CUPS kerberos/GSSAPI in 1.3
Jacob Brown
jacob_brown at dell.com
Mon Jun 4 15:18:31 PDT 2007
Hi. I'm trying to setup my cups server to use kerberos authentication. I'm using the latest version of 1.3svn. I've tried setting up my cupsd.conf to use:
Listen *:631
Listen /usr/local/cups//var/run/cups/cups.sock
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
Krb5Keytab /etc/krb5.keytab
GSSServiceName HTTP
and changed all my AuthType and DefaultAuthType to Negotiate
So far, it doesn't seem to work and I'm not getting any errors telling me why. I've used wireshark to look at the stream and it never gives my client HTTP Authentication required error that I'm expecting. I'm assuming it should get an error like that and tell the client that the support method is "Negotiate". I have apache setup and working on the same computer just fine. Also, I have ssh and samba using kerberos just fine as well (well, except winbind is half-broken as usual but yeah)
Is there something special I need to do to get it to work? If I change the AuthType to Basic, it will give me an error message when trying to delete jobs and when adding a new printer and stuff, but when I use Negotiate, I don't get any HTTP errors.
What type of functionality is currently working? Can windows XP/Vista clients authenticate with Negotiate? Can other cups clients authenticate? Is firefox working?
I understand that 1.3 is still in development and probably has bugs. I can post any bug fixes I do (I just found a bug earlier today that caused a segfault)
Thanks,
~Jacob
More information about the cups
mailing list