The CUPS configuration is in / etc / cups / cupds.conf:
It specifies the group of server administrators:
Code:
# SystemGroup root sys
SystemGroup admin
We allow remote administration:
Code:
# Listen localhost: 631
Port 631
Listen / var / run / cups / cups.sock
It indicates that the Kerberos authentication by default will be:
Code:
DefaultAuthType Negotiate
It indicates that the default policy will kerberos printers (see below):
Code:
DefaultPolicy kerberos
Finally we write the kerberos policy by adapting slightly the predetermined policy authenticated:
Code:
<Policy Kerberos> <Limit Create-Job Print-Job Print-URI> AuthType Default Require valid-user Order deny, allow </ Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-subscriptio \ n Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume Job-CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @ OWNER @ SYSTEM Order deny, allow </ Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify- Class Class CUPS-Delete- CUPS-Set-Default> AuthType Default Require user @ SYSTEM Order deny, allow </ Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer \ Activate Printer-Printer Restart-Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @ SYSTEM Order deny, allow </ Limit> <Limit Cancel-Job CUPS -Authenticate-Job> AuthType Default Require user @ OWNER @ SYSTEM Order deny, allow </ Limit> <Limit all> Order deny, allow </ Limit> </ Policy>
Note: with respect to policy authenticated, it simply adds the Require valid-user operations for Create-Job, Print-Job and Print-URI, which will limit the printing to authenticated users.
Bookmarks