[cups] Authenticated and unauthenticated queues
Rick Cochran
rcc2 at cornell.edu
Tue Jul 21 16:03:35 PDT 2015
Hi,
I need to have both authenticated and unauthenticated queues. The attached
cupsd.conf _almost_ works. The problem is in the following stanza:
<Location /printers>
AuthType Basic
Encryption Required
Order deny,allow
Allow localhost
# Require user @SYSTEM
</Location>
If I set the AuthType to "Basic" as above, the authenticated queues work and the
unauthenticated queues do not work.
If I set the AuthType to "None", the unauthenticated queues work and the
authenticated queues do not work.
By "work", I mean prompt for ID/password (or not) and actually print.
By "do not work", I mean the server just sits there and does not fully accept
the print job.
I use "-op-policy=noauth" when creating the unauthenticated queues.
Any help would be appreciated.
Thanks,
-Rick
-------------- next part --------------
# Config file for Net-Print CUPS
# 2015-06-15 rcc2
# NOTES:
# "Port 631" must be commented out to prevent non-SSL connections
# From the OS X man page "cupsd.conf (5)" (The Linux man pages suck):
# Require user {user-name|@group-name} ...
# Specifies that an authenticated user must match one of the
# named users or be a member of one of the named groups. The
# group name "@SYSTEM" corresponds to the list of groups
# defined by the SystemGroup directive in the cups-
# files.conf(5) file. The group name "@OWNER" corresponds to
# the owner of the resource, for example the person that sub-
# mitted a print job.
# When the "no_user_check" option is used in PAM, "@SYSTEM" is seems to be
# true for all authenticated users.
ServerName cupsserver.cornell.edu
# Fix 'using invalid Host: field "cupsserver.cornell.edu:631"' errors
ServerAlias *
MaxLogSize 2000000000
LogLevel info
#LogLevel debug
SystemGroup sys root
# Allow remote access
#Port 631
Listen /var/run/cups/cups.sock
SSLPort 631
ServerCertificate /etc/cups/ssl/cupsserver_cornell_edu_interm_and_cert.cer
ServerKey /etc/cups/ssl/cupsserver_cit_cornell_edu.key
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
# (Change '@LOCAL' to 'ALL' if using directed broadcasts from another subnet.)
BrowseAllow @LOCAL
BrowseAddress @LOCAL
DefaultAuthType Basic
DefaultPolicy default
<Location />
# Allow shared printing...
Order allow,deny
Allow all
</Location>
# Restrict access to the admin pages...
<Location /admin>
AuthType Basic
Encryption Required
Order deny,allow
Allow localhost
# Require user @SYSTEM
Require user user1 user2 user3
</Location>
# Restrict access to the configuration files...
<Location /admin/conf>
AuthType Basic
Encryption Required
Order deny,allow
Allow localhost
# Require user @SYSTEM
Require user user1 user2 user3
</Location>
<Location /printers>
AuthType Basic
Encryption Required
Order deny,allow
Allow localhost
# Require user @SYSTEM
</Location>
# Access to the print queues must be allowed
# See http://www.cups.org/documentation.php/policies.html
# Policy which allows:
# submit a print job: Basic authentication
# modify queues and printers: user1 user2 user3
# manipulate print queues: user1 user2 user3
# cancel or authenticate job: owner of print job
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
AuthType Basic
Encryption Required
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Basic
Encryption Required
# Require user user1 user2 user3
Require user user1 user2
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Basic
Encryption Required
# Require user user1 user2 user3
Require user user1 user2
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Basic
Encryption Required
Require user @OWNER
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Policy which allows:
# submit a print job: unauthenticated
# modify queues and printers: user1 user2 user3
# manipulate print queues: user1 user2 user3
# cancel or authenticate job: owner of print job
<Policy noauth>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
AuthType none
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Basic
Encryption Required
# Require user user1 user2 user3
Require user user1 user2
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Basic
Encryption Required
# Require user user1 user2 user3
Require user user1 user2
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Basic
Encryption Required
Require user @OWNER
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
More information about the cups
mailing list