Encryption and certificates

[Nuzhna Pomoshch]

> > 1. Is there an example of setting up cups so that encryption is required
> > for all printing sessions (completely separate from requiring encryption
> > for administration)?
>
> I don't think we have a specific example of this on the server side, but
> it is just the following line in cupsd.conf:
>
>     DefaultEncryption Required
>
> You can use the following command to set it:
>
>     cupsctl DefaultEncryption=Required
>
> This is documented in the cupsd.conf man page and online help, just not as
> a specific example.

The cupsd.conf reference page says:

"The DefaultEncryption directive specifies the type of encryption to use when performing authentication."

Not to claim that what you said was wrong, but the documentation states that this directive specifies requirement for authentication (which is not required on the server I am working with at the present time), and says nothing about the printing session itself (which is separate from any authentication).

Can you expand on what you said in light of that?

> > 2. Is it possible for cups to require (and again, is there an example
> > somewhere demonstrating it) client certificates to be able to print?
>
> Not at present.  Some of the support for this was added in CUPS 1.5, but as
> user certificate management is still not standardized we didn't add anything
> for client authentication using certs.  Feel free to ask for this (along
> with pointers to what you are using to manage the certs) in a bug report:

Obviously, that is a big challenge, but I can ask for that, too. :)