[cups.development] [RFE] STR #3174: Username/password combination saved in plain text in /etc/cups/printers.conf
Michael Sweet
msweet at apple.com
Tue Apr 28 13:50:36 PDT 2009
[STR Closed w/o Resolution]
[For future reference, we do not consider this to be a security issue...]
Hardcoding usernames and passwords has never been recommended, but we
restrict the permissions on the printers.conf file and sanitize the
device-uri that is returned by Get-Printer-Attributes and passed in
argv[0] to the backends to minimize exposure for users that chose to go
this route.
The recommended solution is to use forwarded credentials, either via
Kerberos or regular username/password information passed with the print
request. IIRC, the Red Hat print status monitor supports this mechanism
and uses the GNOME keyring to remember the necessary authentication
information as needed.
Storing system-wide password information in a user keyring will never
happen.
Link: http://www.cups.org/str.php?L3174
Version: -feature
Fix Version: Will Not Fix
More information about the cups-devel
mailing list