Kerberos for printers

mdj_kerberos mdj_frend at yahoo.com
Thu Apr 22 08:28:56 EDT 2004


Hi Brian Davidson,
    
       Thank you for the reply.
You have told -> The options available vary from printer to printer,
but likely involve IP based authentication.
     
        I wolud like to know more about it. How I can use kerberos for
the IP based authentication in a network environment for printers?

 please guide me or send me some links in this regard.

Thank you.
regds

--------------------------------------------------------------------------------


bdavids1 at gmu.edu (Brian Davidson) wrote in message news:<56B29B68-8986-11D8-9B48-000393CCB774 at gmu.edu>...
> Microsoft seems to support Kerberos for printing via IPP.  IPP is a 
> layer on top of http, so I would think that the main thing to look for 
> is kerberos support for http.  Microsoft has a proprietary solution for 
> http kerberos authentication, and the IETF seems to be close to 
> establishing a more generalized http authentication standard solution, 
> http-sasl which also would support kerberos.  Hopefully once http-sasl 
> is established it will become usable for IPP authentication.
> 
> In the "short term", you can set up a CUPS server to use basic 
> authentication over SSL, and have PAM configured to use "kerberos 
> authentication" for CUPS.  I put the quotes there because this isn't 
> true kerberos authentication.  The username and password are being sent 
> over the wire, and they are handled by a service, which clearly is not 
> kerberos.  This will get you single-password though.  You can use 
> nsswitch to lookup group information in LDAP, which could be used as a 
> source of authorization information.
> 
> You would still need some mechanism for ensuring that only the CUPS 
> server can talk to the printer.  The options available vary from 
> printer to printer, but likely involve IP based authentication.  Some 
> printers support IPP directly.  I have no idea if/how those support 
> authentication.
> 
> This is what I'm looking at for our University, but we haven't deployed 
> this [yet].  I'm hopeful that CUPS will support http-sasl once it's 
> available, and that Microsoft will too.
> 
> Brian Davidson
> George Mason University
> 
> On Apr 6, 2004, at 7:21 AM, mdj_kerberos wrote:
> 
> > Hi ,
> >
> >  I would like to lknow how kerberos is suitable for printers.I
> > searched web for the docs.But i couldn't get any detailed informative
> > document. Please let me know abt the links.
> >
> > thank you
> > regds
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list