ServerName server.name.goes.here
ServerAlias *
Krb5Keytab /n/cups/conf/cups.keytab
GSSServiceName ipp
# Log general information in error_log - change to "info" or "debug" for
# troubleshooting...
LogLevel info
# Administrator user group...
SystemGroup cupsadmin
# Listen
Listen 0.0.0.0:631
#MaxClients 256
ServerCertificate /n/cups/conf/ssl/cups.crt
ServerKey /n/cups/conf/ssl/cups.key
# Send browse packets (printer descriptions) to:
BrowseAddress M.N.O.P # Staff Linux desktops and servers
#BrowseAddress Q.R.S.T # Staff Windows desktops
Browsing On
# Don't accept browse packets from other CUPS servers:
BrowseOrder allow,deny
BrowseAllow from none
BrowseDeny from all
# Default authentication type, when authentication is required...
DefaultAuthType Negotiate
# Restrict access to the server...
# Note that we need to 'Allow from localhost' for Windows LPR printing
Order allow,deny
Allow from localhost
Require user @SYSTEM @staff
Encryption Required
AuthType Default # required to force authentication
Satisfy any
# Restrict access to the admin pages...
Order allow,deny
Require user @SYSTEM
Encryption Required
AuthType Default # required to force authentication
Satisfy any
# Restrict access to configuration files...
Order allow,deny
Require user @SYSTEM
Encryption Required
AuthType Default # required to force authentication
Satisfy any
# Set the default printer/job policies...
# Job-related operations must be done by the owner or an adminstrator...
# Note that we need to 'Allow from localhost' for Windows LPR printing
Order allow,deny
AuthType Default # required to force authentication
Require user @OWNER @SYSTEM
Allow from localhost
Satisfy any
# All administration operations require an adminstrator to authenticate...
# None of these operations requires 'Allow from localhost' for Windows LPR printing
Order allow,deny
AuthType Default # required to force authentication
Require user @SYSTEM
# Actions for all...
# Note that we need to 'Allow from localhost' for Windows LPR printing
Order allow,deny
AuthType Default # required to force authentication
Require user @SYSTEM @staff
Allow from localhost
Satisfy any
# Reject everything else ...
Order allow,deny