[cups.general] Setting up Basic Authentication with SSL Encryption
matt hull
mhull1 at uic.edu
Tue Sep 13 14:29:29 PDT 2005
i was googling this awhile aog and thought i read that its not possible to
do this way because the cups server you are printing to doesnt send back a
certificate to the printing server. i might be wrong.
but if you get that to work, it would be nice to know how you did it. i
would like to set cups up on a unsecure network
matt
On Tue, September 13, 2005 4:13 pm, Paul Ortman said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm having a fair bit of difficulty getting basic authentication to work
> between a CUPS print spool server (cups-test) and a CUPS client that is
> running a localhost CUPS server (linux-a).
>
> I've generated a self-signed SSL key and cert and placed them on
> cups-test:
>
> portman at cups-test $ ls -l /etc/cups/ssl
> -rw-r----- 1 root lp 1346 Sep 13 13:01 server.crt
> -rw-r----- 1 root lp 887 Sep 13 13:00 server.key
>
> I've then modified the /etc/cups/cupsd.conf file on cups-test with the
> following directives and restarted cupsd:
>
> ServerCertificate /etc/cups/ssl/server.crt
> ServerKey /etc/cups/ssl/server.key
> Group lp
> <Location />
> Order Deny,Allow
> Deny From All
> Allow From 10.0.0.0/24
> Encryption IfRequested
> AuthType Basic
> AuthClass User
> </Location>
>
> One the client (linux-a) I've done very little to the standard config.
> In fact, about the only thing I've changed is to put a browsing filter
> on so that only broadcasts from cups-test are allowed in. A few tests
> on the client show that it seems to find everything it should:
>
> portman at linux-a $ lpstat -a laser
> laser accepting requests since Jan 01 00:00
>
> portman at linux-a $ lpr testfile
>
> portman at linux-a $ lpstat
> laser-22 portman 1024 Tue 13 Sep 2005 03:44:38 PM EST
>
> The problem is I never seem to get prompted for username or password, as
> the debug logs show on linux-a:
>
> E [13/Sep/2005:15:44:38 -0500] [Job 22] Unable to get printer status
> (client-error-not-authorized)!
>
> - From the commandline of cups-test lpr and lpstat always prompt for a
> username and password (and seem to work fine), but if I force encryption
> (-E) I get a bad message in the cups-test error_log:
>
> E [13/Sep/2005:16:05:00 -0500] Bad request line "^W^C^A" from
> localhost!
>
> Furthermore, accessing cups test with a web browser URL like:
>
> https://cups-test:631/
>
> gives a weird error of "The connection to cups-test:631 has terminated
> unexpectedly. Some data may have been transferred." In the debug logs
> of cups-test this shows up:
>
> E [13/Sep/2005:15:49:10 -0500] Bad request line "<80>g^A^C" from
>
> Do I not understand how authentication works? What I was expecting was
> a) from the lpr command to be asked for a valid username and password
> on the local cups-test box and the linux-a box.
> b) from a webbrowser accessing the above URL, a warning about a
> self-signed cert and then a basic authentication dialog.
> c) even if the encryption is foobar, I was expecting the IfRequested
> dialog to degrade to cleartext as I didn't require SSL (like it seemed
> to on cups-test).
>
> Somebody please hit me with a two-by-clue. Specifics about the installs
> follow:
>
> Thanks,
> Paul Ortman
>
> cups-test: gentoo i386 box cups version 1.1.23-r1
> ldd output :
> linux-gate.so.1 => (0xffffe000)
> libz.so.1 => /lib/libz.so.1 (0xb7f08000)
> libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7ed6000)
> libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7dd9000)
> libslp.so.1 => /usr/lib/libslp.so.1 (0xb7dca000)
> libpam.so.0 => /lib/libpam.so.0 (0xb7dc1000)
> libdl.so.2 => /lib/libdl.so.2 (0xb7dbd000)
> libcups.so.2 => /usr/lib/libcups.so.2 (0xb7da0000)
> libnsl.so.1 => /lib/libnsl.so.1 (0xb7d8a000)
> libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7d5c000)
> libc.so.6 => /lib/libc.so.6 (0xb7c44000)
> libresolv.so.2 => /lib/libresolv.so.2 (0xb7c30000)
> /lib/ld-linux.so.2 (0xb7f1e000)
>
> linux-a: ubuntu amd64 box cups version 1.1.23-1ubuntu12
> ldd output :libz.so.1 => /usr/lib/libz.so.1 (0x0000002a9566c000)
> libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0x0000002a95780000)
> libslp.so.1 => /usr/lib/libslp.so.1 (0x0000002a958f2000)
> libpam.so.0 => /lib/libpam.so.0 (0x0000002a95a00000)
> libdl.so.2 => /lib/libdl.so.2 (0x0000002a95b09000)
> libcups.so.2 => /usr/lib/libcups.so.2 (0x0000002a95c0d000)
> libnsl.so.1 => /lib/libnsl.so.1 (0x0000002a95d2c000)
> libcrypt.so.1 => /lib/libcrypt.so.1 (0x0000002a95e42000)
> libpaper.so.1 => /usr/lib/libpaper.so.1 (0x0000002a95f76000)
> libc.so.6 => /lib/libc.so.6 (0x0000002a96079000)
> libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0x0000002a962b8000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x0000002a963c9000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0
> (0x0000002a96515000)
> libm.so.6 => /lib/libm.so.6 (0x0000002a96618000)
> libresolv.so.2 => /lib/libresolv.so.2 (0x0000002a9679f000)
> /lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
> (0x0000002a95556000)
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD4DBQFDJ0EHfw8KGlVgLIERAsDEAJdZU4V7pz3csDEuBLoAmSRoNZIfAJwMARi5
> dD/SkK1kuiO7lLEK66NUtw==
> =LmHG
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups
>
More information about the cups
mailing list