Mac OS X 10.4 and Digest Auth

Sergio Trejo sergtrejo at gmail.com
Sun Jul 16 01:22:17 PDT 2006


Hi,

I successfully configured CUPS 1.2.1 from source, and installed it in an isolated directory on my Mac OS X Server 10.4.6 system (separate from Apple's installation of CUPS 1.1.x on the same server). I had no problems configuring, making, etc.

I enabled the default configuration (cupsd.config) with an AuthType of Digest for various Location directives including Location /admin and no where in my config file did I make use of Basic AuthType. To make use of the Digest AuthType, of course I used lppasswd to create a user account which was granted rights to access various Locations including the /admin Location, as in ...

  Require user myprivilegedusername

I had no problems accessing most of the various Locations once the user, myprivilegedusername username and password were entered from my client's web browser the first time trying to enter those specific Locations. However, no matter what I tried, I was never able to add a printer (the username and password window attached to my client's web browser (Firefox) would constantly return asking me to enter the user name and password even though I was adding what I thought to be the correct username and password saved to the passwd.md5 file previously using the lppasswd program.

In my CUPS log file, with Debug level 2 turned on, I would get:

D [10/Jul/2006:12:06:01 +0000] cupsdAuthorize: Bad authentication data.

but few clues as to what the real problem was.

I can't help but think that perhaps this has to do with the known Apple security issues that first showed up with a 10.3 security update as defined here < http://www.cups.org/articles.php?L191 > and followed up with the Shadow Hash Patch web page here < http://webpages.charter.net/mbroughtn/ShadowHash_Patch.html >

But the documentation on these pages was pointing to a problem with Basic AuthType not Digest. Does anyone know if Digest is also affected by this Shadow Hash problem on Mac OS X 10.4.x? I had no problems with the same configuration on a FreeBSD 5.4 machine running CUPS 1.2.1 and configured essentially the same. Thank you for any insight.

Best regards,

Sergio





More information about the cups mailing list