|
Package: cups Version: 1.6.2-8 Severity: normal --- Please enter the report below this line. --- smbspool linked as smb in /usr/lib/cups/backend/ is able to read /tmp/krb5cc_${uid} (or content of KRB5CCNAME variable) and authenticate itself with kerberos on a shared samba or windows printer. for exemple, launching as user: DEVICE_URI=smb://SERVER/Printer strace -e trace=open smbspool 1 user "Test print" 1 "none" <<EOF printed OK EOF works smbspool is launched with lp user so it does not have krb5 infos. A workaround is to add login and password in the printer URI but the password appears in clear text in /etc/cups/printer.conf and this method is not applicable when a worksation is used by more than one user. Some used to replace /usr/lib/cups/backend/smb by a wrapper that calls su -u user smbspools, but thi can't work when launched as lp. It may be possible to play with sudo and NOPASSWD: directives to but it can bring security problems. --- System information. --- Architecture: amd64 Kernel: Linux 3.9-1-amd64 Debian Release: jessie/sid 500 unstable http.debian.net 500 testing http.debian.net 500 stable security.debian.org 500 stable http.debian.net 101 experimental http.debian.net --- Package information. --- Depends (Version) | Installed =====================================-+-=============== libavahi-client3 (>= 0.6.16) | libavahi-common3 (>= 0.6.16) | libc6 (>= 2.16) | libcups2 (= 1.6.2-8) | libcupscgi1 (>= 1.4.2) | libcupsimage2 (>= 1.4.0) | libcupsmime1 (>= 1.4.0) | libcupsppdc1 (>= 1.4.0) | libgcc1 (>= 1:4.1.1) | libstdc++6 (>= 4.1.1) | libusb-1.0-0 (>= 2:1.0.8) | debconf (>= 1.2.9) | OR debconf-2.0 | libc-bin (>= 2.13) | cups-daemon (>= 1.6.2-8) | poppler-utils (>= 0.12) | procps | ghostscript (>= 9.02~) | lsb-base (>= 3) | cups-common (>= 1.6.2-8) | cups-server-common (>= 1.6.2-8) | cups-client (>= 1.6.2-8) | cups-ppdc | cups-filters (>= 1.0.24-3~) | Recommends (Version) | Installed ========================================-+-=========== avahi-daemon | 0.6.31-2 colord | 0.1.21-4 foomatic-filters (>= 4.0) | 4.0.17-1 printer-driver-gutenprint | 5.2.9-1 ghostscript-cups (>= 9.02~) | 9.05~dfsg-6.3 Suggests (Version) | Installed ==========================================-+-=========== cups-bsd | 1.6.2-8 foomatic-db-compressed-ppds | 20130517-1 OR foomatic-db | printer-driver-hpcups | 3.13.4-1+b1 hplip | 3.13.4-1+b1 cups-pdf | udev | 175-7.2 smbclient | 2:3.6.15-1 --
| ||||