[cups.general] Conditional authentification based on LAN-IP?
Michael Sweet
msweet at apple.com
Wed Sep 15 12:59:06 PDT 2010
On Sep 15, 2010, at 12:32 PM, Luc Lalonde wrote:
> So if I understand correctly, this will work:
>
> <Location /printers/hp1300>
> Order Allow, Deny
> AuthType Basic
> Satisfy Any
> Allow From 192.168.0.*
> Allow From 192.168.2.*
> Allow From 192.168.3.*
> </Location>
>
> Someone in the above LAN's will not be asked to Authenticate... but someone from say 192.168.1.* will?
Yes.
> What happens if I add a 'Require group secretaries professors' in there. Will the group restriction be enforced for those authenticating from the 192.168.1.* LAN?
Yes, but not for the other LANs.
>
>>> AuthType Basic
>>> Allow From 192.168.1.*
>>> </Location>
> ----- Original Message -----
> From: "Michael Sweet" <msweet at apple.com>
> To: "Brian Kroth" <bpkroth at gmail.com>, "Mirror of cups.general Newsgroup" <cups at easysw.com>
> Cc: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> Sent: Wednesday, September 15, 2010 3:05:40 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [cups.general] Conditional authentification based on LAN-IP?
>
> Yeah, as long as you don't have the issue of more than two zones the Satisfy Any approach will work.
>
> (and it is like Apache on purpose... :)
>
> On Sep 15, 2010, at 11:21 AM, Brian Kroth wrote:
>
>> You probably want to use a "Satisfy Any" rule. It's a lot like Apache.
>>
>> http://www.cups.org/documentation.php/ref-cupsd-conf.html#Satisfy
>>
>> Brian
>>
>> Luc Lalonde <luc.lalonde at polymtl.ca> 2010-09-15 14:18:
>>> Hello folks,
>>>
>>> I'm wondering if it is possible to combine these two rules into one:
>>>
>>> <Location /printers/hp1300>
>>> Order Allow, Deny
>>> Allow From 192.168.0.*
>>> </Location>
>>>
>>> <Location /printers/hp1300_dmz>
>>> Order Allow, Deny
>>> AuthType Basic
>>> Allow From 192.168.1.*
>>> </Location>
>>>
>>> Basically, these two point to the same printer. However, I want people to be able to use the printers without having to authenticate if they are on the 192.168.0.* LAN but force authentification on the wireless-dmz LAN (192.168.1.*).
>>>
>>> Thanks!
>>>
>>>
________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
More information about the cups
mailing list