LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

May 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS May 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	CUPS access control
From:	"P. Larry Nelson" <[log in to unmask]>
Reply To:	P. Larry Nelson
Date:	Fri, 29 May 2009 14:31:52 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)

I have a CUPS access control question.

This relates to cups-1.3.7-8.el5_3.4 on a SL 5.1 system fully patched.
This also relates to using CUPS as a printer server where all my other
linux boxes use the browsing feature of CUPS to print thru the print
server.

With an older version of CUPS (1.1.17-13.3.58) I'm currently using
on an older RHEL3 system, I can control access to all our printers
by specifying either a network or specific IP address in a CUPS
white list.  This is done via redhat-config-printer, which has,
via a pulldown menu, a "sharing..." option, which then opens a
box that allows one to specify a single host or a network that
is allowed to access individual print queues.  This is very
important for us in order to keep others, on different networks,
from finding and using our printers (yes, I'm talking about
those crafty grad students in other departments.) as well as
allowing (via specific hostname) a user *not* on our network
to print to our printers.

Needing to migrate from RHEL3, I set up a test SL 5.1 box and
was able to duplicate the printer server function of our old
RHEL3 box, *except* that now, with the latest CUPS version,
access control is only by user! - and even that seems to be
broken when going thru system-config-printer.  I'm only able
to add a user via the web interface (http://localhost:631).
That functionality via system-config-printer is grayed out!
And just what does "user" mean?  Where does it look for the
"user" entry one might include?  Passwd file? NIS?
Is the CUPS administrator expected to enter hundreds of user
names?  And what about allowing someone, *not* in our NIS or
passwd file to print to our printers?

Anyway, we need to control access via network and hostname
as in the past.  Is there no way to do that type of access
control anymore?

Thanks!
- Larry
-- 
P. Larry Nelson (217-244-9855) | Systems/Network Administrator
461 Loomis Lab                 | High Energy Physics Group
1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
MailTo:[log in to unmask]        | http://www.roadkill.com/lnelson/
-------------------------------------------------------------------
  "Information without accountability is just noise."  - P.L. Nelson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV