[cups.general] Refused Connection from

Klaus Singvogel kssingvo at suse.de
Wed Sep 29 02:09:28 PDT 2004


Please read this:
http://portal.suse.com/sdb/en/2003/09/jsmeix_print-einrichten-90.html

especially "Generalized Functionality for BrowseAllow and BrowseDeny".

Regards,
	Klaus.

Christoph Litauer wrote:
> Env: SuSE Linux 9.1, cups-1.1.20
> 
> I have trouble connecting to my cups server from clients in a subnet. 
> cups server has ip 141.26.64.118/20, client has ip 141.26.93.80/22.
> 
> cupsd.conf:
> 
> <Location />
> Order Deny,Allow
> Deny From All
> Allow From 127.0.0.1
> Allow From 127.0.0.2
> Allow From 141.26.*
> Allow From @LOCAL
> </Location>
> 
> If I try to telnet from client to server on port 631
> (telnet 141.26.A.X 631) the connection is immidiatly closed and 
> error_log contains:
> 
> AcceptClient(): Refused connection from from wlan-80.uni-koblenz.de
> 
> A reverse lookup on wlan-80.uni-koblenz.de gives its ip address.
> telnetting from another client in the servers subnet is no problem.
> As far as I understand the configuration, "Allow From 141.26.*" should 
> allow my clients connection?
> 
> The full cupsd.conf is attached.
> Any help is greatly appreciated!
> 
> -- 
> Regards
> Christoph
> ________________________________________________________________________
> Christoph Litauer                  litauer at uni-koblenz.de
> Uni Koblenz, Computing Center,     http://www.uni-koblenz.de/~litauer
> Postfach 201602, 56016 Koblenz     Fon: +49 261 287-1311, Fax: -100 1311
> PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html
> 

> #
> # "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 mike Exp $"
> #
> #   Sample configuration file for the Common UNIX Printing System (CUPS)
> #   scheduler.
> #
> #   Copyright 1997-2003 by Easy Software Products, all rights reserved.
> #
> #   These coded instructions, statements, and computer programs are the
> #   property of Easy Software Products and are protected by Federal
> #   copyright law.  Distribution and use rights are outlined in the file
> #   "LICENSE.txt" which should have been included with this file.  If this
> #   file is missing or damaged please contact Easy Software Products
> #   at:
> #
> #       Attn: CUPS Licensing Information
> #       Easy Software Products
> #       44141 Airport View Drive, Suite 204
> #       Hollywood, Maryland 20636-3111 USA
> #
> #       Voice: (301) 373-9603
> #       EMail: cups-info at cups.org
> #         WWW: http://www.cups.org
> #
> 
> ########################################################################
> #                                                                      #
> # This is the CUPS configuration file.  If you are familiar with       #
> # Apache or any of the other popular web servers, we've followed the   #
> # same format.  Any configuration variable used here has the same      #
> # semantics as the corresponding variable in Apache.  If we need       #
> # different functionality then a different name is used to avoid       #
> # confusion...                                                         #
> #                                                                      #
> ########################################################################
> 
> 
> ########
> ######## Server Identity
> ########
> 
> #
> # ServerName: the hostname of your server, as advertised to the world.
> # By default CUPS will use the hostname of the system.
> #
> # To set the default server used by clients, see the client.conf file.
> #
> 
> #ServerName myhost.domain.com
> 
> #
> # ServerAdmin: the email address to send all complaints/problems to.
> # By default CUPS will use "root at hostname".
> #
> 
> ServerAdmin litauer at uni-koblenz.de
> 
> 
> ########
> ######## Server Options
> ########
> 
> #
> # AccessLog: the access log file; if this does not start with a leading /
> # then it is assumed to be relative to ServerRoot.  By default set to
> # "/var/log/cups/access_log"
> #
> # You can also use the special name "syslog" to send the output to the
> # syslog file or daemon.
> #
> 
> #AccessLog /var/log/cups/access_log
> 
> #
> # Classification: the classification level of the server.  If set, this
> # classification is displayed on all pages, and raw printing is disabled.
> # The default is the empty string.
> #
> 
> #Classification classified
> #Classification confidential
> #Classification secret
> #Classification topsecret
> #Classification unclassified
> 
> #
> # ClassifyOverride: whether to allow users to override the classification
> # on printouts. If enabled, users can limit banner pages to before or
> # after the job, and can change the classification of a job, but cannot
> # completely eliminate the classification or banners.
