Hi all, Can anyone suggest the best way to debug permissions problems? I am testing LPRng 3.8.6 with kerberos 5 and can't seem to get it to behave at all with regard to permissions.
Basically what I'd really like to see is what the various AUTH* values are set to when the server processes the job, so I can determine why requests are being rejected. I have tried debugging with /usr/sbin/lpd -F -D10 > /tmp/lpd.out 2>&1 but this doesn't really offer anything useful, at least to my eyes. Searching through the archives of this list, I can't find a lot of information relating to kerberos use, which makes me wonder whether many people are using LPRng with kerberos. I have set up the server printcap with these options for the queue: :[EMAIL PROTECTED] :kerberos_keytab=/etc/lpd.keytab .. and the client side with: :auth=kerberos5 :[EMAIL PROTECTED] This certainly seems to work OK, as if I do an lpq from the client machine, I successfully obtain a [EMAIL PROTECTED] ticket. I can happily set permissions for USER, etc. values on the server side and everything works as I would expect, but as soon as I try to use any of the AUTH* values, I run into problems. For instance, with a perms file of simply: DEFAULT ACCEPT REJECT NOT AUTH ... which I would think would reject any non-authenticated operations, lpq reports "ERROR: no permission to print" after using lpr to send a job. Why does lpq succeed though? Additionally, why does lprm also succeed? I have tried setting more complex values, e.g. ACCEPT AUTH SERVICE=XCMRP [EMAIL PROTECTED] .. with a similar complete lack of success. I'd be very grateful if anyone with experience of getting LPRng to play nicely with kerberos authentication could offer me some pointers. Or as I've mentioned, a better way of debugging the permissions process. Many thanks in advance Toby Blake Division of Informatics University of Edinburgh ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
