<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#333333">
<font size="+1"><font face="Helvetica, Arial, sans-serif">Ya, the
computers have working DNS and kerberos works fine with other
services like the cups web administration and ssh.<br>
<br>
Also, I did generate the kerberos keys with +ok_as_delegate, so
the clients do have the rights. I will follow up on this with a
bug report on cups.org per your direction, thanks for your help
Michael :)<br>
</font></font><br>
On 12/30/2010 07:25 AM, Michael Sweet wrote:
<blockquote
cite="mid:BE8C30CC-6568-44FA-80E6-96903FD9F925@apple.com"
type="cite">Do both the client and server have stable DNS
hostnames?
<div><br>
</div>
<div>Does the client have delegation rights from the KDC?</div>
<div><br>
<div>
<div>On Dec 30, 2010, at 8:57 AM, Matt Kinni wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div bgcolor="#ffffff" text="#333333"> <font size="+1"><font
face="Helvetica, Arial, sans-serif">Fedora 14.<br>
<br>
cups-1.4.4-11<br>
krb5-libs-1.8.3-9.fc15.x86_64<br>
kernel-2.6.37-0.rc7.git0.2.fc15.x86_64<br>
<br>
I have bleeding edge versions of the kernel and
kerberos<br>
</font></font><br>
On 12/29/2010 08:24 AM, Michael Sweet wrote:
<blockquote
cite="mid:BCB76529-E1C8-436A-8E1F-FF78843DA0D4@apple.com"
type="cite">What version of CUPS?
<div><br>
</div>
<div>What version of Kerberos?</div>
<div><br>
</div>
<div>What operating system/Linux distribution?</div>
<div><br>
<div>
<div>On Dec 27, 2010, at 12:21 AM, Matt Kinni wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div bgcolor="#ffffff" text="#333333"> <font
size="+1"><font face="Helvetica, Arial,
sans-serif">Hello, I'm trying to print to a
printer on a remote cups queue with
kerberos, using my local queue's "browse"
function.<br>
<br>
On the server with the printer attached, I
have the relevant info in the config files:<br>
<br>
--->in /etc/cups/printers.conf:<br>
<br>
<Printer Officejet_6000_E609n><br>
AuthInfoRequired negotiate<br>
<br>
--->in /etc/cups/cupsd.conf:<br>
<br>
<Policy default><br>
<Limit Create-Job Print-Job
Print-URI><br>
AuthType Negotiate<br>
Require user matt<br>
<br>
On my client laptop, if I connect to the
remote queue directly, (eg. by adding
"ServerName remoteserver:631" in the
clients.conf file), the print jobs properly
authenticate with kerberos<br>
<br>
However, if I try to print using my local
cups which discovers the remote printer
automatically using the browse function, the
following occurs:<br>
<br>
1. system-config-printer opens up a basic
authentication dialog asking for a user name
and password (which makes no sense because
it's not using basic auth): <a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://imgur.com/Hd7gO.png">http://imgur.com/Hd7gO.png</a>
<-screenshot<br>
<br>
2. regardless of what information I enter
into the first dialog, a second dialog opens
asking for a password only for auth type
negotiate, which also doesn't make sense: <a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://imgur.com/QnjL6.png">http://imgur.com/QnjL6.png</a>
<-screenshot<br>
<br>
So what has to be done for my local cups to
automatically use my kerberos credentials
when contacting the remote server? I know
if works if I connect to the remote server
directly, but that's extremely inconvenient
to do on a print job by print job basis.<br>
</font></font><br>
<pre class="moz-signature" cols="90">--
Matthew Kinni
Cal Poly State University
2640 Canyon Circle
San Luis Obispo, CA 93410
Cell: 925-817-0934
OpenPGP: 0x2351657A
</pre>
</div>
_______________________________________________<br>
cups mailing list<br>
<a moz-do-not-send="true"
href="mailto:cups@easysw.com">cups@easysw.com</a><br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://lists.easysw.com/mailman/listinfo/cups">http://lists.easysw.com/mailman/listinfo/cups</a><br>
</blockquote>
</div>
<br>
<div> <span class="Apple-style-span"
style="border-collapse: separate; font-family:
Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: 2;
text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;">
<div>________________________________________________________________________<br>
Michael Sweet, Senior Printing System Engineer,
PWG Chair<br>
</div>
</span> </div>
<br>
</div>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cups mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cups@easysw.com">cups@easysw.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.easysw.com/mailman/listinfo/cups">http://lists.easysw.com/mailman/listinfo/cups</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="90">--
Matthew Kinni
Cal Poly State University
2640 Canyon Circle
San Luis Obispo, CA 93410
Cell: 925-817-0934
OpenPGP: 0x2351657A
</pre>
</div>
_______________________________________________<br>
cups mailing list<br>
<a moz-do-not-send="true" href="mailto:cups@easysw.com">cups@easysw.com</a><br>
<a class="moz-txt-link-freetext" href="http://lists.easysw.com/mailman/listinfo/cups">http://lists.easysw.com/mailman/listinfo/cups</a><br>
</blockquote>
</div>
<br>
<div>
<span class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;">
<div>________________________________________________________________________<br>
Michael Sweet, Senior Printing System Engineer, PWG Chair<br>
</div>
</span>
</div>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cups mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cups@easysw.com">cups@easysw.com</a>
<a class="moz-txt-link-freetext" href="http://lists.easysw.com/mailman/listinfo/cups">http://lists.easysw.com/mailman/listinfo/cups</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="90">--
Matthew Kinni
Cal Poly State University
2640 Canyon Circle
San Luis Obispo, CA 93410
Cell: 925-817-0934
OpenPGP: 0x2351657A
</pre>
</body>
</html>