[cups-devel] SSL-encrypted CUPS IPP Basic Authentication via Active Directory
rcc2 at cornell.edu
Wed Apr 1 14:33:45 PDT 2015
I have a campus full of OS X and Linux users whose print job submissions I would
like to authenticate via Active Directory. The good new is that I already have
this working. I would just like to make sure I'm doing it optimally.
What I have working is CUPS using pam_krb5 to authenticate to AD. The strange
thing I am seeing is that each print job authentication results in 21 Kerberos
ticket cache files created in /tmp, and 21 "authentication succeeds for 'rcc2'"
messages and 21 "TGT verified" messages logged to /var/log/messages.
It seems as though CUPS is making 21 authentication calls to PAM. This seems
rather excessive. Perhaps there is a way to reduce it.
Another possibility would be to use pam_ldap instead of pam_krb5. Is there some
reason to believe that would be a better solution?
Thanks for any help.
More information about the cups