The use of HTTPS
Michael Sweet
mike at easysw.com
Fri Dec 15 07:46:59 PST 2006
Opher Shachar wrote:
> Hello,
> It seems that anytime I need to authenticate to the Web Interface I'm
> asked to access it through HTTPS - unless I'm coming from 127.0.0.1 .
> Can this behavior be suppressed?
Yes, using the DefaultEncryption directive:
DefaultEncryption IfRequested
> Also, if the above is not possible or desired, once authenticated
> (through HTTPS) can the interface be redirected again to HTTP?
No, since the purpose of the encryption is to prevent leaking of
password information. Using Digest authentication is one way to
get reasonably secure authentication without encryption, but you'll
need to manage the passwords separately from the account passwords.
IIRC, the Kerberos support in 1.3 can also run without encryption,
which should provide the best of both worlds.
> ...
> (if the former issue is addressable)In some of our installations
> access to the servers will be through a reverse-proxy that will also
> do the HTTPS on their behalf. Is there a way to set up CUPS such that
> it signals the reverse-proxy it wants HTTPS but will still
> communicate with the reverse-proxy over HTTP?
It is unlikely that your proxy server supports the HTTP Upgrade
protocol, so you'd need to configure the proxy to use SSL (which
the CUPS server will pick up on automatically...)
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Publishing Software http://www.easysw.com
More information about the cups
mailing list