Multiple seperated networks
Aukjan
aukjan at vanbelkum.no.spam.nl
Wed Feb 14 02:48:14 PST 2007
Hello all,
I am working on setting up the following:
* One printer network (P), which contains about 500 printers.
* These printers are only accessible via 1 (or a cluster of) cups
server(s) (P-C).
* This central cups server will provide printing for several non-related
networks (X1, X2 .. XN), which might not be under my control.
* From each of these Networks, printing should be possible to a
specified subset of the printers in P.
* Also, multiple networks can print using the same printer/queue. For
this reason, banner pages should be created on a per-queue basis. These
banners can and will contain information only accessible within their
respective networks.
* Each network should only see their own jobs, and users within those
networks should only be able to access their own jobs.
* The P-C does not know anything (and doesn't want to know) about the
users in the X networks. This forces Authentication/Authorization to be
done in each of the networks.
Now I am contemplating the do the following:
* P-C will be a CUPS server (version 1.2.7), with the following settings:
+ policies enabled, which will allow or disallow printing and access
from the X networks.
+ Browsing enabled from each of the allowed networks to discover
printers specified for their networks.
+ Printing of banners, but using the alternate pstops, for printing
banners and printjob in one job. Extra information will be extracted
from the options.
+ Access to jobs will only be allowed from the CUPS servers in the X
networks, This will disallow single hosts from connecting directly to
the P-C.
* Networks X1 .. XN will each have their own CUPS server, using their
own specific versions with the following options:
+ Printer discovery will be done by polling P-C for available printers.
+ User Auth will be done using a local method, and this will allow the
user to view/cancel their own jobs.
+ The ipp backend will be replaced by a wrapper script which adds extra
options (user specific information) to the job and invokes the original
ipp.
Now the I have the following questions:
1. Is it possible to allow only certain printers to be discovered by
network Xi by setting policies, or will each network find all available
printers?
2. Is it possible to allow users in the X networks access to their jobs
through their local cups server? Or will the C-P require authentication
as well? Should Basic Authentication be set in the policies for the
printers?
3. Will all users in network Xi only see jobs submitted from Xi, or will
they also see jobs from Xj .. Xn ? If so, is there something that can be
done?
4. Is the wrapping of the ipp backend the only thing that can be done to
pass extra options (specific for each user) on to the C-P?
5. Are there other obstacles that anyone can see using this kind of setup?
Thanks in advance for taking the time to read this 'long' post!
Aukjan
More information about the cups
mailing list