[cups] Authentication for thee but not for me
Rick Cochran
rcc2 at cornell.edu
Sat Mar 19 14:37:53 PDT 2016
I have done a bit of research.
The command PaperCut is using to move print jobs is:
lp -d "%printer%" -h "%server%" -t "%docname%" -U "%username%" -o raw
"%spoolfile%"
but I can change it to whatever I want.
The error messages I am getting when PaperCut attempts to move a print job are:
Unable to encrypt connection from localhost - A record packet with illegal
version was received.
Since I am using "SSLPort 631" instead of "Port 631" in cupsd.conf I think _all_
connections to port 631 will require SSL.
A relevant section of cupsd.conf is:
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs
Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job>
AuthType Basic
Encryption Required
Order deny,allow
</Limit>
If this were an Apache httpd.conf, I could use
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
Encryption Required
Order deny,allow
</If>
However the "If" directive is not found in the list of cupsd.conf directives.
I'm beginning to think we will not be able to make this work, in which case we
will have to switch everything to Windows.
Yuck!
-Rick
On 3/16/16 6:22 PM, Rick Cochran wrote:
> Hi,
>
> The PaperCut "Print Provider" (the part of PaperCut which runs on print servers)
> sometimes needs to execute CUPS commands to move print jobs from one queue to
> another.
>
> We have cupsd.conf configured to require SSL-encrypted IPP Basic Authentication
> for print job submission. I am wondering if it is possible to also allow
> unauthenticated (at least by IPPS) actions by processes running on the CUPS server.
>
> If so, I'm wondering what that would look like in cupsd.conf.
>
> Thanks,
> -Rick
More information about the cups
mailing list