[cups.general] Setting up Basic Authentication with SSL Encryption
Paul Ortman
portman at goshen.edu
Tue Sep 13 14:22:55 PDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm having a fair bit of difficulty getting basic authentication to work
between a CUPS print spool server (cups-test) and a CUPS client that is
running a localhost CUPS server (linux-a).
I've generated a self-signed SSL key and cert and placed them on cups-test:
portman at cups-test $ ls -l /etc/cups/ssl
-rw-r----- 1 root lp 1346 Sep 13 13:01 server.crt
-rw-r----- 1 root lp 887 Sep 13 13:00 server.key
I've then modified the /etc/cups/cupsd.conf file on cups-test with the
following directives and restarted cupsd:
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
Group lp
<Location />
Order Deny,Allow
Deny From All
Allow From 10.0.0.0/24
Encryption IfRequested
AuthType Basic
AuthClass User
</Location>
One the client (linux-a) I've done very little to the standard config.
In fact, about the only thing I've changed is to put a browsing filter
on so that only broadcasts from cups-test are allowed in. A few tests
on the client show that it seems to find everything it should:
portman at linux-a $ lpstat -a laser
laser accepting requests since Jan 01 00:00
portman at linux-a $ lpr testfile
portman at linux-a $ lpstat
laser-22 portman 1024 Tue 13 Sep 2005 03:44:38 PM EST
The problem is I never seem to get prompted for username or password, as
the debug logs show on linux-a:
E [13/Sep/2005:15:44:38 -0500] [Job 22] Unable to get printer status
(client-error-not-authorized)!
- From the commandline of cups-test lpr and lpstat always prompt for a
username and password (and seem to work fine), but if I force encryption
(-E) I get a bad message in the cups-test error_log:
E [13/Sep/2005:16:05:00 -0500] Bad request line "^W^C^A" from
localhost!
Furthermore, accessing cups test with a web browser URL like:
https://cups-test:631/
gives a weird error of "The connection to cups-test:631 has terminated
unexpectedly. Some data may have been transferred." In the debug logs
of cups-test this shows up:
E [13/Sep/2005:15:49:10 -0500] Bad request line "<80>g^A^C" from
Do I not understand how authentication works? What I was expecting was
a) from the lpr command to be asked for a valid username and password
on the local cups-test box and the linux-a box.
b) from a webbrowser accessing the above URL, a warning about a
self-signed cert and then a basic authentication dialog.
c) even if the encryption is foobar, I was expecting the IfRequested
dialog to degrade to cleartext as I didn't require SSL (like it seemed
to on cups-test).
Somebody please hit me with a two-by-clue. Specifics about the installs
follow:
Thanks,
Paul Ortman
cups-test: gentoo i386 box cups version 1.1.23-r1
ldd output :
linux-gate.so.1 => (0xffffe000)
libz.so.1 => /lib/libz.so.1 (0xb7f08000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7ed6000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7dd9000)
libslp.so.1 => /usr/lib/libslp.so.1 (0xb7dca000)
libpam.so.0 => /lib/libpam.so.0 (0xb7dc1000)
libdl.so.2 => /lib/libdl.so.2 (0xb7dbd000)
libcups.so.2 => /usr/lib/libcups.so.2 (0xb7da0000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7d8a000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7d5c000)
libc.so.6 => /lib/libc.so.6 (0xb7c44000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7c30000)
/lib/ld-linux.so.2 (0xb7f1e000)
linux-a: ubuntu amd64 box cups version 1.1.23-1ubuntu12
ldd output :libz.so.1 => /usr/lib/libz.so.1 (0x0000002a9566c000)
libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0x0000002a95780000)
libslp.so.1 => /usr/lib/libslp.so.1 (0x0000002a958f2000)
libpam.so.0 => /lib/libpam.so.0 (0x0000002a95a00000)
libdl.so.2 => /lib/libdl.so.2 (0x0000002a95b09000)
libcups.so.2 => /usr/lib/libcups.so.2 (0x0000002a95c0d000)
libnsl.so.1 => /lib/libnsl.so.1 (0x0000002a95d2c000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0000002a95e42000)
libpaper.so.1 => /usr/lib/libpaper.so.1 (0x0000002a95f76000)
libc.so.6 => /lib/libc.so.6 (0x0000002a96079000)
libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0x0000002a962b8000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x0000002a963c9000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x0000002a96515000)
libm.so.6 => /lib/libm.so.6 (0x0000002a96618000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0000002a9679f000)
/lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
(0x0000002a95556000)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD4DBQFDJ0EHfw8KGlVgLIERAsDEAJdZU4V7pz3csDEuBLoAmSRoNZIfAJwMARi5
dD/SkK1kuiO7lLEK66NUtw==
=LmHG
-----END PGP SIGNATURE-----
More information about the cups
mailing list