Fix released in Debian?

Reading the bug report (
bin/bugreport.cgi?bug=711341) they just closed it with a wontfix.

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.

  CUPS cannot print to Kerberos-authenticated SMB print queue

Status in cups package in Ubuntu:
Status in Debian:
  Fix Released

Bug description:
  Binary package hint: cups

  That was investigated on maverick (cups 1.4.4) and natty (cups 1.4.6).

  CUPS in Ubuntu cannot authenticate using Kerberos to an SMB print
  queue, such as one in an Active Directory.  This is because the smb
  backend is being invoked as user lp, and this user cannot access the
  Kerberos credential cache of the user who submitted the job.  When
  trying to print, the job is held for authentication, and a dialog
  prompting for username/password is being shown.  On Windows (and
  possibly other OS), the user would not be prompted if he has a ticket
  in the Kerberos realm (ie, "logged on to the domain") he is trying to
  print to.

  The CUPS smb backend on Ubuntu is the smbspool binary provided by
  Samba.  When run as a user, it will pick the Kerberos credential cache
  by itself and authenticate seamlessly.  Otherwise, it will read the
  KRB5CCNAME environment variable and try to use that when possible.

  There is two possible solutions to that:

  - Invoke the smb backend as root and pass it the KRB5CCNAME
  environment variable pointing to the user's Kerberos credential cache.
  CUPS execute the backend as user lp if it is world-executable, which
  is currently the case on Ubuntu.  User lp do not have the permission
  to read  the user's credential cache, hence why the smb backend would
  need to be executed as root (by removing the world-executable bit).
  Also, CUPS does not currently set KRB5CCNAME before invoking the smb
  backend (see

  - Execute smbspool as the user submitting the job.

  I presume we would have the same problem with other backend that would do 
Kerberos authentication, although I do not know of a specific one.  I have only 
tested and investigated with the smb backend.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to