[15] in athena10
Printing and Athena 10
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Dec 23 09:24:10 2007
Date: Sun, 23 Dec 2007 09:23:58 -0500
Message-Id: <200712231423.lBNENwPG022060@equal-rites.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: athena10@MIT.EDU
On the one hand, I don't want to spend a whole lot of time researching
printing because kicking off Athena 10 is more important. On the
other hand, it's good to think about it early in case we want to ask
anything from Operations before next summer. I've spent a little bit
of time and perhaps people can help flesh this out or correct me when
I'm wrong.
Currently:
* Printing is done via a customized version of lprng, using the lpd
protocol.
* You can't get a global list of printers, but printer names are
looked up in Hesiod using the pcap map ("hesinfo meadow pcap").
These include both centrally-maintained and locally-maintained
printers.
* Athena machines which are part of a print cluster define the
PRINTER environment variable to the name of the default printer.
* Kerberos authentication is supported. It is no longer required
for the centrally-maintained printers. Some people supposedly
want it for locally-run printers, but I'm not sure how much they
really care. I am personally willing to desupport authenticated
printing but the decision may turn out to be larger than I am.
* To put it mildly, integrating the customized lprng into modern
operating systems is difficult. On Athena 9.4 we need to make
modifications to GNOME to make it work, I believe.
* I am told that one of the big use cases for logging into Athena
cluster machines and dialups is to print stuff. There are other
printing options (including quickprint, these days) but using an
Athena machine is currently the path of least resistance for many
users. This situation doesn't really bear on Athena 10's
requirements, but is a possible driver for changing MIT's printing
infrastructure.
Considerations for the future:
* OSX and modern Linux systems use CUPS. CUPS can print to lpd
printers (unauthenticated) though its preferred protocol is IPP,
which is a bastard son of HTTP.
* In the usual default configuration, jobs are spooled to a local
cupsd using IPP and forwarded from there to a local printer or to
a network daemon (lpd or IPP) for a remote printer.
* It is possible to configure clients to spool jobs directly to a
network cupsd. You lose the flexibility of being able to define
local printers.
* CUPS claims it can do GSSAPI authentication over IPP using
forwarded credentials and the negotiate auth type. I haven't
tried it. In theory one could do authenticated printing to an lpd
printer in the same fashion but I bet the code doesn't exist.
* In a pinch, we could distribute a printers.conf file to Athena
machines via some update mechanism, and get by with no additional
infrastructure.
* Going one step up, Operations could run a cupsd with printer
definitions for the centrally-maintained printers. cupsd on
Athena 10 machines could then be configured with a "BrowsePoll"
directive to incorporate this list of printers. People could
define locally-maintained printers in their local cupsd
configurations. Even the centrally-maintained printers would be a
fairly big list, so this might not be the best user experience,
but it would work.
* The best user experience might come from configuring the routers
to advertise a subnet-specific list of printers over multicast DNS
(or broadcast SNMP). That would require help from NIST and
presumably depends on what our router equipment supports.
Printers specified this way would show up automatically on stock
Ubuntu and OSX machines (I believe) in addition to Athena
machines.
* I don't really know what Windows supports, beyond what's written
in http://en.wikipedia.org/wiki/Zeroconf, which says that
Microsoft favors a UPnP protocol called SSDP. What Windows
supports isn't really our problem, but it may become the problem
of Operations or NIST if they start making printing infrastructure
changes.
