Beginner's problem with authentication policyin 1.3.0
Michael Sweet
mike at easysw.com
Mon Nov 26 08:37:31 PST 2007
John A. Murdie wrote:
> ...
> AuthType or DefaultAuthType. (I'll enter a documentation RFE if the
> matter is not already documented.)
It isn't documented yet, no...
> With an explicit 'AuthType Basic' in the policy, however, the backend
> now sees environment variables AUTH_USERNAME and AUTH_PASSWORD, the
> latter with the cleartext password. I know that it is cleartext
> because Basic authentication is being used, of course (HTTP's use of
> base-64 encoding is no defence), but is it necessary for CUPS to
> spread the plaintext password around?
The environment is only visible if you are running as root or lp,
otherwise you can't see it. We *do* have to pass the user and
password around, since it may be needed for the the print job - that's
how the jobs from the laptop get authenticated when printed to the
server...
> I'm also a little surprised;
> ref-cupsd-conf.html says, under the entry for PassEnv, "Normally, the
> scheduler only passes the DYLD_LIBRARY_PATH, LD_ASSUME_KERNEL,
> LD_LIBRARY_PATH, LD_PRELOAD, NLSPATH, SHLIB_PATH, TZ, and VGARGS
> environment variables to child processes." - "VGARGS"? (sic). (It
> can't mean backends, surely, as they see other variables such as
> CUPS_ENCRYPTION and DEVICE_URI.)
PassEnv refers to the environment that is inherited from cupsd.
VGARGS is a valgrind thing (so we can run cupsd and its children
using it to do run-time memory and syscall testing...)
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Publishing Software http://www.easysw.com
More information about the cups
mailing list