authorization drives me nuts

Kurt Pfeifle k1pfeifle at gmx.net
Thu Jul 5 02:57:19 PDT 2007


Helmut Jarausch wrote:
> Hi,
> 
> I'm running CUPS 1.2.11 (on GenToo) and try to set printer options
> via the web interface.
> There I am asked a user name and a password.
> 
> I have entered (as root)
> lppasswd -g wheel -a cups
> plus a password (twice)
> 
> Then, after a restart of CUPS,

Should not be necessary (because this action does not change cupsd.conf).

The lppasswd command adds an entry in the separated password file that
serves to provide authentication if AuthType Digest (or BasicDigest) are
used. (The file usually lives in /etc/cups/lppasswd.md5).

> I tried this user name with password entered above
> but it's not accepted.

If no "<Location /$something>" resource in your cupsd.conf uses *Digest
AuthType (but only "Basic"), no lppasswd command will help. For Basic
authentication, the standard system password checking method (usually
whatever is enabled via PAM) is used.

> (I've checked that I am a member of group 'wheel')
> 
> Furthermore I'm working at the machine where  cupsd is running.
> 
> What am I missing. I haven't found anything in the FAQ.

Check your complete cupsd.conf.

Enable "LogLevel debug".

Compare to error_log entries (and access_log entries) for matching
messages while your $whatever action on the web interface fails.

Especially check your "<Policy $somename>....</Policy>" definitions.
All of them. They provide additional (and finer granulated) access
control to whatever IPP- or CUPS-operation you want to perform. (These
checks *add* more limitations to whatever you "<Location /$foo>....
</Location>" limits already contain.)

Check *every* statement that leads to a possible limitation of your
actions (in no particular order, just from the top of my head):

  Allow (From) ...  # using a proxy that changes your IP address?
  Deny (From) ...
  Order ...
  Require ...
  AuthType ...
  AuthClass ...
  AuthGroupName ...
  SystemGroup ...
  <Limit ...>       # inside <Location> tags
  <Limit ...>       # inside <Policy> definition
  Encryption ...    # do you use a browser that can't do encryption?
  SetEnv ...


-- 
Kurt Pfeifle
System & Network Printing Consultant ---- Linux/Unix/Windows/Samba/CUPS
Infotec Deutschland GmbH  .....................  Hedelfinger Strasse 58
A RICOH Company  ...........................  D-70327 Stuttgart/Germany




More information about the cups mailing list