On 04/12/13 09:57, Tim Allen wrote:
On 04/12/13 09:38, Tim Allen wrote:
Hi Tim
On 03/12/13 16:39, Tim Waugh wrote:
On Tue, 2013-12-03 at 16:25 +0000, Tim Allen wrote:
Hi All
Playing around with CUPS 1.5.3 on Debian Squeeze. 1.5 has a nice
feature
to hide job details on the web interface via JobPrivateAccess and
JobPrivateValues. With the following in cupsd.conf:
# Restrict access to the server...
<Location />
AuthType Default
Require valid-user
Order allow,deny
Allow @LOCAL
</Location>
individual users must log in to the web interface and only see
their own
job details, but members of SystemGroup can see all job details -
nice!
However, with the
AuthType Default
Require valid-user
lines, I can't print from remote machines without getting into further
authentication complications. I'm guessing I need to use a different
<Location > directive that only applies to the jobs pages of the web
interface - can anyone advise?
I think you really want a policy modification. That specifies the
authentication requirements based on the operation, not the
location/resource.
Look at the <Policy authenticated>...</Policy> section. I think those
defaults might be what you want. You can set the policy on a per-queue
basis.
Thanks, that's pointed me in the right direction. But the remaining
question is, how do I get the <Policy authenticated> to be triggered?
With
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
</Policy>
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues none
</Policy>
I assume I need to require authentication to access Jobs. I've tried a
<Location /admin/log>
AuthType Default
Require valid-user
</Location>
section, but that didn't bring up a user/password request. (Changing
JobPrivateValues to none in the default policy unhides the details,
proving that policy is being run).
Found the solution (I'd missed the /jobs location in the documentation):
<Location /jobs>
AuthType Default
Require valid-user
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
</Policy>
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues none
</Policy>
Thanks, Tim, for pointing me in the right direction.
Cheers
Tim
Thank you for documenting that last step and showing us the complete
solution.
Peter M.
--
Next meeting: Bournemouth, Tuesday, 2013-12-03 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue