[cups-devel] SSL-encrypted CUPS IPP Basic Authentication via Active Directory

Michael Sweet msweet at apple.com
Thu Apr 2 10:04:03 PDT 2015


> On Apr 2, 2015, at 9:36 AM, Rick Cochran <rcc2 at cornell.edu> wrote:
> Michael,
> Thanks for your usual quick and informative response!
> Your explanation is what I suspected.
> I can eliminate the ticket cache files using "ccache_dir=/dev/null" in /etc/pam.d/cups, but this adds another 21 messages (errors) to /var/log/messages.  I can configure syslog to black-hole messages from pam_krb5, but that seems like a Bad Idea.
> I'm going to try pam_ldap to see if that's less messy.
> In general, do you think this is a viable strategy for authenticating print job submission for a campus the size of Cornell?

Kerberos comes with its share of warts, but if that is what you use for logins then that is what you should use for printing, too.  pam_ldap might be a viable/less-chatty alternative, and won't cause TGTs to be created when there is no persistent user session being created...

Michael Sweet, Senior Printing System Engineer, PWG Chair

More information about the cups mailing list