> #
> # The default is off.
> #
> 
> #ClassifyOverride off
> 
> #
> # DataDir: the root directory for the CUPS data files.
> # By default "/usr/share/cups".
> #
> 
> #DataDir /usr/share/cups
> 
> #
> # DefaultCharset: the default character set to use. If not specified,
> # defaults to "utf-8".  Note that this can also be overridden in
> # HTML documents...
> #
> 
> #DefaultCharset utf-8
> 
> #
> # DefaultLanguage: the default language if not specified by the browser.
> # If not specified, the current locale is used.
> #
> 
> #DefaultLanguage en
> 
> #
> # DocumentRoot: the root directory for HTTP documents that are served.
> # By default "/usr/share/doc/packages/cups".
> #
> 
> #DocumentRoot /usr/share/doc/packages/cups
> 
> #
> # ErrorLog: the error log file; if this does not start with a leading /
> # then it is assumed to be relative to ServerRoot.  By default set to
> # "/var/log/cups/error_log"
> #
> # You can also use the special name "syslog" to send the output to the
> # syslog file or daemon.
> #
> 
> #ErrorLog /var/log/cups/error_log
> 
> #
> # FileDevice: determines whether the scheduler will allow new printers
> # to be added using device URIs of the form "file:/foo/bar". The default
> # is not to allow file devices due to the potential security vulnerability
> # and due to the fact that file devices do not support raw printing.
> #
> 
> FileDevice Yes
> 
> 
> #
> # FontPath: the path to locate all font files (currently only for pstoraster)
> # By default "/usr/share/cups/fonts".
> #
> 
> #FontPath /usr/share/cups/fonts
> 
> #
> # LogLevel: controls the number of messages logged to the ErrorLog
> # file and can be one of the following:
> #
> #     debug2	Log everything.
> #     debug	Log almost everything.
> #     info      Log all requests and state changes.
> #     warn      Log errors and warnings.
> #     error     Log only errors.
> #     none      Log nothing.
> #
> 
> LogLevel info
> 
> #
> # MaxLogSize: controls the maximum size of each log file before they are
> # rotated.  Defaults to 1048576 (1MB).  Set to 0 to disable log rotating.
> #
> 
> #MaxLogSize 0
> 
> #
> # PageLog: the page log file; if this does not start with a leading /
> # then it is assumed to be relative to ServerRoot.  By default set to
> # "/var/log/cups/page_log"
> #
> # You can also use the special name "syslog" to send the output to the
> # syslog file or daemon.
> #
> 
> #PageLog /var/log/cups/page_log
> 
> #
> # PreserveJobHistory: whether or not to preserve the job history after a
> # job is completed, cancelled, or stopped.  Default is Yes.
> #
> 
> #PreserveJobHistory Yes
> PreserveJobHistory No
> 
> #
> # PreserveJobFiles: whether or not to preserve the job files after a
> # job is completed, cancelled, or stopped.  Default is No.
> #
> 
> #PreserveJobFiles No
> 
> #
> # AutoPurgeJobs: automatically purge jobs when not needed for quotas.
> # Default is No.
> #
> 
> #AutoPurgeJobs No
> 
> #
> # MaxCopies: maximum number of copies that a user can request. Default is
> # 100.
> #
> 
> #MaxCopies 100
> 
> #
> # MaxJobs: maximum number of jobs to keep in memory (active and completed.)
> # Default is 500; the value 0 is used for no limit.
> #
> 
> #MaxJobs 500
> MaxJobs 5000
> 
> #
> # MaxJobsPerPrinter: maximum number of active jobs per printer. The default
> # is 0 for no limit.
> #
> 
> #MaxJobsPerPrinter 0
> MaxJobsPerPrinter 30
> 
> #
> # MaxJobsPerUser: maximum number of active jobs per user. The default
> # is 0 for no limit.
> #
> 
> #MaxJobsPerUser 0
> MaxJobsPerUser 8
> 
> #
> # MaxPrinterHistory: controls the maximum number of history collections
> # in the printer-state-history attribute.  Set to 0 to disable history
> # data.
> #
> 
> #MaxPrinterHistory 10
> 
> #
> # Printcap: the name of the printcap file.  Default is /etc/printcap.
> # Leave blank to disable printcap file generation.
