A secure user

[Jim Hranicky]

> NetNoise wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I have a room with 50 linux station and 4000 user; they print to a cups
> > server with pykota, but now I noted it is possible to change via kde
> > (but also via lpr) the user who is printing.
> > Is it possible to force user to use the login username, and not permit
> > change it?
>
> No, although you can enable authentication on /printers so they have
> to know the password of the account they choose...

A few years ago I hacked in encrypted ident authentication to get
around this problem. Unfortunately, it depends on an old version
of pidentd and my hacks, and while I managed to get pidentd to
compile and run on OSX, it doesn't actually work. I'm more than
ready to dump it, but passwordless and secure authentication schemes
are hard to come by.

Kerberos springs to mind, but as I believe that would entail changes
in the API for both client and server and it's probably best left to
the main developers for a change of that magnitude.

I was wondering, however, about using getpeerucred/getpeereid
for local passwordless and secure authentication. Unless I'm mistaken,
these can't be spoofed. The downside is you run a cupsd on all your
hosts.

In addition to this, however, you could add SSL client cert
capabilities into the ipp backend and SSL cert requirements to the
main cups server. If the cupsd server received either a valid cert
or even a specific valid cert from the client, it could consider the
IPP username as authenticated. This way, "client cups servers"
could auth the local user and the "server cups server" could verify
the IPP request came from a trusted source. At least this way,
all the accounting could be done on the "server server".

I don't this this would be too hard to do -- does anyone on the
list think this is a good idea? If so, can anyone think of any
issues that would arise?

Jim