1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2 3<html> 4 <head> 5 <meta name="generator" content="HTML Tidy, see www.w3.org"> 6 <title>Authentication Operations</title> 7 <meta name="GENERATOR" content= 8 "Modular DocBook HTML Stylesheet Version 1.7"> 9 <link rel="HOME" title=" LPRng Reference Manual" href= 10 "index.htm"> 11 <link rel="UP" title="Permissions and Authentication " href= 12 "permsref.htm"> 13 <link rel="PREVIOUS" title="RFC1179 Protocol Extensions" href= 14 "x8980.htm"> 15 <link rel="NEXT" title="Permission Checking" href="x9083.htm"> 16 </head> 17 18 <body class="SECT1" bgcolor="#FFFFFF" text="#000000" link= 19 "#0000FF" vlink="#840084" alink="#0000FF"> 20 <div class="NAVHEADER"> 21 <table summary="Header navigation table" width="100%" border= 22 "0" cellpadding="0" cellspacing="0"> 23 <tr> 24 <th colspan="3" align="center">LPRng Reference Manual: 5 25 Sep 2003 (For LPRng-3.8.22)</th> 26 </tr> 27 28 <tr> 29 <td width="10%" align="left" valign="bottom"><a href= 30 "x8980.htm" accesskey="P">Prev</a></td> 31 32 <td width="80%" align="center" valign="bottom">Chapter 33 17. Permissions and Authentication</td> 34 35 <td width="10%" align="right" valign="bottom"><a href= 36 "x9083.htm" accesskey="N">Next</a></td> 37 </tr> 38 </table> 39 <hr align="LEFT" width="100%"> 40 </div> 41 42 <div class="SECT1"> 43 <h1 class="SECT1"><a name="AUTH">17.10. Authentication 44 Operations</a></h1> 45 46 <p>Options used:</p> 47 48 <ul> 49 <li> 50 <p><var class="LITERAL">auth=</var><span class= 51 "emphasis"><i class="EMPHASIS">client to server 52 authentication type</i></span></p> 53 </li> 54 55 <li> 56 <p><var class="LITERAL">auth_forward=</var><span class= 57 "emphasis"><i class="EMPHASIS">server to server 58 authentication type</i></span></p> 59 </li> 60 61 <li> 62 <p><var class="LITERAL">XX_id=</var><span class= 63 "emphasis"><i class="EMPHASIS">server 64 identification</i></span></p> 65 </li> 66 67 <li> 68 <p><var class="LITERAL">XX_forward_id=</var><span class= 69 "emphasis"><i class="EMPHASIS">Server 70 identification</i></span></p> 71 </li> 72 </ul> 73 <br> 74 <br> 75 76 <p>A <b class="APPLICATION">LPRng</b> client <b class= 77 "APPLICATION">lpr</b>, <b class="APPLICATION">lpq</b>, <b 78 class="APPLICATION">lprm</b>, or <b class= 79 "APPLICATION">lpc</b> to <b class="APPLICATION">lpd</b> 80 server authenticated transfer proceeds as follows. If an 81 authenticated transfer is specified by the <var class= 82 "LITERAL">auth=protocol</var> entry in the printcap or 83 configuration information, the client sends a request for an 84 authenticated transfer to the server.</p> 85 86 <p>Part of the authentication request is the authentication 87 type. If authentication type <acronym class= 88 "ACRONYM">XX</acronym> is requested the server will examine 89 the information in the printcap and configuration entries for 90 an <var class="LITERAL">XX_id</var> value. If this value is 91 present then the server supports authentication of this type. 92 Further permission checks are carried out and finally the 93 server will accept or reject the authentication request. If 94 the request is accepted the server returns a positive 95 acknowledgment (single 0 byte) to the requester, otherwise it 96 returns a nonzero value and an error message.</p> 97 98 <p>If the request is accepted then an authentication specific 99 protocol exchange is carried out between client and server. 100 The commands and/or data files are encrypted and/or signed 101 and transferred to the server. The protocol specific software 102 on the server will then decrypt and/or check signatures, 103 perform the requested actions, and in turn generate a status 104 information. The status information is encrypted and/or 105 signed by the server and sent to the client, where the client 106 decrypts and/or checked for correct signature.</p> 107 108 <p>A <b class="APPLICATION">lpd</b> server to <b class= 109 "APPLICATION">lpd</b> server authenticated transfer proceeds 110 as follows. If an authenticated transfer is specified by the 111 <var class="LITERAL">auth_forward=protocol</var> entry in the 112 printcap or configuration information, the originating server 113 sends a request for an authenticated transfer to the 114 destination server. The originating server plays the part of 115 the client and performs the same set of actions.</p> 116 117 <p>The following printcap or user level information needs to 118 be provided for an authenticated exchange.</p> 119 120 <ol type="1"> 121 <li> 122 <p>The <var class="LITERAL">auth</var> option specifies 123 the authentication type to be used for client to server 124 transfers. For example, <var class= 125 "LITERAL">auth=kerberos</var> or <var class= 126 "LITERAL">auth=kerberos5</var> or would specify Kerberos 127 5 authentication, <var class= 128 "LITERAL">auth=kerberos4</var> would specify Kerberos 4 129 authentication, <var class="LITERAL">auth=pgp</var> would 130 specify PGP authentication, <var class= 131 "LITERAL">auth=md5</var> would specify MD5 132 authentication, etc. The special form <var class= 133 "LITERAL">auth@</var> specifies no authentication.