__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<html>
<!-- SECTION: Getting Started -->
<head>
<title>Using Kerberos Authentication</title>
<link rel="stylesheet" type="text/css" href="../cups-printable.css">
</head>
<body>
<h1 class="title">Using Kerberos Authentication</h1>
<p>CUPS allows you to use a Key Distribution Center (KDC) for authentication on your local CUPS server and when printing to a remote authenticated queue. This document describes how to configure CUPS to use Kerberos authentication and provides links to the MIT help pages for configuring Kerberos on your systems and network.</p>
<blockquote><b>Note:</b> Kerberos authentication is deprecated starting in CUPS 2.4.0. OAuth 2.0 is the recommended SSO replacement.</blockquote>
<h2 class="title" id="REQUIREMENTS">System Requirements</h2>
<p>The following are required to use Kerberos with CUPS:</p>
<ol>
<li>Heimdal Kerberos (any version) or MIT Kerberos (1.6.3 or newer)</li>
<li>Properly configured Domain Name System (DNS) infrastructure (for your servers):
<ol type="a">
<li>DNS server(s) with static IP addresses for all CUPS servers or configured to allow DHCP updates to the host addresses and</li>
<li>All CUPS clients and servers configured to use the same DNS server(s).</li>
</ol>
</li>
<li>Properly configured Kerberos infrastructure:
<ol type='a'>
<li>KDC configured to allow CUPS servers to obtain Service Granting Tickets (SGTs) for the "host" and "HTTP" services/principals,</li>
<li>LDAP-based user accounts - both OpenDirectory and ActiveDirectory provide this with the KDC, and</li>
<li>CUPS clients and servers bound to the same KDC and LDAP server(s).</li>
</ol>
</li>
</ol>
<h2 class="title" id="KRB5">Configuring Kerberos on Your System</h2>
<p>Before you can use Kerberos with CUPS, you will need to configure Kerberos on your system and setup a system as a KDC. Because this configuration is highly system and site-specific, please consult the following on-line resources provided by the creators of Kerberos at the Massachusetts Institute of Technology (MIT):</p>
<ul>
<li><a href="http://web.mit.edu/kerberos/" target="_blank">Kerberos: The Network Authentication Protocol</a></li>
<li><a href="http://web.mit.edu/macdev/KfM/Common/Documentation/faq-osx.html" target="_blank">Kerberos on macOS Frequently Asked Questions</a></li>
</ul>
<p>The Linux Documentation Project also has a HOWTO on Kerberos:</p>
<ul>
<li><a href="http://tldp.org/HOWTO/html_single/Kerberos-Infrastructure-HOWTO/" target="_blank">Kerberos Infrastructure HOWTO</a></li>
</ul>
<h2 class="title" id="CUPS">Configuring CUPS to Use Kerberos</h2>
<p>Once you have configured Kerberos on your system(s), you can then enable Kerberos authentication by selecting the <tt>Negotiate</tt> authentication type. The simplest way to do this is using the <tt>cupsctl(8)</tt> command on your server(s):</p>
<pre class="command"><kbd>cupsctl DefaultAuthType=Negotiate</kbd></pre>
<p>You can also enable Kerberos from the web interface by checking the <VAR>Use Kerberos Authentication</VAR> box and clicking <VAR>Change Settings</VAR>:</p>
<pre class="command">https://server.example.com:631/admin</pre>
<p>After you have enabled Kerberos authentication, use the built-in "authenticated" policy or your own custom policies with the printers you will be sharing. See <a href="policies.html">Managing Operation Policies</a> for more information.</p>
<h2 class="title" id="IMPLEMENT">Implementation Information</h2>
<p>CUPS implements Kerberos over HTTP using GSSAPI and the service/principal names "host/server.example.com" for command-line access and "HTTP/server.example.com" for web-based access, where "server.example.com" is replaced by your CUPS server's hostname. Because of limitations in the HTTP GSSAPI protocol extension, only a single domain/KDC is supported for authentication. The (experimental) HTTP extension is described in <a href="http://tools.ietf.org/html/rfc4559">RFC 4559</a>.</p>
