Bug#868283: cups-browsed ignores "DefaultPolicy authenticated" from cupsd.conf
Christoph - thank you for your report.
On Fri 14 Jul 2017 at 08:54:29 +0200, Christoph Pleger wrote:
> Package: cups-browsed
> Version: 1.11.6-3
> Severity: critical
>
> Dear maintainers,
>
> cups-browsed from Debian stretch ignores the "DefaultPolicy authenticated"
> entry in my cupsd.conf, so that all browsed-imported printers in
> /etc/cups/printers.conf are listed with "OpPolicy default". That differs
> from how it was in older Debian versions and their cups-browseds, and it
> allows users to print with another user id than their own without
> authentication, critical in an environment like ours where users have to pay
> for their print quota.
An account of my testing procedure. cups and cups-browsed were restarted
after a change to cupsd.conf..
1. No DefaultPolicy directive in cupsd.conf. All five of my remote
printers show as "OpPolicy default".
2. Put "DefaultPolicy authenticated" in cupsd.conf. The printers show
as in 1.
3. Install cups-browsed 1.10.0-1 (no change in cupsd.conf). The printers
show "OpPolicy authenticated".
At this point it appears the data support your contention. I was going
to suggest a look at /usr/share/doc/cups-filters/changelog.gz (CHANGES
IN V1.11.3) and think on whether the implicitclass backend was involved.
But I dug a hole for myself.
4. Reinstall stretch's cups-browsed (no change in cupsd.conf) to go back
to 2. "OpPolicy authenticated" is what I get!
5. Remove "DefaultPolicy authenticated" from cupsd.conf. Back to 1. Not
at all! It's still "DefaultPolicy authenticated".
Colour me perplexed (or inept).
--
Brian.
Reply to: