[cups.bugs] SSL by default
Johannes Meixner
jsmeix at suse.de
Wed Feb 8 05:56:36 PST 2006
Hello Michael,
On Feb 8 08:13 Michael Sweet wrote (shortened):
> Johannes Meixner wrote:
> > Even "digest" authentication is actually not more secure, see
> > in the "CUPS Software Administrators Manual" the sections
> > "Using Basic Authentication" and "Using Digest Authentication".
>
> Yeah, I know, I wrote that part of the documentation... :)
I know, I know - it was of course not meant for you
but for others who may follow the thread and to make clear
from where I got all my knowledge about CUPS ;-)
> > - If there are already certificates on a system (e.g. really
> > signed certificates), they cannot be directly used by
> > the cupsd via something like
> > ServerCertificate /etc/ssl/servercerts/servercert.pem
> > ServerKey /etc/ssl/servercerts/serverkey.pem
> > because the cupsd (at least in CUPS 1.1) would brutally
> > change owner, group and permissions of those files
> > so that other services can no longer use them.
>
> This has been changed in CUPS 1.2 - if the files are not under
> /etc/cups (or whatever ServerRoot is set to), then the permissions
> are not changed.
Great!
This means that CUPS 1.2 is perfectly prepared to have SSL enabled
by default!
> (brutally? :)
I wrote brutally because cupsd (in 1.1) does such changes
even for files which are not in ServerRoot (i.e. which
could be regarded to be not directly cupsd's private files).
Kind Regards,
Johannes Meixner
--
SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix at suse.de
90409 Nuernberg, Germany WWW: http://www.suse.de/
More information about the cups-devel
mailing list