[cups] Location /jobs security (Unable to send document - Unauthorized)

Michael Sweet msweet at apple.com
Thu Jan 8 11:00:26 PST 2015 

Brandan,

Try the Limit directive, e.g.:

    <Location /jobs>
    <Limit GET HEAD>
    ...
    </Limit>
    </Location>

That will address casual web usage at least.


> On Jan 8, 2015, at 1:48 PM, Haines, Brandan <BAHaines at cooperstandard.com> wrote:
> 
> I am at my wits end with this, so I am trying the list.
> 
> I have an AIX 7.1 TL3 FP3 server running CUPS 1.6.4
> 
> I've been working with it for about a week and I've been successful in getting it to serve up documents that I am sending from another system via LPD when there is no security.
> 
> But, the second I add in the following to cupsd.conf:
> 
> <Location /jobs>
>  AuthType Basic
>  Encryption Required
>  Require group root sys lp
>  Require user lpadmin
>  Order Deny,Allow
>  Deny From All
>  Allow From 127.0.0.1
>  Allow From xxx
>  Allow From yyy
>  Allow From zzz
> </Location>
> 
> I am no longer able to create jobs.  In fact, pretty much as soon as I add "AuthType Basic" things stop working. I am using inetd and the cups-lpd and can confirm that all of that works just fine.
> 
> The message I see in the debug of inetd is:
> Jan  8 18:24:33 server lpr:err|error cups-lpd[25755706]: Unable to send document - Unauthorized
> 
> I am trying to secure the https://server/jobs web address while simultaneously not prohibiting things from creating and sending jobs.  The wacky thing is that if I take out the whole stanza, everything works just fine.  Put it in and error.
> 
> Any ideas?
> 
> ________________________________
> This e-mail message is confidential and is intended only for the person(s) named above. If you have received this message in error, please notify the sender immediately and delete/remove it from your computer system. Any reading, distribution, printing or disclosure of this message is strictly prohibited if you are not the intended recipient of this message. Neither this information block, the typed name of the sender, nor anything else in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://www.cups.org/mailman/listinfo/cups

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

More information about the cups mailing list