Pair authentication, Allow/Deny, Encryption with Port/SSLPort #1469

Closed
michaelrsweet opened this Issue Mar 9, 2006 · 1 comment

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Mar 9, 2006

Version: -feature
CUPS.org User: relovett

I would like to configure cupsd to use no authentication on port 631 for one network interface and to use authentication and encryption on a second port for all other addresses.

Currently I have to run two cupsd instances; a normal one setup on port 631, and a second instance on another (SSLPort) port where each queue forward jobs onto the non-secure cups instance. This requires a lot of configuration overhead. (twice as many queues)

I suppose this feature is a bit like apache's virtualhosts.

Collaborator

michaelrsweet commented Mar 13, 2006

CUPS.org User: mike

Um, you should be able to use the following in CUPS 1.1.x:

<Location /foo>
Satisfy Any
Order allow,deny
Allow 11.22.33.0/24  # your one network
AuthType Basic
Encryption Required
</Location>

If you connect from the 11.22.33 network, you are allowed without providing a password, but the connection will always be encrypted.

In CUPS 1.2, you can drop the "Encryption Required" bit and let the "DefaultEncryption" setting turn on encryption with authentication.

In short, I think we can do what you want already.

@michaelrsweet michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment