[cups.general] Q. Is https required for remote administration?
wtautz
wtautz at cs.uwaterloo.ca
Wed May 17 10:31:13 PDT 2006
Michael Sweet wrote:
> wtautz wrote:
>
>> Hello,
>>
>> Is it true that Remote administration (via web interface) requires
>> https?
>
>
> Only if CUPS is compiled with SSL support.
>
>> Seems to be the case. I'm using Ubuntu/Dapper and those folks have no
>> ssl linked into cupsd binary so I suspect this breaks remote
>> administration?
>
>
> No, if they didn't compile with SSL support, then you should never
> get a 426 (upgrade required) error.
>
>> I get the Upgrade 426 message and it tells me I have to connect to
>> https:443. It's interesting to note that this occurs even if I put in
>> Port 443 in the cupsd.conf file and cupsd is listening to 443.
>
>
> What does "ldd /usr/sbin/cupsd" show?
> linux-gate.so.1 => (0xffffe000)
> libz.so.1 => /usr/lib/libz.so.1 (0xb7f6e000)
> libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7f05000)
> libslp.so.1 => /usr/lib/libslp.so.1 (0xb7ef6000)
> libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7ec2000)
> libpam.so.0 => /lib/libpam.so.0 (0xb7eba000)
> libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7eb6000)
> libpaper.so.1 => /usr/lib/libpaper.so.1 (0xb7eb3000)
> libcups.so.2 => /usr/lib/libcups.so.2 (0xb7e86000)
> libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e74000)
> libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e47000)
> libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d18000)
> libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d07000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7cbb000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7cb7000)
> libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7ca2000)
> libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c8f000)
> liblber.so.2 => /usr/lib/liblber.so.2 (0xb7c83000)
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c6e000)
> /lib/ld-linux.so.2 (0xb7f8a000)
>
So it looks like gnutls is being used. I guess to get around the
licensing issue
the Debian doesn't like . So encryption is being used.
> Also, are you using "https://servername" or "http://servername:443"
> to access the web interface?
>
I get the problem if I start with http://servername:443 I can't even
connect.
On the server I see a CLOSE_WAIT if I use lsof -i. This may be a local
issue.
More information about the cups
mailing list