<p>When doing printing tasks that require authentication, CUPS requests single-use "tickets" from your login session to authenticate who you are. These tickets give CUPS a username of the form "user@REALM", which is then truncated to just "user" for purposes of user and group checks.</p>
<p>In order to support printing to a shared printer, CUPS runs the IPP or SMB backend as the owner of the print job so it can obtain the necessary credentials when the job is de-spooled to the server.</p>
</body>
</html>
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| accounting.html | File | 2.63 KB | 0644 |
|
| admin.html | File | 11.66 KB | 0644 |
|
| api-admin.html | File | 16.9 KB | 0644 |
|
| api-filter.html | File | 57.25 KB | 0644 |
|
| api-ppd.html | File | 84.68 KB | 0644 |
|
| cgi.html | File | 2.12 KB | 0644 |
|
| cupspm.html | File | 434.33 KB | 0644 |
|
| encryption.html | File | 4.21 KB | 0644 |
|
| firewalls.html | File | 3.94 KB | 0644 |
|
| glossary.html | File | 2.66 KB | 0644 |
|
| kerberos.html | File | 4.58 KB | 0644 |
|
| license.html | File | 11.78 KB | 0644 |
|
| man-backend.html | File | 9.71 KB | 0644 |
|
| man-cancel.html | File | 2.83 KB | 0644 |
|
| man-classes.conf.html | File | 1.5 KB | 0644 |
|
| man-client.conf.html | File | 7.04 KB | 0644 |
|
| man-cups-config.html | File | 3.52 KB | 0644 |
|
| man-cups-files.conf.html | File | 13.7 KB | 0644 |
|
| man-cups-lpd.html | File | 4.66 KB | 0644 |
|
| man-cups-snmp.html | File | 2.96 KB | 0644 |
|
| man-cups.html | File | 8.2 KB | 0644 |
|
| man-cupsaccept.html | File | 2.71 KB | 0644 |
|
| man-cupsd-helper.html | File | 3.05 KB | 0644 |
|
| man-cupsd-logs.html | File | 9.93 KB | 0644 |
|
| man-cupsd.conf.html | File | 39.76 KB | 0644 |
|
| man-cupsd.html | File | 3.76 KB | 0644 |
|
| man-cupsenable.html | File | 3.2 KB | 0644 |
|
| man-cupstestppd.html | File | 4.94 KB | 0644 |
|
| man-filter.html | File | 11.7 KB | 0644 |
|
| man-ippevepcl.html | File | 1.94 KB | 0644 |
|
| man-ippeveprinter.html | File | 10.03 KB | 0644 |
|
| man-ippfind.html | File | 9.77 KB | 0644 |
|
| man-ipptool.html | File | 7.67 KB | 0644 |
|
| man-ipptoolfile.html | File | 30.11 KB | 0644 |
|
| man-lp.html | File | 7.82 KB | 0644 |
|
| man-lpadmin.html | File | 10.65 KB | 0644 |
|
| man-lpc.html | File | 2.52 KB | 0644 |
|
| man-lpinfo.html | File | 3.8 KB | 0644 |
|
| man-lpmove.html | File | 2.12 KB | 0644 |
|
| man-lpoptions.html | File | 4.36 KB | 0644 |
|
| man-lpq.html | File | 2.24 KB | 0644 |
|
| man-lpr.html | File | 6.43 KB | 0644 |
|
| man-lprm.html | File | 2.35 KB | 0644 |
|
| man-lpstat.html | File | 4.83 KB | 0644 |
|
| man-mime.convs.html | File | 2.89 KB | 0644 |
|
| man-mime.types.html | File | 5.84 KB | 0644 |
|
| man-notifier.html | File | 1.49 KB | 0644 |
|
| man-ppdc.html | File | 3.78 KB | 0644 |
|
| man-ppdhtml.html | File | 2.11 KB | 0644 |
|
| man-ppdi.html | File | 2.27 KB | 0644 |
|
| man-ppdmerge.html | File | 2.03 KB | 0644 |
|
| man-ppdpo.html | File | 2.33 KB | 0644 |
|
| man-printers.conf.html | File | 1.58 KB | 0644 |
|
| man-subscriptions.conf.html | File | 1.61 KB | 0644 |
|
| network.html | File | 18.56 KB | 0644 |
|
| options.html | File | 16.42 KB | 0644 |
|
| overview.html | File | 3.4 KB | 0644 |
|
| policies.html | File | 21.25 KB | 0644 |
|
| postscript-driver.html | File | 20.54 KB | 0644 |
|
| ppd-compiler.html | File | 42.33 KB | 0644 |
|
| raster-driver.html | File | 17.61 KB | 0644 |
|
| ref-ppdcfile.html | File | 69.29 KB | 0644 |
|
| security.html | File | 4.44 KB | 0644 |
|
| sharing.html | File | 4.47 KB | 0644 |
|
| spec-banner.html | File | 4.08 KB | 0644 |
|
| spec-command.html | File | 6.12 KB | 0644 |
|
| spec-design.html | File | 11.61 KB | 0644 |
|
| spec-ipp.html | File | 65.45 KB | 0644 |
|
| spec-ppd.html | File | 86.95 KB | 0644 |
|
| spec-raster.html | File | 23.34 KB | 0644 |
|
| spec-stp.html | File | 3.79 KB | 0644 |
|
| translation.html | File | 24.32 KB | 0644 |
|