[cups] Location /jobs security (Unable to send document - Unauthorized]

Haines, Brandan BAHaines at cooperstandard.com
Mon Feb 9 12:28:14 PST 2015 

All -

I am still struggling with trying to figure out how I can appropriately secure my web interface (like https://server/jobs) to force a logon, while still allowing anonymous access to print from cups-lpd.

If I put in any kind of stanza for <Location /jobs> into cupsd.conf, suddenly things stop working.  The job can get created, but it seems that getting the job information back gets killed with a "401" error.

I have been through the admin guide and all over the web, but I am just having trouble getting it to work the way I want it to.

The inetd debug log kicks back:
Feb  4 19:51:02 aubucups lpr:info cups-lpd[4653230]: Print file - job ID = 40
Feb  4 19:51:02 aubucups lpr:err|error cups-lpd[4653230]: Unable to send document - Unauthorized
Feb  4 19:51:02 aubucups lpr:info cups-lpd[4653230]: Closing connection

access_log shows:
localhost - - [04/Feb/2015:19:51:02 +0000] "POST /printers/TEST HTTP/1.1" 200 326 Create-Job successful-ok

The error.log shows:
<snip>
I [04/Feb/2015:19:51:02 +0000] [Job 40] Queued on "TEST" by "BAHAINES".
D [04/Feb/2015:19:51:02 +0000] Returning IPP successful-ok for Create-Job (ipp://localhost/printers/TEST) from localhost
...
d [04/Feb/2015:19:51:02 +0000] cupsdAddSelect(fd=13, read_cb=300011b0, write_cb=0, data=3009dcc8)
D [04/Feb/2015:19:51:02 +0000] cupsdSetBusyState: newbusy="Dirty files", busy="Active clients and dirty files"
d [04/Feb/2015:19:51:02 +0000] select_timeout: JobHistoryUpdate=0
d [04/Feb/2015:19:51:02 +0000] [Client 13] cupsdReadClient error=0, used=0, state=HTTP_WAITING, data_encoding=HTTP_ENCODE_LENGTH, data_remaining=0, request=0(), file=-1
D [04/Feb/2015:19:51:02 +0000] [Client 13] POST /jobs/40 HTTP/1.1
D [04/Feb/2015:19:51:02 +0000] cupsdSetBusyState: newbusy="Active clients and dirty files", busy="Dirty files"
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: uri = "/jobs/40"...
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: Location /jobs Limit 7f
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: Location /admin/conf Limit 7f
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: Location /admin Limit 7f
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: Location / Limit 7f
d [04/Feb/2015:19:51:02 +0000] cupsdFindBest: best = /jobs
d [04/Feb/2015:19:51:02 +0000] [Client 13] con->uri="/jobs/40", con->best=3005f098(/jobs)
d [04/Feb/2015:19:51:02 +0000] [Client 13] Authorization=""
d [04/Feb/2015:19:51:02 +0000] [Client 13] cupsdSendError code=401, auth_type=0
D [04/Feb/2015:19:51:02 +0000] [Client 13] WWW-Authenticate: Basic realm="CUPS", trc="y"
D [04/Feb/2015:19:51:02 +0000] [Client 13] Closing connection.
D [04/Feb/2015:19:51:02 +0000] cupsdSetBusyState: newbusy="Dirty files", busy="Active clients and dirty files"
d [04/Feb/2015:19:51:02 +0000] cupsdRemoveSelect(fd=13)
</snip>

________________________________
This e-mail message is confidential and is intended only for the person(s) named above. If you have received this message in error, please notify the sender immediately and delete/remove it from your computer system. Any reading, distribution, printing or disclosure of this message is strictly prohibited if you are not the intended recipient of this message. Neither this information block, the typed name of the sender, nor anything else in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.

More information about the cups mailing list