Kerberos support for smbspool
Rodrigo Fernandez-Vizarra
Rodrigo.Fernandez-Vizarra at Sun.COM
Mon Apr 4 10:01:01 GMT 2005
Hi all,
I'm working in a project in which I need to have a kerberized smb
backend. As the actual one does not support kerberos (Bug #1780) I'm
going to work to fixing it.
My plan is to contribute the patch back to samba to be included in the
main tree so I would like to get some input from you on the best way to
do implement the kerberos support in smbspool.
Here is a high level proposal
Given that every backend is executed by cups using this parameters
<cupsbackend> job-id user title copies options [file]
and that the backends are run as the root user [1], we can read the
users kerberos cache and retrieve their credentials to be used to
authenticate to the print server.
So the proposed credentials use is the following.
1.- If the $DEVICE_URI contains user credentials, they will be used to
deliver the print job ( nothing new here)
2.- Else if the kerberos cache for the user contains valid credentials
for the REALM they will be used to deliver the print job
3.- Else the backend will try to deliver the job without credentials
(anonymous?) and will probably fail. (nothing new here)
So what should be added is the code to get the user credentials and the
code to use those credentials to establish the connection with the print
server.
Comments, corrections and suggestions are welcomed.
[1] http://www.cups.org/doc-1.1/spm.html#WRITING_BACKENDS)
Cheers,
Rodrigo
More information about the samba-technical
mailing list