[265] in athena10
Re: Athena 10 on ashdown04 cluster machine: installation
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 23 11:34:55 2008
From: Greg Hudson <ghudson@MIT.EDU>
To: Kenneth Arnold <kcarnold@mit.edu>
Cc: Evan Broder <broder@mit.edu>, ashdown-webmaster@mit.edu, athena10@mit.edu
In-Reply-To: <485FC10A.4050500@mit.edu>
Content-Type: text/plain
Date: Mon, 23 Jun 2008 11:34:10 -0400
Message-Id: <1214235250.18347.100.camel@error-messages.mit.edu>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
On Mon, 2008-06-23 at 11:28 -0400, Kenneth Arnold wrote:
> Greg Hudson wrote:
> > (It is also possible to do authenticated printing
> > with the CUPS framework, but for technical reasons it is not easy for us
> > to deploy.)
> Is that because delegation "is currently only supported when using a
> single KDC on your network"?
> (http://www.cups.org/documentation.php/kerberos.html)
No. There are at least two issues:
1. We'd need the printing queues to be running CUPS (or at least an IPP
implementation of some sort) instead of an lpd implementation.
2. Kerberos-authenticated CUPS works by forwarding credentials through
the local CUPS daemon on the client machine. That can only work if the
client machine has a keytab, which is not true of cluster machines or of
many private machines.
> > In the interest of providing a smoother experience, Evan is working on
> > developing front-end scripts so that lpr and friends will automatically
> > choose between CUPS and lprng depending on the printer name.
> Will that handle enumeration (i.e., CUPS and lprng printers showing up
> together in printer selection dialogs)? If so, this will be very useful.
That doesn't seem likely, although my understanding of printing clients
into GUIs is imperfect.
