[cups.general] Setting up Basic Authentication with SSL Encryption

Paul Ortman portman at goshen.edu
Tue Sep 13 14:22:55 PDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm having a fair bit of difficulty getting basic authentication to work
 between a CUPS print spool server (cups-test) and a CUPS client that is
running a localhost CUPS server (linux-a).

I've generated a self-signed SSL key and cert and placed them on cups-test:

  portman at cups-test $ ls -l /etc/cups/ssl
  -rw-r-----  1 root lp 1346 Sep 13 13:01 server.crt
  -rw-r-----  1 root lp  887 Sep 13 13:00 server.key

I've then modified the /etc/cups/cupsd.conf file on cups-test with the
following directives and restarted cupsd:

  ServerCertificate /etc/cups/ssl/server.crt
  ServerKey /etc/cups/ssl/server.key
  Group lp
  <Location />
    Order Deny,Allow
    Deny From All
    Allow From 10.0.0.0/24
    Encryption IfRequested
    AuthType Basic
    AuthClass User
  </Location>

One the client (linux-a) I've done very little to the standard config.
In fact, about the only thing I've changed is to put a browsing filter
on so that only broadcasts from cups-test are allowed in.  A few tests
on the client show that it seems to find everything it should:

  portman at linux-a $ lpstat -a laser
  laser accepting requests since Jan 01 00:00

  portman at linux-a $ lpr testfile

  portman at linux-a $ lpstat
  laser-22     portman           1024   Tue 13 Sep 2005 03:44:38 PM EST

The problem is I never seem to get prompted for username or password, as
the debug logs show on linux-a:

  E [13/Sep/2005:15:44:38 -0500] [Job 22] Unable to get printer status
  (client-error-not-authorized)!

- From the commandline of cups-test lpr and lpstat always prompt for a
username and password (and seem to work fine), but if I force encryption
(-E) I get a bad message in the cups-test error_log:

  E [13/Sep/2005:16:05:00 -0500] Bad request line "^W^C^A" from
  localhost!

Furthermore, accessing cups test with a web browser URL like:

  https://cups-test:631/

gives a weird error of "The connection to cups-test:631 has terminated
unexpectedly. Some data may have been transferred."  In the debug logs
of cups-test this shows up:

  E [13/Sep/2005:15:49:10 -0500] Bad request line "<80>g^A^C" from

Do I not understand how authentication works?  What I was expecting was
  a) from the lpr command to be asked for a valid username and password
on the local cups-test box and the linux-a box.
  b) from a webbrowser accessing the above URL, a warning about a
self-signed cert and then a basic authentication dialog.
  c) even if the encryption is foobar, I was expecting the IfRequested
dialog to degrade to cleartext as I didn't require SSL (like it seemed
to on cups-test).

Somebody please hit me with a two-by-clue.  Specifics about the installs
 follow:

Thanks,
Paul Ortman

cups-test: gentoo i386 box cups version 1.1.23-r1
ldd output :
	linux-gate.so.1 =>  (0xffffe000)
        libz.so.1 => /lib/libz.so.1 (0xb7f08000)
        libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7ed6000)
        libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7dd9000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0xb7dca000)
        libpam.so.0 => /lib/libpam.so.0 (0xb7dc1000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7dbd000)
        libcups.so.2 => /usr/lib/libcups.so.2 (0xb7da0000)
        libnsl.so.1 => /lib/libnsl.so.1 (0xb7d8a000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7d5c000)
        libc.so.6 => /lib/libc.so.6 (0xb7c44000)
        libresolv.so.2 => /lib/libresolv.so.2 (0xb7c30000)
        /lib/ld-linux.so.2 (0xb7f1e000)

linux-a: ubuntu amd64 box cups version 1.1.23-1ubuntu12
ldd output :libz.so.1 => /usr/lib/libz.so.1 (0x0000002a9566c000)
        libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0x0000002a95780000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0x0000002a958f2000)
        libpam.so.0 => /lib/libpam.so.0 (0x0000002a95a00000)
        libdl.so.2 => /lib/libdl.so.2 (0x0000002a95b09000)
        libcups.so.2 => /usr/lib/libcups.so.2 (0x0000002a95c0d000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x0000002a95d2c000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x0000002a95e42000)
        libpaper.so.1 => /usr/lib/libpaper.so.1 (0x0000002a95f76000)
        libc.so.6 => /lib/libc.so.6 (0x0000002a96079000)
        libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0x0000002a962b8000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x0000002a963c9000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x0000002a96515000)
        libm.so.6 => /lib/libm.so.6 (0x0000002a96618000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x0000002a9679f000)
        /lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
(0x0000002a95556000)
	

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD4DBQFDJ0EHfw8KGlVgLIERAsDEAJdZU4V7pz3csDEuBLoAmSRoNZIfAJwMARi5
dD/SkK1kuiO7lLEK66NUtw==
=LmHG
-----END PGP SIGNATURE-----

More information about the cups mailing list