hi, my problem is somewhat similar to the one posted/replied-to in
http://cert.uni-stuttgart.de/archive/debian/testing/2003/06/msg00053.html but i could not find a solution from the previous post. when i log on to the cups-html-administration page by http://127.0.0.1:631/admin the daemon 'cupsd' dies silently (no suspicious log in '/var/log/cups/error_log' or '/var/log/cups/access_log'). sometimes it lets me get as far as logging in as administrator and seeing the first page in my browser. below i copy the parts concerning 'network', 'browsing' and 'security' from my configuration file '/etc/cups/cupsd.conf' (please excuse the somewhat lengthy message): ----------------------------------------------------------------- ######## ######## Network Options ######## # # Ports/addresses that we listen to. The default port 631 is reserved # for the Internet Printing Protocol (IPP) and is what we use here. # # You can have multiple Port/Listen lines to listen to more than one # port or address, or to restrict access: # # Port 80 # Port 631 # Listen hostname # Listen hostname:80 # Listen hostname:631 # Listen 1.2.3.4 # Listen 1.2.3.4:631 # # NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades # for encryption. If you want to support web-based encryption you'll # probably need to listen on port 443 (the "https" port...) # #Port 80 #Port 443 Port 631 # # HostNameLookups: whether or not to do lookups on IP addresses to get a # fully-qualified hostname. This defaults to Off for performance reasons... # #HostNameLookups On # # KeepAlive: whether or not to support the Keep-Alive connection # option. Default is on. # #KeepAlive On # # KeepAliveTimeout: the timeout before Keep-Alive connections are # automatically closed. Default is 60 seconds. # #KeepAliveTimeout 60 # # MaxClients: controls the maximum number of simultaneous clients that # will be handled. Defaults to 100. # #MaxClients 100 # # MaxRequestSize: controls the maximum size of HTTP requests and print files. # Set to 0 to disable this feature (defaults to 0.) # #MaxRequestSize 0 # # Timeout: the timeout before requests time out. Default is 300 seconds. # #Timeout 300 ######## ######## Browsing Options ######## # # Browsing: whether or not to broadcast and/or listen for CUPS printer # information on the network. Enabled by default. # #modified: m.u. 4.7.03 #Browsing Off # # BrowseProtocols: which protocols to use for browsing. Can be # any of the following separated by whitespace and/or commas: # # all - Use all supported protocols. # cups - Use the CUPS browse protocol. # slp - Use the SLPv2 protocol. # # The default is "cups". # # NOTE: If you choose to use SLPv2, it is *strongly* recommended that # you have at least one SLP Directory Agent (DA) on your # network. Otherwise, browse updates can take several seconds, # during which the scheduler will not response to client # requests. # #BrowseProtocols cups # # BrowseAddress: specifies a broadcast address to be used. By # default browsing information is not sent! # # Note: HP-UX does not properly handle broadcast unless you have a # Class A, B, C, or D netmask (i.e. no CIDR support). # # Note: Using the "global" broadcast address (255.255.255.255) will # activate a Linux demand-dial link with the default configuration. # If you have a LAN as well as the dial-up link, use the LAN's # broadcast address. # #BrowseAddress x.y.z.255 #BrowseAddress x.y.255.255 #BrowseAddress x.255.255.255 #BrowseAddress 255.255.255.255 # # BrowseShortNames: whether or not to use "short" names for remote printers # when possible (e.g. "printer" instead of "[EMAIL PROTECTED]".) Enabled by # default. # #BrowseShortNames Yes # # BrowseAllow: specifies an address mask to allow for incoming browser # packets. The default is to allow packets from all addresses. # # BrowseDeny: specifies an address mask to deny for incoming browser # packets. The default is to deny packets from no addresses. # # Both "BrowseAllow" and "BrowseDeny" accept the following notations for # addresses: # # All # None # *.domain.com # .domain.com # host.domain.com # nnn.* # nnn.nnn.* # nnn.nnn.nnn.* # nnn.nnn.nnn.nnn # nnn.nnn.nnn.nnn/mm # nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm # # The hostname/domainname restrictions only work if you have turned hostname # lookups on! # #BrowseAllow address #BrowseDeny address # # BrowseInterval: the time between browsing updates in seconds. Default # is 30 seconds. # # Note that browsing information is sent whenever a printer's state changes # as well, so this represents the maximum time between updates. # # Set this to 0 to disable outgoing broadcasts so your local printers are # not advertised but you can still see printers on other hosts. # #BrowseInterval 30 # # BrowseOrder: specifies the order of BrowseAllow/BrowseDeny comparisons. # #BrowseOrder allow,deny #BrowseOrder deny,allow # # BrowsePoll: poll the named server(s) for printers # #BrowsePoll address:port # # BrowsePort: the port used for UDP broadcasts. By default this is # the IPP port; if you change this you need to do it on all servers. # Only one BrowsePort is recognized. # #BrowsePort 631 # # BrowseRelay: relay browser packets from one address/network to