> From [EMAIL PROTECTED] Thu Mar 7 05:57:27 2002
> Date: Thu, 7 Mar 2002 05:09:26 -0800
> From: Sam Noble <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: LPRng: kerberos5 authentication with LPRng
>
> I'm writing my own stripped-down lpr and I was wondering if there
> is any documentation which details the "conversation" between lpr and
> LPRng's LPD implementation of the kerberos authentication.
>
> In particular, in the howto, I've found
>
> \008printer C user_id authtype size\n - for print jobs (lpr)
>
> I guess that's a start. I'm assuming that following the \n, an
> octet of 0 bits is returned to the client on success... and then the
> client sends back a kerberos5 ticket in some form, perhaps terminated with
> a 0x00 byte.
>
> Is this correct? What happens next? How does the kerberos ticket
> info get "formatted"? (this is my first experience using the krb5_* api).
>
> Now, according to RFC1179, lpr connections are only kept open for
> the duration of a single "major" command. I can only assume that the AUTH
> command is different, and that it is followed by another command.
>
> /* Sam */
I thought there was a pretty complete description of what is happening,
but there is a summary:
Rip the guts out of Kerberos 5.0's example of sclient and sserver.
This gives you the authentication stuff.
Read the Kerberos 5.1.x code and tear your hair out caused they
changed some APIs and cleaned up.
he general exchange is:
Client: send '\008 printer C user kerberos5 xxxx\n'
Server: get this, check and see that kerberos 5 is allowed,
send 0, then call the server side of 'get kerberos
ticket from client'
Client: read 0, and then call 'send kerberos ticket to server'
code. After completion, you have set up a link and can
send stuff across it.
Package up the stuff you want to send in a file, then
tranfer file to server (with count)
Server: get the size of file to receive, check for size, and
then dump incoming file to spool directory.
Open file and extract job. Send status back via kerberos
encriptiong.
Client: read count of status coming back, open file, dump to file,
decrypt, and then report status to user.
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