> #
> 
> Printcap /etc/cups/printcap
> 
> #
> # PrintcapFormat: the format of the printcap file, currently either
> # BSD or Solaris.  The default is "BSD".
> #
> 
> #PrintcapFormat BSD
> #PrintcapFormat Solaris
> 
> #
> # PrintcapGUI: the name of the GUI options panel program to associate
> # with print queues under IRIX.  The default is "/usr/bin/glpoptions"
> # from ESP Print Pro.
> #
> # This option is only used under IRIX; the options panel program
> # must accept the "-d printer" and "-o options" options and write
> # the selected printer options back to stdout on completion.
> #
> 
> #PrintcapGUI /usr/bin/glpoptions
> 
> #
> # RequestRoot: the directory where request files are stored.
> # By default "/var/spool/cups".
> #
> 
> #RequestRoot /var/spool/cups
> 
> #
> # RemoteRoot: the name of the user assigned to unauthenticated accesses
> # from remote systems.  By default "remroot".
> #
> 
> #RemoteRoot remroot
> 
> #
> # ServerBin: the root directory for the scheduler executables.
> # By default "/usr/lib/cups".
> #
> 
> #ServerBin /usr/lib/cups
> 
> #
> # ServerRoot: the root directory for the scheduler.
> # By default "/etc/cups".
> #
> 
> #ServerRoot /etc/cups
> 
> 
> ########
> ######## Fax Support
> ########
> 
> #
> # FaxRetryLimit: the number of times a fax job is retried.
> # The default is 5 times.
> #
> 
> #FaxRetryLimit 5
> 
> #
> # FaxRetryInterval: the number of seconds between fax job retries.
> # The default is 300 seconds/5 minutes.
> #
> 
> #FaxRetryInterval 300
> 
> 
> ########
> ######## Encryption Support
> ########
> 
> #
> # ServerCertificate: the file to read containing the server's certificate.
> # Defaults to "/etc/cups/ssl/server.crt".
> #
> 
> #ServerCertificate /etc/cups/ssl/server.crt
> 
> #
> # ServerKey: the file to read containing the server's key.
> # Defaults to "/etc/cups/ssl/server.key".
> #
> 
> #ServerKey /etc/cups/ssl/server.key
> 
> 
> ########
> ######## Filter Options
> ########
> 
> #
> # User/Group: the user and group the server runs under.  Normally this
> # must be lp and lp, however you can configure things for another
> # user or group as needed.
> #
> # Note: the server must be run initially as root to support the
> # default IPP port of 631.  It changes users whenever an external
> # program is run, or if the RunAsUser directive is specified...
> #
> 
> User lp
> Group lp
> RunAsUser No
> 
> #
> # RIPCache: the amount of memory that each RIP should use to cache
> # bitmaps.  The value can be any real number followed by "k" for
> # kilobytes, "m" for megabytes, "g" for gigabytes, or "t" for tiles
> # (1 tile = 256x256 pixels.)  Defaults to "8m" (8 megabytes).
> #
> 
> #RIPCache 8m
> 
> #
> # TempDir: the directory to put temporary files in.  This directory must be
> # writable by the user defined above!  Defaults to "/var/spool/cups/tmp" or
> # the value of the TMPDIR environment variable.
> #
> 
> #TempDir /var/spool/cups/tmp
> 
> #
> # FilterLimit: sets the maximum cost of all job filters that can be run
> # at the same time.  A limit of 0 means no limit.  A typical job may need
> # a filter limit of at least 200; limits less than the minimum required
> # by a job force a single job to be printed at any time.
> #
> # The default limit is 0 (unlimited).
> #
> 
> #FilterLimit 0
> 
> ########
> ######## Network Options
> ########
> 
> #
> # Ports/addresses that we listen to.  The default port 631 is reserved
> # for the Internet Printing Protocol (IPP) and is what we use here.
> #
> # You can have multiple Port/Listen lines to listen to more than one
> # port or address, or to restrict access:
> #
> #    Port 80
> #    Port 631
> #    Listen hostname
> #    Listen hostname:80
> #    Listen hostname:631
> #    Listen 1.2.3.4
> #    Listen 1.2.3.4:631
> # 
> # NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades
> # for encryption.  If you want to support web-based encryption you'll
> # probably need to listen on port 443 (the "https" port...)
> #
> 
> #Port 80
> #Port 443
> Port 631
> SSLPort 6443
> 
> #
> # HostNameLookups: whether or not to do lookups on IP addresses to get a
> # fully-qualified hostname.  This defaults to Off for performance reasons...
