[cups-devel] SSL-encrypted CUPS IPP Basic Authentication via Active Directory

Rick Cochran rcc2 at cornell.edu
Wed Apr 1 14:33:45 PDT 2015


I have a campus full of OS X and Linux users whose print job submissions I would 
like to authenticate via Active Directory.  The good new is that I already have 
this working.  I would just like to make sure I'm doing it optimally.

What I have working is CUPS using pam_krb5 to authenticate to AD.  The strange 
thing I am seeing is that each print job authentication results in 21 Kerberos 
ticket cache files created in /tmp, and 21 "authentication succeeds for 'rcc2'" 
messages and 21 "TGT verified" messages logged to /var/log/messages.

It seems as though CUPS is making 21 authentication calls to PAM.  This seems 
rather excessive.  Perhaps there is a way to reduce it.

Another possibility would be to use pam_ldap instead of pam_krb5.  Is there some 
reason to believe that would be a better solution?

Thanks for any help.

More information about the cups mailing list