[cups.general] Policy configuration, mixed mode access (user or IP address)

Michael Sweet msweet at apple.com
Wed Nov 7 11:06:36 PST 2012


On 2012-11-07, at 1:27 PM, Alan Brown <ajb2 at mssl.ucl.ac.uk> wrote:
> ...
> Is there a way to limit access to ("trusted set of machines" OR "an 
> authenticated user")?


> ...
> I tried this:
> <Policy Foobar>
>   <Limit Create-Job Print-Job Print-URI>
>   Satisfy any
>   Order deny,allow

You want:

    Order allow,deny
    Require valid-user

The first because otherwise the default is to allow everyone and then apply the blacklist (deny) and whitelist (allow).  The second because it actually makes the authentication required if the address doesn't pass the checks.

> ...
> Additionally: Is there any way to include a file within the limit 
> statement? (I tried "Include" here and got an error message.)

No, we don't support include within a block, just at the top level.

> The "allow" list is dynamic and needs to be updated every day. Referring 
> to a standalone file would be much cleaner than having to generate a 
> complete policy file.

You'll need to include (and regenerate) the whole Policy, then include that.

Michael Sweet, Senior Printing System Engineer, PWG Chair

More information about the cups mailing list