[cups.general] Policy configuration, mixed mode access (user or IP address)
Michael Sweet
msweet at apple.com
Wed Nov 7 11:06:36 PST 2012
Alan,
On 2012-11-07, at 1:27 PM, Alan Brown <ajb2 at mssl.ucl.ac.uk> wrote:
> ...
> Is there a way to limit access to ("trusted set of machines" OR "an
> authenticated user")?
Yes.
> ...
> I tried this:
>
> <Policy Foobar>
> <Limit Create-Job Print-Job Print-URI>
> Satisfy any
> Order deny,allow
You want:
Order allow,deny
Require valid-user
The first because otherwise the default is to allow everyone and then apply the blacklist (deny) and whitelist (allow). The second because it actually makes the authentication required if the address doesn't pass the checks.
> ...
> Additionally: Is there any way to include a file within the limit
> statement? (I tried "Include" here and got an error message.)
No, we don't support include within a block, just at the top level.
> The "allow" list is dynamic and needs to be updated every day. Referring
> to a standalone file would be much cleaner than having to generate a
> complete policy file.
You'll need to include (and regenerate) the whole Policy, then include that.
__________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
More information about the cups
mailing list