Comment 17 for bug 328575

What I'm saying is basically that whenever xauth is forwarded to another user, the dbus auth needs to also be forwarded. These two should never be out of sync.

If not wanting to hack su or pam or whatever, one approach is to add an X-based auth mechanism to dbus (store a cookie on the X root window or something like that).

Adding crazy hacks here is probably going to end in tears. The only sane model is that the session is defined by dbus and X, and 1 bus goes with 1 X server ...