> #
> 
> HostNameLookups On
> 
> #
> # KeepAlive: whether or not to support the Keep-Alive connection
> # option.  Default is on.
> #
> 
> #KeepAlive On
> 
> #
> # KeepAliveTimeout: the timeout before Keep-Alive connections are
> # automatically closed.  Default is 60 seconds.
> #
> 
> #KeepAliveTimeout 60
> 
> #
> # MaxClients: controls the maximum number of simultaneous clients that
> # will be handled.  Defaults to 100.
> #
> 
> #MaxClients 100
> 
> #
> # MaxClientsPerHost: controls the maximum number of simultaneous clients that
> # will be handled from a specific host.  Defaults to 10 or 1/10th of the
> # MaxClients setting, whichever is larger.  A value of 0 specifies the
> # automatic (10 or 1/10th) setting.
> #
> 
> #MaxClientsPerHost 0
> 
> #
> # MaxRequestSize: controls the maximum size of HTTP requests and print files.
> # Set to 0 to disable this feature (defaults to 0.)
> #
> 
> #MaxRequestSize 0
> 
> #
> # Timeout: the timeout before requests time out.  Default is 300 seconds.
> #
> 
> #Timeout 300
> 
> 
> ########
> ######## Browsing Options
> ########
> 
> #
> # Browsing: whether or not to broadcast and/or listen for CUPS printer
> # information on the network.  Enabled by default.
> #
> 
> Browsing On
> 
> #
> # BrowseProtocols: which protocols to use for browsing.  Can be
> # any of the following separated by whitespace and/or commas:
> #
> #     all  - Use all supported protocols.
> #     cups - Use the CUPS browse protocol.
> #     slp  - Use the SLPv2 protocol.
> #
> # The default is "cups".
> #
> # NOTE: If you choose to use SLPv2, it is *strongly* recommended that
> #       you have at least one SLP Directory Agent (DA) on your
> #       network.  Otherwise, browse updates can take several seconds,
> #       during which the scheduler will not respond to client
> #       requests.
> #
> 
> #BrowseProtocols cups
> 
> #
> # BrowseAddress: specifies a broadcast address to be used.  By
> # default browsing information is not sent!
> #
> # Note: HP-UX does not properly handle broadcast unless you have a
> # Class A, B, C, or D netmask (i.e. no CIDR support).
> #
> # Note: Using the "global" broadcast address (255.255.255.255) will
> # activate a Linux demand-dial link with the default configuration.
> # If you have a LAN as well as the dial-up link, use the LAN's
> # broadcast address.
> #
> # The @LOCAL address broadcasts to all non point-to-point interfaces.
> # For example, if you have a LAN and a dial-up link, @LOCAL would
> # send printer updates to the LAN but not to the dial-up link.
> # Similarly, the @IF(name) address sends to the named network
> # interface, e.g. @IF(eth0) under Linux.  Interfaces are refreshed
> # automatically (no more than once every 60 seconds), so they can
> # be used on dynamically-configured interfaces, e.g. PPP, 802.11, etc.
> #
> 
> BrowseAddress 141.26.71.255
> #BrowseAddress x.y.z.255
> #BrowseAddress x.y.255.255
> #BrowseAddress x.255.255.255
> #BrowseAddress 255.255.255.255
> #BrowseAddress @LOCAL
> #BrowseAddress @IF(name)
> 
> #
> # BrowseShortNames: whether or not to use "short" names for remote printers
> # when possible (e.g. "printer" instead of "printer at host".)  Enabled by
> # default.
> #
> 
> #BrowseShortNames Yes
> 
> #
> # BrowseAllow: specifies an address mask to allow for incoming browser
> # packets. The default is to allow packets from all addresses.
> #
> # BrowseDeny: specifies an address mask to deny for incoming browser
> # packets. The default is to deny packets from no addresses.
> #
> # Both "BrowseAllow" and "BrowseDeny" accept the following notations for
> # addresses:
> #
> #     All
> #     None
> #     *.domain.com
> #     .domain.com
> #     host.domain.com
> #     nnn.*
> #     nnn.nnn.*
> #     nnn.nnn.nnn.*
> #     nnn.nnn.nnn.nnn
> #     nnn.nnn.nnn.nnn/mm
> #     nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
> #     @LOCAL
> #     @IF(name)
> #
> # The hostname/domainname restrictions only work if you have turned hostname
> # lookups on!
