[cups.general] Confusion about configuring network access to the webinterface

Marcos Otero Garcia marcos at oterogarcia.de
Tue Jun 29 06:08:07 PDT 2004 

Hello,

I'm new to this list and I've got questions concerning the
authentication options in the <Location> directive in the cupsd.conf.

I'm running a debian woody on an x86. Here is a snapshot of the related
package-versions.

 > litho:~# apt-show-versions | grep cups
 > libcupsys2-dev/stable uptodate 1.1.14-5
 > cupsys-pstoraster/stable uptodate 1.1.14-5
 > cupsys-driver-gimpprint/stable uptodate 4.2.0-4
 > cupsys-client/stable uptodate 1.1.14-5
 > libcupsys2/stable uptodate 1.1.14-5
 > cupsys/stable uptodate 1.1.14-5
 > cupsys-bsd/stable uptodate 1.1.14-5

The Software Administrators Manual available at cups.org explains the
the <Location> directive as follows:
 > Note that more specific resources override the less specific ones.
 > So the directives inside the /printers/name location will override
 > ones from /printers. Directives inside /printers will override
 > ones from /.   None of the directives are inherited.

Does this realy mean that the ACLs and authentication methods specified
in /printers/XYZ overide the ones in /printers or /?

I've experienced a different behaviour. If I strength the access control
in / it applies to /printers/ and /printers/XYZ too. But if I apply
softer rules to /printers/XYZ than to /printers or / it seems like they
are not recognized by the daemon.

E.g.:
 > <Location />
 > AuthType Basic
 > AuthClass User
 > Order Deny,Allow
 > Deny From All
 > Allow From 127.0.0.1
 > Allow From XXX.XXX.XXX.XXX
 > </Location>
 > <Location /printers>
 > AuthType None
 > AuthClass Anonymous
 > Order Deny,Allow
 > Deny From All
 > Allow From 127.0.0.1
 > Allow From XXX.XXX.XXX.XXX
 > </Location>

In this case the /printers section performs equal access control like in
/ instead of behaving like specified in the <Location /printers> directive.

My aim is too require authentication on the webinterface but printing
(i.e. /printers or /printers/XYZ) should be allowed without user
authentication (only host-based access control).

Does anyone can make things clear to me.
Thanks in advance.

Marcos from Hamburg

More information about the cups mailing list