Pair authentication, Allow/Deny, Encryption with Port/SSLPort #1469

Closed
michaelrsweet opened this Issue Mar 9, 2006 · 1 comment

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Mar 9, 2006

Version: -feature
CUPS.org User: relovett

I would like to configure cupsd to use no authentication on port 631 for one network interface and to use authentication and encryption on a second port for all other addresses.

Currently I have to run two cupsd instances; a normal one setup on port 631, and a second instance on another (SSLPort) port where each queue forward jobs onto the non-secure cups instance. This requires a lot of configuration overhead. (twice as many queues)

I suppose this feature is a bit like apache's virtualhosts.

Collaborator

michaelrsweet commented Mar 13, 2006

CUPS.org User: mike

Um, you should be able to use the following in CUPS 1.1.x:

<Location /foo>
Satisfy Any
Order allow,deny
Allow 11.22.33.0/24  # your one network
AuthType Basic
Encryption Required
</Location>

If you connect from the 11.22.33 network, you are allowed without providing a password, but the connection will always be encrypted.

In CUPS 1.2, you can drop the "Encryption Required" bit and let the "DefaultEncryption" setting turn on encryption with authentication.

In short, I think we can do what you want already.

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment