CUPS interaction (authentication with LIBCUPS)
Andrew Bartlett
abartlet at samba.org
Mon Jun 6 23:23:01 GMT 2005
On Mon, 2005-06-06 at 16:08 -0700, Michael R Sweet wrote:
> Andrew Bartlett wrote:
> > ...
> > You missed simo's point. Simo was talking about a sane
>
> No, I didn't, read below...
>
> > implementation path for the server-side of the authentication
> > problem. Even without IPP clients, the admin interface could benefit
> > from this, due to existing browser support for NTLM and 'Negotiate'
> > (GSS-SPNEGO/GSSAPI).
>
> I agree, however we can't just settle for a 1/2 (or more like 1/3)
> solution, we need a complete solution that can be used on all OS's
> and in all situations.
> In short, I don't believe that squid or any other existing
> authentication framework addresses the client, server, and
> proxy authentication cases we need.
Of course they don't. Kerberos is one of the few technologies that
seems to even start down this road in a sensible manner, and even it is
a right royal pain to setup.
Particularly when you start down the 'and it must be supported by
Windows IPP', I really don't think you have any good options. I just
hope that we can do better 'host to host' then basic auth. (And I would
not look to HTTP for innovation in this area).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050607/940cd060/attachment.bin
More information about the samba-technical
mailing list