[cups.bugs] [MOD] STR #2783: Multiple Kerberised CUPS servers on one host
Richard Fuller
rpfuller-cups at cs.york.ac.uk
Thu Apr 3 09:53:54 PDT 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
If you have two CUPS servers on one machine, notionally (*) on different IP
addresses, only the one on the IP address corresponding to the hostname of
the machine works. Say you have cupsa, 192.168.0.1 and cupsb, 192.168.0.2,
on the host cupsa. When a client talks to cupsa it will use the ipp/cupsa
principal, and when it talks to cupsb it will use the ipp/cupsb principal.
However, both CUPS servers will use the ipp/cupsa principal, so Kerberos
authentication fails when talking to cupsb.
As far as I can see, the attached patch resolves this issue, by using the
hostname of the IP address that the client connected to. Seems to work
fine, I'll do some more in depth testing tomorrow.
* - You can't really bind a CUPS server to an IP address, but can use
different ports and some iptables tricks. You can ignore that if you
prefer, and consider the case of a machine with two IP addresses and one
CUPS server, clients will expect the principal used to match the IP
address they are connecting to.
Link: http://www.cups.org/str.php?L2783
Version: 1.3.7
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: multiple-kerberised-cupsds.patch
URL: <http://lists.cups.org/pipermail/cups-devel/attachments/20080403/a50b4e95/attachment.ksh>
More information about the cups-devel
mailing list