IPP Mail Archive: Re: IPP> User Authentification

IPP Mail Archive: Re: IPP> User Authentification

Re: IPP> User Authentification

From: Michael Sweet (mike@easysw.com)
Date: Fri Apr 20 2001 - 09:12:23 EDT

  • Next message: Harry Lewis: "Re: IPP> Media Standardized Names"

    lloyd.kauapundu@materna.de wrote:
    > ...
    > the users who may have access to the server. How can I do this? I
    > know that there is a required attribute "requesting-user-name"; but
    > this seems to be inefficient. Most IPP-clients do provide a user
    > with the possibility to provide his/her name. Instead, the
    > "requesting-user-name" is the name of the person who has logged on
    > the computer. Are there other ways and means to implement user
    > authorization and authentification?

    IPP by itself doesn't do authentication - that's the province of
    the HTTP protocol, which provides you with several options (Basic
    and Digest authentication using usernames and passwords, certificate
    schemes via TLS, kerberos, etc.)

    The basic rule (and something we switched to in CUPS 1.1 once it was
    decided) is that the authenticated user info takes precedence over
    the requesting-user-name attribute that is passed in the request.

    Soooooo, just have your HTTP server (or layer) challenge the client
    to get the actual username, and use it over the requesting-user-name
    attribute when you accept the print job.

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Fri Apr 20 2001 - 09:13:49 EDT