Beginner's problem with authentication policyin1.3.0

John A. Murdie john at cs.york.ac.uk
Mon Oct 1 03:16:01 PDT 2007


> John A. Murdie wrote:
> > ...
> > <Policy default>
> >   <Limit Send-Document ...>
> >     Order allow,deny
> >     Allow from trusted
> >     Require user @OWNER @SYSTEM
> >     AuthType Basic
> >     Satisfy any
> >   </Limit>
> >
> > yet this still permits the untrusted Mac OS X client to print (masquerading as any user known to the CUPS server). I've read "Managing Operations Policies" and understand that "operation policies can only add additional security restrictions to a request, never relax them" - but I'm adding them here.
>
> Hmm, the AuthType should kick in the authentication requirement -
> cupsdIsAuthorized() only uses the requesting-user-name value if
> AuthType is None or unspecified...
>
> Can you run with LogLevel set to debug2 and provide me with the
> cupsdIsAuthorized messages (off-line, if you wish)?
>
> --
> ______________________________________________________________________
> Michael R Sweet                        Senior Printing System Engineer
>

Sorry about the delay in my replying, Mike - very busy here. I sent a description of the problem last week with attached cupsd.conf and error_log files to what I hope is your private E-mail address (which I won't repeat here) - the error_log is rather large. If you haven't received this E-mail, please will you let me know and tell me "off-line" how to resend it to you.

John A. Murdie




More information about the cups mailing list