How is backend authentication supposed to work ?

Christer Bernérus bernerus at chalmers.se
Wed Mar 10 01:40:13 PST 2010


Hi.

I would like to know how backend authentication is supposed to work. Especially in connection with kerberos.

The scenario is this:

A laptop (mac) uses a local cups queue, and a printer is defined that uses a remote CUPS server that requires authentication. The local queue is needed because  a laptop may be brought somewhere else where there is no print server. I.e. at home.

Now, when a job is submitted to the printer on the print server, it is first put in the local queue on the laptop, and then the CUPS scheduler is responsible for sending the job along to the remote server.

However, when the time comes for the job to be sent along, it is no longer the local user who talks to the remote server.  Root or _lp does this, but root or _lp has no access to the original user's kerberos credentials.

How is this supposed to work, really? How is the local CUPS scheduler supposed to get hold of the original submitter's credentials?

-- Chris





More information about the cups mailing list