Package: cups
Version: 1.6.2-8
Severity: normal
--- Please enter the report below this line. ---
smbspool linked as smb in /usr/lib/cups/backend/ is able to read
/tmp/krb5cc_${uid} (or content of KRB5CCNAME variable) and authenticate itself
with kerberos on a shared samba or windows printer.
for exemple, launching as user:
DEVICE_URI=smb://SERVER/Printer strace -e trace=open smbspool 1 user "Test
print" 1 "none" <<EOF
printed OK
EOF
works
smbspool is launched with lp user so it does not have krb5 infos.
A workaround is to add login and password in the printer URI but the password
appears in clear text in /etc/cups/printer.conf and this method is not
applicable when a worksation is used by more than one user.
Some used to replace /usr/lib/cups/backend/smb by a wrapper that calls su -u
user smbspools, but thi can't work when launched as lp. It may be possible to
play with sudo and NOPASSWD: directives to but it can bring security problems.
--- System information. ---
Architecture: amd64
Kernel: Linux 3.9-1-amd64
Debian Release: jessie/sid
500 unstable http.debian.net
500 testing http.debian.net
500 stable security.debian.org
500 stable http.debian.net
101 experimental http.debian.net
--- Package information. ---
Depends (Version) | Installed
=====================================-+-===============
libavahi-client3 (>= 0.6.16) |
libavahi-common3 (>= 0.6.16) |
libc6 (>= 2.16) |
libcups2 (= 1.6.2-8) |
libcupscgi1 (>= 1.4.2) |
libcupsimage2 (>= 1.4.0) |
libcupsmime1 (>= 1.4.0) |
libcupsppdc1 (>= 1.4.0) |
libgcc1 (>= 1:4.1.1) |
libstdc++6 (>= 4.1.1) |
libusb-1.0-0 (>= 2:1.0.8) |
debconf (>= 1.2.9) |
OR debconf-2.0 |
libc-bin (>= 2.13) |
cups-daemon (>= 1.6.2-8) |
poppler-utils (>= 0.12) |
procps |
ghostscript (>= 9.02~) |
lsb-base (>= 3) |
cups-common (>= 1.6.2-8) |
cups-server-common (>= 1.6.2-8) |
cups-client (>= 1.6.2-8) |
cups-ppdc |
cups-filters (>= 1.0.24-3~) |
Recommends (Version) | Installed
========================================-+-===========
avahi-daemon | 0.6.31-2
colord | 0.1.21-4
foomatic-filters (>= 4.0) | 4.0.17-1
printer-driver-gutenprint | 5.2.9-1
ghostscript-cups (>= 9.02~) | 9.05~dfsg-6.3
Suggests (Version) | Installed
==========================================-+-===========
cups-bsd | 1.6.2-8
foomatic-db-compressed-ppds | 20130517-1
OR foomatic-db |
printer-driver-hpcups | 3.13.4-1+b1
hplip | 3.13.4-1+b1
cups-pdf |
udev | 175-7.2
smbclient | 2:3.6.15-1
--
Landry MINOZA
MGI Sud-Ouest
Pour le compte du département informatique
de l’établissement public de musée d’Orsay et de l’Orangerie
Chef de projet technique Linux et réseaux
E-mail : landry.min...@musee-orsay.fr<mailto:landry.min...@musee-orsay.fr>
Tél :01 40 49 47 15
Musée d’Orsay et de l’Orangerie :62 rue de Lille - 75343 Paris Cedex 07 |
www.musee-orsay.fr<http://www.musee-orsay.fr>
MGI France :5 rue Sextius Michel - 75015 Paris | RCS: Paris B 382 770 584 |
www.mgi.fr<http://www.mgi.fr>
MGI SO :281 route d'Espagne - 31100 Toulouse | RCS: Toulouse B 421 125 816 |
www.mgi.fr<http://www.mgi.fr>
MGI Suisse :5 avenue de Rothorn - CH3960 Sierre | TVA 517-269 |
www.mgiconsultants.ch<http://www.mgiconsultants.ch>
