I've been unsuccessfully trying for the last few days to make PGP
Authentication work using LPRng 3.8.22 and PGP 2.6.3 on Debian.
Print jobs sent to my test printer are failing due to a PGP signature
error.
Here's the printcap section for my test printer:
test:
:lp=/dev/lp0
:sd=/var/spool/lpd/test
:af=/var/log/lp-acct
:lf=/var/log/lp-errs
:auth=pgp
:[EMAIL PROTECTED]
:pgp_path=/usr/bin/pgp
:pgp_server_key=/root/.pgp/serverkey
:pgp_passphrasefile=clientkey
My passphrase is in ~/.pgp/clientkey and I have the server public key
and the server has mine.
When I send a print-job it times out, retries a few times and finally dies:
[EMAIL PROTECTED]:~$ date | lpr -P test
Status Information, attempt 1 of 3:
sending job '[EMAIL PROTECTED]' to [EMAIL PROTECTED]
connecting to 'localhost', attempt 1
connected to 'localhost'
Waiting 10 seconds before retry
<snip 2 more tries>
I've traced the problem to a PGP signature error by adding -D5 to the
command line (date-stamps elided for clarity):
[6100] lpr test: Dump_line_list: Make_passthrough - env - 0xbfff9ac0, count 14, max
102 , list 0x80cd5c0
[6100] lpr test: [ 0] 0x80cd9f8 ='HOME=/root'
[6100] lpr test: [ 1] 0x80cdaf8 ='IFS= '
[6100] lpr test: [ 2] 0x80cdde0 ='LANG=C'
[6100] lpr test: [ 3] 0x80cdf08 ='LC_CTYPE=en_US'
[6100] lpr test: [ 4] 0x80cdaa8 ='LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib'
[6100] lpr test: [ 5] 0x80cda08 ='LOGDIR=/root'
[6100] lpr test: [ 6] 0x80cd9e0 ='LOGNAME=root'
[6100] lpr test: [ 7] 0x80cda48 ='PATH=/bin:/usr/bin:/usr/local/bin'
[6100] lpr test: [ 8] 0x80cc080 ='PGPPASSFD=3'
[6100] lpr test: [ 9] 0x80cddf8 ='PRINTCAP_ENTRY=test
[6100] lpr test: [10] 0x80cd9b8 ='PRINTER=test'
[6100] lpr test: [11] 0x80cdae0 ='SHELL=/bin/sh'
[6100] lpr test: [12] 0x80cdb08 ='SPOOL_DIR=/var/spool/lpd/test'
[6100] lpr test: [13] 0x80cd9d0 ='USER=root'
[6100] lpr test: Pgp_encode: pgp pid 6103
[6103] lpr test: Make_passthrough: after fixing fd, count 4
[6103] lpr test: [0]=0
[6103] lpr test: [1]=6
[6103] lpr test: [2]=6
[6103] lpr test: [3]=4
[6103] lpr test: Set_full_group: euid '1000'
[6103] lpr test: after setuid: (1000, 1000)
[6100] lpr test: Pgp_encode: pgp output '^GSignature error'
Earlier on in the log the PGPPASSFD is apparently set:
[6100] lpr test: Pgp_encode: esc_from_id 'steve', esc_to_id '[EMAIL PROTECTED]'
[6100] lpr test: Find_first_key: count 8, key 'passphrasefile', sep ' =#@'
[6100] lpr test: Find_first_key: cmp 10, top 7, mid 3, bot 4
[6100] lpr test: Find_first_key: cmp 0, top 7, mid 5, bot 4
[6100] lpr test: Find_first_key: cmp 0, mid 5, key 'passphrasefile', count 8
[6100] lpr test: Find_str_value: key 'passphrasefile', value 'clientkey'
[6100] lpr test: Checkread: file '/home/steve/.pgp/clientkey'
[6100] lpr test: Checkread: '/home/steve/.pgp/clientkey' fd 4, size 32
[6100] lpr test: Pgp_get_pgppassfd: PGPPASSFD file '/home/steve/.pgp/clientkey', size
3
[6100] lpr test: Add_line_list: 'PGPPASSFD=3', sep ' =#@', sort 1, uniq 1
[6100] lpr test: Find_last_key: count 0, key 'PGPPASSFD'
[6100] lpr test: Find_last_key: key 'PGPPASSFD', cmp -1, mid 0
[6100] lpr test: Dump_line_list: Add_line_list: result - 0xbfff9b60, count 1, max
102, list 0x80ccf20
[6100] lpr test: [ 0] 0x80cbe90 ='PGPPASSFD=3'
[6100] lpr test: Make_passthrough: cmd '$- /usr/bin/pgp +armorlines=0 +verbose=0
+force +batch -sea '/tmp/temp01sd90sE' '[EMAIL PROTECTED]' -u '$%steve' -o
/tmp/temp01sd90sE.pgp', flags '<NULL>'
But it appears the the PGP child process can't read the passphrase (more
than one word) through the PGPPASSFD.
I have also tried this with PGPPASSFILE set in my ~/.bashrc instead of
:pgp_passphrasefile in /etc/printcap. But I receive the same failure messages.
What am I doing wrong?
--
Steve Kostecke <[EMAIL PROTECTED]>
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
