Kerberized authentication for printing woes

[Logan Anteau]

I have a CUPS server running on our main Solaris server. My goal is to use kerberos to authenticate about 30 linux lab computers to print to the main server. Since the documentation on how to do this seems to be very limited I'm a little confused. I feel like I've tried every combination on how to do this.

I set on the main server's cupsd.conf DefaultAuthType to Negotiate, changed the policies to require valid-user.

The linux clients obtain TGT's upon login and users can get the host ticket for the remote cups server too.

Now I'm a bit confused, should I just be configuring the client.conf to point to the remote server on the linux lab computers? Or should I be configuring a CUPS server on each lab computer also?

When I do it just with the client.conf pointing to the server, the server never sees any authentication data from the client.

If I am supposed to run a CUPS server on each linux machine, should I be configuring their cupsd.conf the same as the server in the way of authentication?

I hope someone can help, I can't believe what I'm trying to do here is impossible. Thanks, let me know if you need any clarification.