> #
> 
> #BrowseAllow address
> #BrowseDeny address
> BrowseAllow 141.26.64.*
> BrowseAllow 141.26.66.*
> BrowseAllow david.uni-koblenz.de
> BrowseAllow subconscious.uni-koblenz.de
> 
> #BrowseAllow @LOCAL
> #BrowseDeny All
> 
> #
> # BrowseInterval: the time between browsing updates in seconds.  Default
> # is 30 seconds.
> #
> # Note that browsing information is sent whenever a printer's state changes
> # as well, so this represents the maximum time between updates.
> #
> # Set this to 0 to disable outgoing broadcasts so your local printers are
> # not advertised but you can still see printers on other hosts.
> #
> 
> #BrowseInterval 30
> 
> #
> # BrowseOrder: specifies the order of BrowseAllow/BrowseDeny comparisons.
> #
> 
> BrowseOrder allow,deny
> #BrowseOrder deny,allow
> 
> #
> # BrowsePoll: poll the named server(s) for printers
> #
> 
> #BrowsePoll address:port
> 
> #
> # BrowsePort: the port used for UDP broadcasts.  By default this is
> # the IPP port; if you change this you need to do it on all servers.
> # Only one BrowsePort is recognized.
> #
> 
> #BrowsePort 631
> 
> #
> # BrowseRelay: relay browser packets from one address/network to another.
> #
> 
> #BrowseRelay source-address destination-address
> #BrowseRelay @IF(src) @IF(dst)
> 
> #
> # BrowseTimeout: the timeout for network printers - if we don't
> # get an update within this time the printer will be removed
> # from the printer list.  This number definitely should not be
> # less the BrowseInterval value for obvious reasons.  Defaults
> # to 300 seconds.
> #
> 
> #BrowseTimeout 300
> 
> #
> # ImplicitClasses: whether or not to use implicit classes.
> #
> # Printer classes can be specified explicitly in the classes.conf
> # file, implicitly based upon the printers available on the LAN, or
> # both.
> #
> # When ImplicitClasses is On, printers on the LAN with the same name
> # (e.g. Acme-LaserPrint-1000) will be put into a class with the same
> # name. This allows you to setup multiple redundant queues on a LAN
> # without a lot of administrative difficulties.  If a user sends a
> # job to Acme-LaserPrint-1000, the job will go to the first available
> # queue.
> #
> # Enabled by default.
> #
> 
> #ImplicitClasses On
> 
> #
> # ImplicitAnyClasses: whether or not to create "AnyPrinter" implicit
> # classes.
> #
> # When ImplicitAnyClasses is On and a local queue of the same name
> # exists, e.g. "printer", "printer at server1", "printer at server1", then
> # an implicit class called "Anyprinter" is created instead.
> #
> # When ImplicitAnyClasses is Off, implicit classes are not created
> # when there is a local queue of the same name.
> #
> # Disabled by default.
> #
> 
> #ImplicitAnyCLasses Off
> 
> #
> # HideImplicitMembers: whether or not to show the members of an
> # implicit class.
> #
> # When HideImplicitMembers is On, any remote printers that are
> # part of an implicit class are hidden from the user, who will
> # then only see a single queue even though many queues will be
> # supporting the implicit class.
> #
> # Enabled by default.
> #
> 
> #HideImplicitMembers On
> 
> 
> ########
> ######## Security Options
> ########
> 
> #
> # SystemGroup: the group name for "System" (printer administration)
> # access.  The default varies depending on the operating system, but
> # will be "sys", "system", or "root" (checked for in that order.)
> #
> 
> #SystemGroup lp
> 
> #
> # RootCertDuration: How frequently the root certificate is regenerated.
> # Defaults to 300 seconds.
> #
> 
> #RootCertDuration 300
> 
> #
> # Access permissions for each directory served by the scheduler.
> # Locations are relative to DocumentRoot...
> #
> # AuthType: the authorization to use:
> #
> #    None   - Perform no authentication
> #    Basic  - Perform authentication using the HTTP Basic method.
> #    Digest - Perform authentication using the HTTP Digest method.
> #
> #    (Note: local certificate authentication can be substituted by
> #           the client for Basic or Digest when connecting to the
> #           localhost interface)
> #
> # AuthClass: the authorization class; currently only "Anonymous", "User",
> # "System" (valid user belonging to group SystemGroup), and "Group"
> # (valid user belonging to the specified group) are supported.
