Neat trick. It seems that AUTHTYPE=kerberos5 does not work but
AUTHTYPE=kerberos *does*.
This brings me to my next question, is there a reason that by
default, lpr will try to lookup a principle for lpr/host (or
lpr.host) rather than lpr/host.domain? I've been using precompiled RPMs,
but if the solution is just something along the lines of "recompile
without kerberos4 support" then that seems pretty reasonable. Of course,
adding kerberos_id lines to my printcap seems reasonable enough as
well.
/* Sam */
On Mon, Mar 11, 2002 at 08:21:32PM -0800, Patrick Powell wrote:
> > From [EMAIL PROTECTED] Mon Mar 11 03:50:06 2002
> > Date: Mon, 11 Mar 2002 03:10:04 -0800
> > From: Sam Noble <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: LPRng: AUTHTYPE=kerberos5
> >
> > I suspect that I just don't understand lpd.perms well enough, but
> > I'm frustrated enough to ask the following simple question:
> >
> > When I change:
> >
> > REJECT SERVICE=R REMOTEHOST=a_host NOT AUTHTYPE=kerberos5
> >
> > to
> >
> > REJECT SERVICE=R REMOTEHOST=a_host NOT AUTH
> >
> >
> > I can print properly when the user on a_host has a kerberos 5
> > ticket. When I go back to the first check, I can not print -- in fact,
> > lpq's status line says "error ... ERROR: no permission to print"
> >
> > While I suppose that this could just be a kerberos issue, I have observed
> > that neither of the above lines will allow me to print from a_host if I
> > first perform a "kdestroy" (which erases all my kerberos data).
> >
> > In practice, it may not really matter that much, but being the
> > conscientious individual that I am, I'd like to try to nail this down.
> >
> > /* Sam */
>
> You can find out the reasons by doing:
>
> lp:
> :db=lpr+2,database+4
> :...
>
> This turns on tracing for the database/permissions checks.
>
> now do 'lpr' and then look in the log file.
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