</p> 134 </li> 135 136 <li> 137 <p>The <var class="LITERAL">auth_forward</var> option 138 specifies the authentication type to be used for server 139 to server transfers. For example, <var class= 140 "LITERAL">auth_forward=kerberos5</var> would specify 141 Kerberos 5 authentication, etc. The special form <var 142 class="LITERAL">auth@</var> specifies no 143 authentication.</p> 144 </li> 145 146 <li> 147 <p>The authenticated transfer request sent to a server 148 has one of the following forms, depending on the 149 originator:</p> 150 151 <div class="INFORMALEXAMPLE"> 152 <a name="AEN9050"></a> 153<pre class="SCREEN"> 154 \008printer C user_id authtype \n - for commands (lpq, lpc, etc.) 155 \008printer C user_id authtype size\n - for print jobs (lpr) 156 \008printer F server_id authtype \n - forwarded commands (lpq, lpc, etc.) 157 \008printer F server_id authtype size\n - forwarded print jobs (lpr) 158</pre> 159 </div> 160 <br> 161 <br> 162 163 <p>The single character with the <var class= 164 "LITERAL">\008</var> value signals that this is an 165 authentication request the <var class= 166 "LITERAL">printer</var> is the name of a print queue, and 167 the <var class="LITERAL">C</var> (client) or <var class= 168 "LITERAL">F</var> indicates that the request is from a 169 client program or is a forwarded request from a server. 170 The <var class="LITERAL">user_id</var> or <var class= 171 "LITERAL">server_id</var> field is an identifier supplied 172 by the originator and is discussed below. If the <var 173 class="LITERAL">size</var> value is present then the 174 request is for a job transfer and this value represents 175 the job size. It is used to determine if there is 176 sufficient space in the spool queue for the job.</p> 177 </li> 178 179 <li> 180 <p>The <var class="LITERAL">user_id</var> or <var class= 181 "LITERAL">server_id</var> fields in the authentication 182 request are obtained as follows. If the request 183 originates from a client, then the <var class= 184 "LITERAL">user_id</var> is the user name of the 185 originator obtained from password information. If the 186 request originates from a server, then the <var class= 187 "LITERAL">server_id</var> is the printcap or 188 configuration <var class="LITERAL">xx_id=server_id</var> 189 value, where <var class="LITERAL">xx</var> is the value 190 of the <var class="LITERAL">auth_forward=xx</var> 191 entry.</p> 192 </li> 193 194 <li> 195 <p>When the authenticated transfer request is received, 196 the destination will either return a single zero byte, or 197 a non-zero byte value followed by additional refusal 198 information. A refusal terminates the protocol 199 exchange.</p> 200 </li> 201 202 <li> 203 <p>Further exchanges are then determined by the 204 authentication protocol specific requirements.</p> 205 </li> 206 207 <li> 208 <p>Once the initial exchanges have been completed a user 209 file and/or command will be transferred to the 210 destination server.</p> 211 </li> 212 213 <li> 214 <p>An authentication protocol specific <acronym class= 215 "ACRONYM">AUTHFROM</acronym> and <acronym class= 216 "ACRONYM">AUTHUSER</acronym> strings will be supplied to 217 the lpd server for purposes of permission checking.</p> 218 </li> 219 220 <li> 221 <p>The lpd server then carries out the requested 222 operation, and will write error and status information 223 into a file.</p> 224 </li> 225 226 <li> 227 <p>After the requested activity has finished, protocol 228 specific module transfer the status information in the 229 file to the requesting system and terminate the protocol 230 exchange.</p> 231 </li> 232 </ol> 233 <br> 234 <br> 235 </div> 236 237 <div class="NAVFOOTER"> 238 <hr align="LEFT" width="100%"> 239 240 <table summary="Footer navigation table" width="100%" border= 241 "0" cellpadding="0" cellspacing="0"> 242 <tr> 243 <td width="33%" align="left" valign="top"><a href= 244 "x8980.htm" accesskey="P">Prev</a></td> 245 246 <td width="34%" align="center" valign="top"><a href= 247 "index.htm" accesskey="H">Home</a></td> 248 249 <td width="33%" align="right" valign="top"><a href= 250 "x9083.htm" accesskey="N">Next</a></td> 251 </tr> 252 253 <tr> 254 <td width="33%" align="left" valign="top">RFC1179 255 Protocol Extensions</td> 256 257 <td width="34%" align="center" valign="top"><a href= 258 "permsref.htm" accesskey="U">Up</a></td> 259 260 <td width="33%" align="right" valign="top">Permission 261 Checking</td> 262 </tr> 263 </table> 264 </div> 265 </body> 266</html> 267 268