Kerberos for printers
mdj_kerberos
mdj_frend at yahoo.com
Thu Apr 22 08:28:56 EDT 2004
Hi Brian Davidson,
Thank you for the reply.
You have told -> The options available vary from printer to printer,
but likely involve IP based authentication.
I wolud like to know more about it. How I can use kerberos for
the IP based authentication in a network environment for printers?
please guide me or send me some links in this regard.
Thank you.
regds
--------------------------------------------------------------------------------
bdavids1 at gmu.edu (Brian Davidson) wrote in message news:<56B29B68-8986-11D8-9B48-000393CCB774 at gmu.edu>...
> Microsoft seems to support Kerberos for printing via IPP. IPP is a
> layer on top of http, so I would think that the main thing to look for
> is kerberos support for http. Microsoft has a proprietary solution for
> http kerberos authentication, and the IETF seems to be close to
> establishing a more generalized http authentication standard solution,
> http-sasl which also would support kerberos. Hopefully once http-sasl
> is established it will become usable for IPP authentication.
>
> In the "short term", you can set up a CUPS server to use basic
> authentication over SSL, and have PAM configured to use "kerberos
> authentication" for CUPS. I put the quotes there because this isn't
> true kerberos authentication. The username and password are being sent
> over the wire, and they are handled by a service, which clearly is not
> kerberos. This will get you single-password though. You can use
> nsswitch to lookup group information in LDAP, which could be used as a
> source of authorization information.
>
> You would still need some mechanism for ensuring that only the CUPS
> server can talk to the printer. The options available vary from
> printer to printer, but likely involve IP based authentication. Some
> printers support IPP directly. I have no idea if/how those support
> authentication.
>
> This is what I'm looking at for our University, but we haven't deployed
> this [yet]. I'm hopeful that CUPS will support http-sasl once it's
> available, and that Microsoft will too.
>
> Brian Davidson
> George Mason University
>
> On Apr 6, 2004, at 7:21 AM, mdj_kerberos wrote:
>
> > Hi ,
> >
> > I would like to lknow how kerberos is suitable for printers.I
> > searched web for the docs.But i couldn't get any detailed informative
> > document. Please let me know abt the links.
> >
> > thank you
> > regds
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list