[cups.general] Conditional authentification based on LAN-IP?

Michael Sweet msweet at apple.com
Wed Sep 15 12:59:06 PDT 2010


On Sep 15, 2010, at 12:32 PM, Luc Lalonde wrote:

> So if I understand correctly, this will work:
> 
> <Location /printers/hp1300>
>  Order Allow, Deny
>  AuthType Basic
>  Satisfy Any
>  Allow From 192.168.0.*
>  Allow From 192.168.2.*
>  Allow From 192.168.3.*
> </Location>
> 
> Someone in the above LAN's will not be asked to Authenticate... but someone from say 192.168.1.* will?

Yes.

> What happens if I add a 'Require group secretaries professors' in there.  Will the group restriction be enforced for those authenticating from the 192.168.1.* LAN? 

Yes, but not for the other LANs.

> 
>>> AuthType Basic
>>> Allow From 192.168.1.*
>>> </Location>
> ----- Original Message -----
> From: "Michael Sweet" <msweet at apple.com>
> To: "Brian Kroth" <bpkroth at gmail.com>, "Mirror of cups.general Newsgroup" <cups at easysw.com>
> Cc: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> Sent: Wednesday, September 15, 2010 3:05:40 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [cups.general] Conditional authentification based on LAN-IP?
> 
> Yeah, as long as you don't have the issue of more than two zones the Satisfy Any approach will work.
> 
> (and it is like Apache on purpose... :)
> 
> On Sep 15, 2010, at 11:21 AM, Brian Kroth wrote:
> 
>> You probably want to use a "Satisfy Any" rule.  It's a lot like Apache.
>> 
>> http://www.cups.org/documentation.php/ref-cupsd-conf.html#Satisfy
>> 
>> Brian
>> 
>> Luc Lalonde <luc.lalonde at polymtl.ca> 2010-09-15 14:18:
>>> Hello folks,
>>> 
>>> I'm wondering if it is possible to combine these two rules into one:
>>> 
>>> <Location /printers/hp1300>
>>> Order Allow, Deny
>>> Allow From 192.168.0.*
>>> </Location>
>>> 
>>> <Location /printers/hp1300_dmz>
>>> Order Allow, Deny
>>> AuthType Basic
>>> Allow From 192.168.1.*
>>> </Location>
>>> 
>>> Basically, these two point to the same printer.  However, I want people to be able to use the printers without having to authenticate if they are on the 192.168.0.* LAN but force authentification on the wireless-dmz LAN (192.168.1.*).
>>> 
>>> Thanks!
>>> 
>>> 

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair








More information about the cups mailing list