[cups.general] Sharp MX3500N and user restrictions

Helge Blischke h.blischke at acm.org
Wed Apr 28 01:32:08 PDT 2010 

alet at librelogiciel.com wrote:

> Hi,
> 
> We've got a Sharp MX3500N copier/printer with PostScript option.
> 
> I'd like to make this printer available through CUPS.
> 
> Unfortunately user restrictions are in place, so in the native Windows
> driver's print dialog box you must enter an username and password to be
> allowed to print in color, and a different one for B&W.
> 
> Under MacOSX, the PPD file references manufacturer's plugins for these
> and other settings, so it can be made to work just as fine as it works
> from Windows.
> 
> But under GNU/Linux, even with the correct PPD file, it doesn't work
> because the printer refuses the job (unknown user)
> 
> So I've captured a job coming from Windows, and modified the PPD file so
> that the correct PJL settings for ACCOUNTLOGIN and ACCOUNTPASSWORD are
> inserted into the print job.
> 
> The problem is this doesn't work with the login and password values
> captured from the Windows print job, which are not in the clear but
> encrypted, and doesn't work with clear text values either.
> 
> So I think the username and password which must be inserted into the PJL
> statements is a combination of the username/password specified in the
> printer's configuration, and of some other data (timestamp, job's size,
> client hostname or whatever I don't know).
> 
> I'm pretty sure that the username and password present in a working
> print job are a base64 encoding of an md5 hash, but md5 hashing the
> username and/or password alone produce different final results, so
> finally here's my question :
> 
> Does someone know how to compute these two values ACCOUNTLOGIN and
> ACCOUNTPASSWORD, knowing the client's hostname, end user's name, and
> username and password defined in the printer ?
> 
> Thanks in advance
> 
> PS : I've seen other people who had to enter an ID number instead of an
> username and password and who succeeded to make this work with CUPS
> because this information was passed in the clear in the PJL
> settings. But if the approach is the same this is different because of
> entryption.
> 
> 
> Jerome Alet

What I did in a similar case (restricted color printing to a KonicaMinolta 
device) is:
-	set up a raw file device "printer" in CUPS 
-	share this printer via SAMBA
-	set up a MX3500N printer under Windows as usual but use the
	samba shared pseudo printer instead of the real device
-	print a test job from windows to the fake printer and get the
	encrypted and encoded data from the dump file.
-	write a CUPS filter that inserts the skimmed data into
	the appropriate parts of the print job(s)

This way you at least can manage to use the restricted printing using a 
fixed uid/pw combination (initially from Windows) which you could keep 
secret and manage accounting and/or access restrictions via the menas CUPS 
provides.

Helge

More information about the cups mailing list