Re: LPRng: Kerberos ID vs. user name

Wed, 12 Jun 2002 17:47:43 -0700 

And we have YALO (Yet another LRPng Option):

  user_is_authuser:
       if( header_info && User_is_authuser_DYN
               && (s = Find_str_value(header_info,AUTHUSER,Value_sep)) ){
               Set_str_value(&job->info,LOGNAME,s);
               DEBUG1("Check_for_missing_files: authuser '%s'", s );
       }

  printcap:

  lp:auth=kerberos5:user_is_authuser:...

> From [EMAIL PROTECTED] Wed Jun 12 14:40:28 2002
> Date: Wed, 12 Jun 2002 16:24:41 -0400
> From: Rick Cochran <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: LPRng: Kerberos ID vs. user name
>
> The patch (to 3.8.12) below produces the behavior I am looking for. 
> Perhaps there's a better way to do it.
> -Rick
>
> *** lpd_rcvjob.c.orig   Mon May  6 12:03:44 2002
> --- lpd_rcvjob.c        Wed Jun 12 15:09:47 2002
> ***************
> *** 956,961 ****
> --- 956,968 ----
>         }
>         DEBUG1("Check_for_missing_files: hold file fd '%d'", holdfile_fd
> );
>   
> +       if( header_info ){
> +               char *authuser;
> +               authuser =
> Find_str_value(header_info,AUTHUSER,Value_sep);
> +               Set_str_value(&job->info,LOGNAME,authuser);
> +               DEBUG1("Check_for_missing_files: authuser '%s'",
> authuser );
> +       }
> + 
>         if( Create_control( job, error, errlen,
> Xlate_incoming_format_DYN ) ){
>                 DEBUG1("Check_for_missing_files: Create_control error
> '%s'", error );
>                 status = 1;
>
> Rick Cochran wrote:
> > When using kerberos authentication, it seems logical to me that the
> > authenticated kerberos principal, rather than the user name, would be
> > the only identifier of interest.  However, I can find no method, either
> > in the documentation or in the mailing list archives, for accessing the
> > authenticated kerberos principal.
> > 
> > There is one mention of the problem in the documentation:
> > 
> > -----
> > 17.9. Identifiers
> > 
> > When a user logs into a system, they are assigned a user name and a
> > corresponding UserID. This user name is used by the LPRng software when
> > transferring jobs to identify the user.
> > 
> > When we look into the problem of authentication, we will possibly have a
> > more global user identification to deal with, the authentication
> > identifier (AuthID). One way to deal with this problem is to give LPRng
> > intimate knowledge of the UserID and AuthID relationship. While this is
> > possible it is difficult to deal with in a simple and extensible manner.
> > An alternate solution is to provide a mapping service, where the
> > authentication procedure provides a map between the UserID and AuthID.
> > -----
> > 
> > However, I can find no implementation of any "mapping service" in the
> > kerberos support.
> > 
> > I would be very happy if there were an option to _replace_ the user name
> > with the kerberos ID.
>
> -- 
> |Rick Cochran                                   phone: 607-255-7618|
> |Cornell CIT - Systems & Operations - Net-Print   FAX: 607-255-8521|
> |730 Rhodes Hall, Ithaca, N.Y. 14853        email: [EMAIL PROTECTED]|
>
> -----------------------------------------------------------------------------
> YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
> The address you post from MUST be your subscription address
>
> If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
> or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
> to subscribe to a list with name LIST,  send mail to [EMAIL PROTECTED]
> with:                           | example:
> subscribe LIST <mailaddr>       |  subscribe lprng-digest [EMAIL PROTECTED]
> unsubscribe LIST <mailaddr>     |  unsubscribe lprng [EMAIL PROTECTED]
>
> If you have major problems,  send email to [EMAIL PROTECTED] with the word
> LPRNGLIST in the SUBJECT line.
> -----------------------------------------------------------------------------
>
Patrick Powell                 Astart Technologies,
[EMAIL PROTECTED]            9475 Chesapeake Drive, Suite D,
Network and System             San Diego, CA 92123
  Consulting                   858-874-6543 FAX 858-279-8424 
LPRng - Print Spooler (http://www.lprng.com)

-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address

If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
to subscribe to a list with name LIST,  send mail to [EMAIL PROTECTED]
with:                           | example:
subscribe LIST <mailaddr>       |  subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr>     |  unsubscribe lprng [EMAIL PROTECTED]

If you have major problems,  send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------

Reply via email to