[cups.general] Will cups support "secure print jobs" in general?
S Clark
smc+cups at dogphilosophy.net
Tue Feb 15 14:30:25 PST 2005
I was under the impression that the SSL support was only for the admin
interface, not for the print jobs themselves. I've not been able to get
IPP-over-SSL print jobs ("ipps"?) working at all at this point, though it's
admittedly been a while since I tried. Are there any pointers to
documentation on getting this to work floating around? The CUPS documentation
appears only to mention the configuration options (the keys, the "SSLListen"
directive, etc.) but doesn't seem to describe how to actually get print jobs
to go over the channel. Should just setting up the SSL keys and pointing the
client at the SSL port rather than the unencrypted port be all that is require
to get this working?
(Or perhaps I'm looking at the wrong end of the equation - do none of the more
common printing clients support SSL print jobs? e.g. Microsoft's presumably
limited IPP support?)
Thanks for the reply - I do recall that authentication for print jobs has also
come up on this mailing list from time to time, so I had been wondering if
Apache's authentication methods might be "leveraged" to handle that.
I may experiment with Apache's "reverse proxy" support at some point to see if
I can use it as a sort of gatekeeper for CUPS. Any idea if such a thing would
work? Will Apache's reverse-proxy module just pass the requests through after
authentication, or would there need to be a "mod_cups" wrapper or something to
handle the IPP protocol commands?
At this stage it's a less important issue to me though, just something I was
curious about.
In case anyone's interested (unlikely but, hey, you never know) what I'm
thinking about is an internet-accessible CUPS server, supplying SSL and an
authentication mechanism, which could be used as an ersatz "Fax" by people
who are travelling (and may be connecting via an insecure public wireless
access point), without having to go through the hassle of setting up a VPN
tunnel. Purely a curiousity for me at the moment, but I've gotten it into my
head that I OUGHT to be able to do this with CUPS...
On Tuesday 15 February 2005 02:38 pm, Michael Sweet wrote:
> S Clark wrote:
> > On a related note, is there any chance that CUPS may implement
> > "IPP-over-SSL"(/TLS)? It would be nice if print jobs could be sent
> > without their contents being potentially "sniffed"...
>
> CUPS already supports this, both with dedicated SSL and with the
> HTTP Upgrade protocol.
More information about the cups
mailing list