Kerberos support for smbspool

Rodrigo Fernandez-Vizarra Rodrigo.Fernandez-Vizarra at Sun.COM
Mon Apr 4 10:01:01 GMT 2005

Hi all,

I'm working in a project in which I need to have a kerberized smb 
backend. As the actual one does not support kerberos (Bug #1780) I'm 
going to work to fixing it.

My plan is to contribute the patch back to samba to be included in the 
main tree so I would like to get some input from you on the best way to 
do implement the kerberos support in smbspool.

Here is a high level proposal

Given that every backend is executed by cups using this parameters

<cupsbackend> job-id user title copies options [file]

and that the backends are run as the root user [1], we can read the 
users kerberos cache and retrieve their credentials to be used to 
authenticate to the print server.

So the proposed credentials use is the following.

1.- If the $DEVICE_URI contains user credentials, they will be used to 
deliver the print job ( nothing new here)
2.- Else if the kerberos cache for the user contains valid credentials 
for the REALM they will be used to deliver the print job
3.- Else the backend will try to deliver the job without credentials 
(anonymous?) and will probably fail. (nothing new here)

So what should be added is the code to get the user credentials and the 
code to use those credentials to establish the connection with the print 

Comments, corrections and suggestions are welcomed.



More information about the samba-technical mailing list