[cups] Forwarding Kerberos TGT to intermediate CUPS for remote Windows printing?
Michael Sweet
msweet at apple.com
Mon Mar 20 05:00:47 PDT 2017
Robert,
> On Mar 19, 2017, at 11:54 PM, Robert Sturrock <rns at unimelb.edu.au> wrote:
> ...
> If this is possible, can anyone provide some hints as to how best to achieve it.
We tried supporting this in past CUPS releases but it was always very fragile, required some questionable security changes on the KDC (to provide a TGT to the CUPS server for arbitrary credentials), and failed as soon as you needed to retry a print request.
Current CUPS only supports Kerberized printing from one host. Going beyond that requires the use of usernames and passwords.
> Failing that, are other architectures possible?
Right now the only solution is username + password.
In theory OAuth could solve the problem, however neither CUPS nor Windows support OAuth for printing. :/
_________________________________________________________
Michael Sweet, Senior Printing System Engineer
More information about the cups
mailing list