[wiki:MIT-MAGIC-COOKIE-1] is much more secure authentication protocol than HostBasedAuthentication: it uses private tokens to authenicate clients trying to access X server: token is bound to the X server and vaild only during one session.

Authentication tokens are generated at server startup and stored at
`.Xauthority` file in user home directory. Any X application trying to
access the display reads authentication token corresponding to
the display from this file (or from the file variable XAUTHORITY
points to if this variable exists) and passes this token to the
server.

`xauth` program is designed to manipulate authentication tokens. Two
most interesting for us commands of xauth are

||`xauth nextract`||extracts the authentication token from `.Xauthority` file.||
||`xauth nmerge`||adds the authentication token, extracted by `nextract`, to the `.Xauthority` file||

('n' here means 'numeric format' as opposed to the 'binary': numeric format contains only printable symbols).

You also can list installed to the `.Xauthority` authentication tokens by using `xauth nlist`.

Example configuration is the same as in HostBasedAuthentication: `host1` runs `x2x` and wants to control display on `host2`.

On the host2:
{{{
host2% echo $DISPLAY
:0.0
host2% xauth nextract - :0.0
<here goes the authentication token>
host2%
}}}

On the host1:
{{{
host1% xauth nmerge -
<here the paste of the authentication token above>
host1% x2x -to host2:0
}}}

This authentication method is a bit more complicated than host-based,
but much more secure, and you should prefer it unless you know exactly
what are you doing.