Brook Milligan writes:
   > See patch below.  Note that this patch also puts the auth files under
   > /var/spool/xdm,

   > Note that the authfiles could be put in /var/run, but the necessary
   > subdirectories must be created fresh in the rc scripts since that
   > directory is cleaned out on bootup.  /var/log is another option, but
   > it didn't seem particularly appropriate to me as these are not really
   > logs.

   They aren't really "spool files" either. "spool" is really for things
   like the mail queue, print queue, etc. Perhaps someone could suggest a
   better directory for them? What are the auth files, precisely?

You are generally correct in that.  My only reasoning for choosing
/var/spool was that these are sort of like lock files, which are in
/var/spool but aren't spool files like those you mention above.

I just wasn't quite sure where to put them, actually, so any
suggestions are welcome.

Perhaps to guide some ideas, here are the relevant (I hope) man page
sections:

xdm(1):

       DisplayManager.authDir
              This  names  a  directory  under  which  xdm stores
              authorization files while initializing the session.
              The  default  value is <XRoot>/lib/X11/xdm.  Can be
              overridden for  specific  displays  by  DisplayMan
              ager.DISPLAY.authFile.

       DisplayManager.DISPLAY.authFile
              This file is used to communicate the  authorization
              data from xdm to the server, using the -auth server
              command line option.  It should be kept in a direc
              tory which is not world-writable as it could easily
              be removed, disabling the  authorization  mechanism
              in  the server.  If not specified, a name is gener
              ated from DisplayManager.authDir and  the  name  of
              the display.

Xserver(1):

       -auth authorization-file
               Specifies a file which contains  a  collection  of
               authorization records used to authenticate access.
               See also the xdm and Xsecurity manual pages.

Xsecurity(1):

       The  X server (when running on a workstation) reads autho
       rization information from a file name passed on  the  com
       mand  line  with  the -auth option (see the Xserver manual
       page).  The authorization entries in the file are used  to
       control  access  to the server.  In each of the authoriza
       tion schemes listed above, the data needed by  the  server
       to  initialize an authorization scheme is identical to the
       data needed by the  client  to  generate  the  appropriate
       authorization information, so the same file can be used by
       both processes.  This is especially useful when  xinit  is
       used.

   > 	mkdir -p /var/spool/xdm/authdir/authfiles
   > 	chmod 700 /var/spool/xdm/authdir /var/spool/xdm/authdir/authfiles

   The right way to create this is by modifying the NetBSD mtree
   file. Once we have settled on the exact location, do you suppose you
   could send a patch for that as well? (It speeds up the patching
   process. :)

No problem.

Cheers,
Brook