[cups.general] Q. Is https required for remote administration?
wtautz
wtautz at cs.uwaterloo.ca
Wed May 17 12:05:14 PDT 2006
Michael Sweet wrote:
>> wtautz wrote:
>>
>
>
>>>> Hello,
>>>>
>>>> Is it true that Remote administration (via web interface) requires
>>>> https?
>>
>>
>>
>>
>> Only if CUPS is compiled with SSL support.
>>
>
>
>>>> Seems to be the case. I'm using Ubuntu/Dapper and those folks have no
>>>> ssl linked into cupsd binary so I suspect this breaks remote
>>>> administration?
>>
>>
>>
>>
>> No, if they didn't compile with SSL support, then you should never
>> get a 426 (upgrade required) error.
>>
>
>
>>>> I get the Upgrade 426 message and it tells me I have to connect to
>>>> https:443. It's interesting to note that this occurs even if I put in
>>>> Port 443 in the cupsd.conf file and cupsd is listening to 443.
>>
>>
>>
>>
>> What does "ldd /usr/sbin/cupsd" show?
>
>
>> linux-gate.so.1 => (0xffffe000)
>> libz.so.1 => /usr/lib/libz.so.1 (0xb7f6e000)
>> libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7f05000)
>> libslp.so.1 => /usr/lib/libslp.so.1 (0xb7ef6000)
>> libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7ec2000)
>> libpam.so.0 => /lib/libpam.so.0 (0xb7eba000)
>> libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7eb6000)
>> libpaper.so.1 => /usr/lib/libpaper.so.1 (0xb7eb3000)
>> libcups.so.2 => /usr/lib/libcups.so.2 (0xb7e86000)
>> libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e74000)
>> libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e47000)
>> libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d18000)
>> libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d07000)
>> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7cbb000)
>> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7cb7000)
>> libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7ca2000)
>> libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c8f000)
>> liblber.so.2 => /usr/lib/liblber.so.2 (0xb7c83000)
>> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c6e000)
>> /lib/ld-linux.so.2 (0xb7f8a000)
>>
>
>
So it looks like gnutls is being used. I guess to get around the
licensing issue
the Debian doesn't like . So encryption is being used.
>> Also, are you using "https://servername" or "http://servername:443"
>> to access the web interface?
>>
>
>
I get the problem if I start with http://servername:443 I can't even
connect.
On the server I see a CLOSE_WAIT if I use lsof -i. This may be a local
issue.
More information about the cups
mailing list