotiation, authentication, and error reporting. In addition, if two parties are communicating using several different subprotocols, ICE will allow them to share the same transport layer connection.

Through some mechanism outside ICE, two parties make themselves known to each other and agree that they would like to communicate using an ICE subprotocol. ICE assumes that this negotiation includes some notion by which the parties will decide which is the originating party and which is the answering party. The negotiation will also need to provide the originating party with a name or address of the answering party. Examples of mechanisms by which parties can make themselves known to each other are the X selection mechanism, environment variables and shared files.

The originating party first determines whether there is an existing ICE connection between the two parties. If there is, it can re-use the existing connection and move directly to the setup of the subprotocol. If no ICE connection exists, the originating party will open a transport connection to the answering party and will start ICE connection setup.

The .ICEAuthority file is for authentication. It contains a number of random cookies. If two programs have the same cookie, then they’re allowed to talk to each other. In practice this either means that they’re reading the same .ICEAuthority file, or the cookies have been added. It is similar to the .Xauthority file, except that .ICEAuthority is used for client to client communications whereas .Xauthority is for client to server.

1 comment to Could not update .ICEauthority