Re: [Dorset] CUPS authentication question

Wed, 04 Dec 2013 04:28:56 -0800 

On 04/12/13 09:57, Tim Allen wrote:

On 04/12/13 09:38, Tim Allen wrote:

Hi Tim

On 03/12/13 16:39, Tim Waugh wrote:

On Tue, 2013-12-03 at 16:25 +0000, Tim Allen wrote:

Hi All
Playing around with CUPS 1.5.3 on Debian Squeeze. 1.5 has a nice feature 
to hide job details on the web interface via JobPrivateAccess and
JobPrivateValues. With the following in cupsd.conf:

# Restrict access to the server...
<Location />
    AuthType Default
    Require valid-user
    Order allow,deny
    Allow @LOCAL
</Location>
individual users must log in to the web interface and only see their own job details, but members of SystemGroup can see all job details - nice! 
However, with the

AuthType Default
Require valid-user

lines, I can't print from remote machines without getting into further
authentication complications. I'm guessing I need to use a different
<Location > directive that only applies to the jobs pages of the web
interface - can anyone advise?


I think you really want a policy modification. That specifies the
authentication requirements based on the operation, not the
location/resource.

Look at the <Policy authenticated>...</Policy> section. I think those
defaults might be what you want. You can set the policy on a per-queue
basis.


Thanks, that's pointed me in the right direction. But the remaining
question is, how do I get the <Policy authenticated> to be triggered? With 

<Policy default>
   # Job/subscription privacy...
   JobPrivateAccess default
   JobPrivateValues default
</Policy>

<Policy authenticated>
   # Job/subscription privacy...
   JobPrivateAccess default
   JobPrivateValues none
</Policy>

I assume I need to require authentication to access Jobs. I've tried a

<Location /admin/log>
   AuthType Default
   Require valid-user
</Location>

section, but that didn't bring up a user/password request. (Changing
JobPrivateValues to none in the default policy unhides the details,
proving that policy is being run).




Found the solution (I'd missed the /jobs location in the documentation):

<Location /jobs>
  AuthType Default
  Require valid-user
  Order allow,deny
  Allow @LOCAL
</Location>

<Policy default>
    # Job/subscription privacy...
    JobPrivateAccess default
    JobPrivateValues default
</Policy>

<Policy authenticated>
    # Job/subscription privacy...
    JobPrivateAccess default
    JobPrivateValues none
</Policy>


Thanks, Tim, for pointing me in the right direction.

Cheers

Tim
Thank you for documenting that last step and showing us the complete solution. 

Peter M.

--
Next meeting:  Bournemouth, Tuesday, 2013-12-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread on mailing list:  mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively:  http://goo.gl/4Xue

Reply via email to