[cups.bugs] [HIGH] STR #3763: local cups does not pass kerberos credentials to remote cups for auth
richard cummings
sexynaya2010 at hotmail.com
Fri Dec 31 06:50:01 PST 2010
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
I originally posted this on the mailing list and was instructed to file a
bug :)
I'm trying to print to a printer on a remote cups queue with kerberos,
using my local queue's "browse" function.
On the server with the printer attached, I have the relevant info in the
config files:
--->in /etc/cups/printers.conf:
<Printer Officejet_6000_E609n>
AuthInfoRequired negotiate
--->in /etc/cups/cupsd.conf:
<Policy default>
<Limit Create-Job Print-Job Print-URI>
AuthType Negotiate
Require user matt
On my client laptop, if I connect to the remote queue directly, (eg. by
adding "ServerName remoteserver:631" in the clients.conf file), the print
jobs properly authenticate with kerberos and all is well.
However, if I try to print using my local cups which discovers the remote
printer automatically using the browse function, the following occurs:
1. system-config-printer opens up a basic authentication dialog asking for
a user name and password (which makes no sense because it's not using basic
auth): http://imgur.com/Hd7gO.png <-screenshot
2. regardless of what information I enter into the first dialog, a second
dialog opens asking for a password only for auth type negotiate, which
also doesn't make sense: http://imgur.com/QnjL6.png <-screenshot
While it does work if I connect to the remote server directly, but that's
inconvenient to do on a print job by print job basis.
I use Fedora 14 and have cups-1.4.4-11,
krb5-libs-1.8.3-9,
kernel-2.6.37-0.rc7.git0.2
The client has delegation rights from the KDC, and DNS is working fine
(and also kerberos)
On the mailing list, Michael Sweet said "for some reason the Send-Document
operation is getting stale credentials and thinks this is a replay attack."
Thank you for your time, and keep up the good work :)
Link: http://www.cups.org/str.php?L3763
Version: 1.4.4
More information about the cups-devel
mailing list