[cups.general] Beginner's problem with authentication policyin 1.3.0
Michael R Sweet
msweet at apple.com
Fri Sep 21 09:40:39 PDT 2007
John A. Murdie wrote:
> ...
> <Policy default>
> <Limit Send-Document ...>
> Order allow,deny
> Allow from trusted
> Require user @OWNER @SYSTEM
> AuthType Basic
> Satisfy any
> </Limit>
>
> yet this still permits the untrusted Mac OS X client to print (masquerading as any user known to the CUPS server). I've read "Managing Operations Policies" and understand that "operation policies can only add additional security restrictions to a request, never relax them" - but I'm adding them here.
Hmm, the AuthType should kick in the authentication requirement -
cupsdIsAuthorized() only uses the requesting-user-name value if
AuthType is None or unspecified...
Can you run with LogLevel set to debug2 and provide me with the
cupsdIsAuthorized messages (off-line, if you wish)?
--
______________________________________________________________________
Michael R Sweet Senior Printing System Engineer
More information about the cups
mailing list