[cups.bugs] [HIGH] STR #3763: local cups does not pass kerberos credentials to remote cups for auth
sexynaya2010 at hotmail.com
Fri Dec 31 06:50:01 PST 2010
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
I originally posted this on the mailing list and was instructed to file a
I'm trying to print to a printer on a remote cups queue with kerberos,
using my local queue's "browse" function.
On the server with the printer attached, I have the relevant info in the
<Limit Create-Job Print-Job Print-URI>
Require user matt
On my client laptop, if I connect to the remote queue directly, (eg. by
adding "ServerName remoteserver:631" in the clients.conf file), the print
jobs properly authenticate with kerberos and all is well.
However, if I try to print using my local cups which discovers the remote
printer automatically using the browse function, the following occurs:
1. system-config-printer opens up a basic authentication dialog asking for
a user name and password (which makes no sense because it's not using basic
auth): http://imgur.com/Hd7gO.png <-screenshot
2. regardless of what information I enter into the first dialog, a second
dialog opens asking for a password only for auth type negotiate, which
also doesn't make sense: http://imgur.com/QnjL6.png <-screenshot
While it does work if I connect to the remote server directly, but that's
inconvenient to do on a print job by print job basis.
I use Fedora 14 and have cups-1.4.4-11,
The client has delegation rights from the KDC, and DNS is working fine
(and also kerberos)
On the mailing list, Michael Sweet said "for some reason the Send-Document
operation is getting stale credentials and thinks this is a replay attack."
Thank you for your time, and keep up the good work :)
More information about the cups-devel