[cups.general] Q. Is https required for remote administration?

wtautz wtautz at cs.uwaterloo.ca
Wed May 17 10:31:13 PDT 2006 

Michael Sweet wrote:

> wtautz wrote:
>
>> Hello,
>>
>> Is it true that Remote administration (via web interface) requires
>> https?
>
>
> Only if CUPS is compiled with SSL support.
>
>> Seems to be the case. I'm using Ubuntu/Dapper and those folks have no
>> ssl linked into cupsd binary so I suspect this breaks remote
>> administration?
>
>
> No, if they didn't compile with SSL support, then you should never
> get a 426 (upgrade required) error.
>
>> I get the Upgrade 426 message  and it tells me I have to connect to
>> https:443. It's interesting to note that this occurs even if I put in
>> Port 443 in the cupsd.conf file and cupsd is listening to 443.
>
>
> What does "ldd /usr/sbin/cupsd" show?


>         linux-gate.so.1 =>  (0xffffe000)
>         libz.so.1 => /usr/lib/libz.so.1 (0xb7f6e000)
>         libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7f05000)
>         libslp.so.1 => /usr/lib/libslp.so.1 (0xb7ef6000)
>         libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7ec2000)
>         libpam.so.0 => /lib/libpam.so.0 (0xb7eba000)
>         libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7eb6000)
>         libpaper.so.1 => /usr/lib/libpaper.so.1 (0xb7eb3000)
>         libcups.so.2 => /usr/lib/libcups.so.2 (0xb7e86000)
>         libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e74000)
>         libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e47000)
>         libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d18000)
>         libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d07000)
>         libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7cbb000)
>         libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7cb7000)
>         libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7ca2000)
>         libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c8f000)
>         liblber.so.2 => /usr/lib/liblber.so.2 (0xb7c83000)
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c6e000)
>         /lib/ld-linux.so.2 (0xb7f8a000)
>
So it looks like gnutls is being used. I guess to get around the
licensing issue
the Debian doesn't like . So encryption is being used.


> Also, are you using "https://servername" or "http://servername:443"
> to access the web interface?
>
I get the problem if I start with http://servername:443 I can't even
connect.
On the server I see a CLOSE_WAIT if I use lsof -i. This may be a local
issue.

More information about the cups mailing list