another. # #BrowseRelay source-address destination-address # # BrowseTimeout: the timeout for network printers - if we don't # get an update within this time the printer will be removed # from the printer list. This number definitely should not be # less the BrowseInterval value for obvious reasons. Defaults # to 300 seconds. # #BrowseTimeout 300 # # ImplicitClasses: whether or not to use implicit classes. # # Printer classes can be specified explicitly in the classes.conf # file, implicitly based upon the printers available on the LAN, or # both. # # When ImplicitClasses is On, printers on the LAN with the same name # (e.g. Acme-LaserPrint-1000) will be put into a class with the same # name. This allows you to setup multiple redundant queues on a LAN # without a lot of administrative difficulties. If a user sends a # job to Acme-LaserPrint-1000, the job will go to the first available # queue. # # Enabled by default. # #ImplicitClasses On # # ImplicitAnyClasses: whether or not to create "AnyPrinter" implicit # classes. # # When ImplicitAnyClasses is On and a local queue of the same name # exists, e.g. "printer", "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", then # an implicit class called "Anyprinter" is created instead. # # When ImplicitAnyClasses is Off, implicit classes are not created # when there is a local queue of the same name. # # Disabled by default. # #ImplicitAnyCLasses Off # # HideImplicitMembers: whether or not to show the members of an # implicit class. # # When HideImplicitMembers is On, any remote printers that are # part of an implicit class are hidden from the user, who will # then only see a single queue even though many queues will be # supporting the implicit class. # # Enabled by default. # #HideImplicitMembers On ######## ######## Security Options ######## # # SystemGroup: the group name for "System" (printer administration) # access. The default varies depending on the operating system, but # will be "sys", "system", or "root" (checked for in that order.) # SystemGroup lpadmin # # Access permissions for each directory served by the scheduler. # Locations are relative to DocumentRoot... # # AuthType: the authorization to use: # # None - Perform no authentication # Basic - Perform authentication using the HTTP Basic method. # Digest - Perform authentication using the HTTP Digest method. # # (Note: local certificate authentication can be substituted by # the client for Basic or Digest when connecting to the # localhost interface) # # AuthClass: the authorization class; currently only "Anonymous", "User", # "System" (valid user belonging to group SystemGroup), and "Group" # (valid user belonging to the specified group) are supported. # # AuthGroupName: the group name for "Group" authorization. # # Order: the order of Allow/Deny processing. # # Allow: allows access from the specified hostname, domain, IP address, or # network. # # Deny: denies access from the specified hostname, domain, IP address, or # network. # # Both "Allow" and "Deny" accept the following notations for addresses: # # All # None # *.domain.com # .domain.com # host.domain.com # nnn.* # nnn.nnn.* # nnn.nnn.nnn.* # nnn.nnn.nnn.nnn # nnn.nnn.nnn.nnn/mm # nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm # # The host and domain address require that you enable hostname lookups # with "HostNameLookups On" above. # # Encryption: whether or not to use encryption; this depends on having # the OpenSSL library linked into the CUPS library and scheduler. # # Possible values: # # Always - Always use encryption (SSL) # Never - Never use encryption # Required - Use TLS encryption upgrade # IfRequested - Use encryption if the server requests it # # The default value is "IfRequested". # <Location /> Order Deny,Allow Deny From All Allow From 127.0.0.1 </Location> #<Location /classes> # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # #</Location> #<Location /classes/name> # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # #</Location> #<Location /printers> # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # #</Location> #<Location /printers/name> # # You may wish to limit access to printers and classes, either with Allow # and Deny lines, or by requiring a username and password. # ## Anonymous access (default) #AuthType None ## Require a username and password (Basic authentication) #AuthType Basic #AuthClass User ## Require a username and password (Digest/MD5 authentication) #AuthType Digest #AuthClass User ## Restrict access to local domain #Order Deny,Allow #Deny From All #Allow From .mydomain.com #</Location> <Location /admin> # # You definitely will want to limit access to the administration functions. # The default configuration requires a local connection from a user who # is a member of the system group to do any admin tasks. You can change # the group name using the SystemGroup directive. # AuthType Basic AuthClass System ## Restrict access to local domain Order Deny,Allow Deny From All Allow From 127.0.0.1 #Encryption Required </Location> # # End of "$Id: cupsd.conf.in,v 1.3 2002/02/12 18:47:11 mike Exp $". # ----------------------------------------------------------------- thanks for any hint. markus uhlmann
