[cups.bugs] [HIGH] STR #2670: Kerberos Authentification with /etc/cups/printers.conf and Allow User parameter
petit
patrice.petit at cea.fr
Tue Jan 15 13:59:44 PST 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
I use "AuthType Negociate" with cups 1.3.3 and I can connect with firefox
or lpstat to my cups server without problems. For example, I can add a
printer or modify printer configuration with my "ppetit at MYREALM" account,
because of parameter "require user ppetit" in cupsd.conf.
Although, if I want protect access to my printers, I have to indicate
logins with the format "login at KDC" with parameter "Allow User" in
/etc/cups/printers.conf.
For example, in /etc/cups/printers.conf for any printer :
Allow user ppetit at MYREALM john at MYREALM ...
If I want to use a unix group, it doesn't work.
For example :
If /etc/group contains "admins:*:ppetit", "Allow user @admins" doesn't
work.
If /etc/group contains "admins:*:ppetit at MYREALM", "Allow user @admins"
works. But It's not standard.
If I read the sources, scheduler/auth.c or scheduler/quota.c contains :
/*
* Strip any @domain or @KDC from the username and owner...
*/
if ((ptr = strchr(username, '@')) != NULL)
*ptr = '\0';
But, ipp.c and user_allowed function doesn't contain theses instructions.
I think It is not normal.
What do you think about ?
Thank you.
Excuse me for my bad english.
Link: http://www.cups.org/str.php?L2670
Version: 1.3.3
More information about the cups-devel
mailing list