> #
> # AuthGroupName: the group name for "Group" authorization.
> #
> # Order: the order of Allow/Deny processing.
> #
> # Allow: allows access from the specified hostname, domain, IP address,
> # network, or interface.
> #
> # Deny: denies access from the specified hostname, domain, IP address,
> # network, or interface.
> #
> # Both "Allow" and "Deny" accept the following notations for addresses:
> #
> #     All
> #     None
> #     *.domain.com
> #     .domain.com
> #     host.domain.com
> #     nnn.*
> #     nnn.nnn.*
> #     nnn.nnn.nnn.*
> #     nnn.nnn.nnn.nnn
> #     nnn.nnn.nnn.nnn/mm
> #     nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
> #     @LOCAL
> #     @IF(name)
> #
> # The host and domain address require that you enable hostname lookups
> # with "HostNameLookups On" above.
> #
> # The @LOCAL address allows or denies from all non point-to-point
> # interfaces.  For example, if you have a LAN and a dial-up link,
> # @LOCAL could allow connections from the LAN but not from the dial-up
> # link.  Similarly, the @IF(name) address allows or denies from the
> # named network interface, e.g. @IF(eth0) under Linux.  Interfaces are
> # refreshed automatically (no more than once every 60 seconds), so
> # they can be used on dynamically-configured interfaces, e.g. PPP,
> # 802.11, etc.
> #
> # Encryption: whether or not to use encryption; this depends on having
> # the OpenSSL library linked into the CUPS library and scheduler.
> #
> # Possible values:
> #
> #     Always       - Always use encryption (SSL)
> #     Never        - Never use encryption
> #     Required     - Use TLS encryption upgrade
> #     IfRequested  - Use encryption if the server requests it
> #
> # The default value is "IfRequested".
> #
> 
> <Location />
> Order Deny,Allow
> Deny From All
> Allow From 127.0.0.1
> Allow From 127.0.0.2
> Allow From 141.26.*
> Allow From @LOCAL
> </Location>
> 
> #<Location /classes>
> #
> # You may wish to limit access to printers and classes, either with Allow
> # and Deny lines, or by requiring a username and password.
> #
> #</Location>
> 
> #<Location /classes/name>
> #
> # You may wish to limit access to printers and classes, either with Allow
> # and Deny lines, or by requiring a username and password.
> #
> #</Location>
> 
> #<Location /jobs>
> #
> # You may wish to limit access to job operations, either with Allow
> # and Deny lines, or by requiring a username and password.
> #
> #</Location>
> 
> #<Location /printers>
> #
> # You may wish to limit access to printers and classes, either with Allow
> # and Deny lines, or by requiring a username and password.
> #
> #</Location>
> 
> #<Location /printers/name>
> #
> # You may wish to limit access to printers and classes, either with Allow
> # and Deny lines, or by requiring a username and password.
> #
> 
> ## Anonymous access (default)
> #AuthType None
> 
> ## Require a username and password (Basic authentication)
> #AuthType Basic
> #AuthClass User
> 
> ## Require a username and password (Digest/MD5 authentication)
> #AuthType Digest
> #AuthClass User
> 
> ## Restrict access to local domain
> #Order Deny,Allow
> #Deny From All
> #Allow From .mydomain.com
> #</Location>
> 
> <Location /admin>
> #
> # You definitely will want to limit access to the administration functions.
> # The default configuration requires a local connection from a user who
> # is a member of the system group to do any admin tasks.  You can change
> # the group name using the SystemGroup directive.
> #
> 
> AuthType Basic
> AuthClass User
> require user litauer krienke arndt nissen firmenich haussmann root admin
> 
> ## Restrict access to local domain
> Order Deny,Allow
> Allow From 127.0.0.1
> Allow From 141.26.*
> Deny From All
> 
> Satisfy all
> 
> #Encryption Required
> </Location>
> 
> <Location /jobs/?op=cancel-job>
> 	AuthType Basic
> 	AuthClass User
> 	require valid-user
> </Location>
> 
> 
> #
> # End of "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 mike Exp $".
> #

> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups


-- 
Klaus Singvogel
SuSE Linux AG
Maxfeldstr. 5                     E-Mail: Klaus.Singvogel at suse.com
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27





More information about the cups mailing list