[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lprng
Subject:    Re: [LPRng] Does lprng support external permission testing
From:       papowell () astart ! com
Date:       1999-03-26 15:11:17
[Download RAW message or body]

> From majordomo-owner@iona.com Wed Mar 24 19:02:56 1999
> From: Neil Brown <neilb@cse.unsw.edu.au>
> To: lprng@iona.com
> Date: Thu, 25 Mar 1999 13:21:49 +1100 (EST)
> Subject: [LPRng] Does lprng support external permission testing
>
>
>
> I am currently using PLP(4.0) and an considering moving to lprng.
>
> A particular need that I have is for some interesting permission
> checking that was a bit beyond the scope of PLP.
>
> Two examples are:
>  1/ We have "staff" and "students", and we have some printers in
>     restricted areas that "students" should not be able to print to.
>     We do not have one group for all out (2000) students, so user or
>     group based permission checked just didn't work.
>     I extended plp to understand netgroups (using innetgr) when
>     checking for users and as I have all my users in meaningful
>     netgroups, this worked well.

Still there

/etc/lpd.perms

REJECT PRINTER=staff,student REMOTEGROUP=@badgroup
ACCEPT PRINTER=staff REMOTEGROUP=@staff
ACCEPT PRINTER=students REMOTEGROUP=@staff,@students

OR you can put the bad users in a file:

REJECT SERVICE=RMLP REMOTEUSER=</etc/badguys

   This last one seems to be useful,  if you only have a few
   users to watch out for

>
>  2/ We have a print page allocation scheme that needs to remove access
>     to printers when people have exceeded their allocation. I
>     currently do this by puting such users in a special netgroup and
>     denying access for anyone in that netgroup.

Still there
>
>
> Now I could, of course, enhance lprng to understand netgroups (I don't
> think it understands them), but I would rather not have to maintain my
> own modifications to an actively-develped product.
>
> An alternate which seems very much in line with the philosophy of
> lprng is to have an external program which is given all the
> information, and makes the decision itself.  This seems so much in line
> with having external authentication and external routing etc that I
> was surprised not to find it.

Also there:
>
> So my question is (or questions are):
>
>  Does lprng support this and I didn't notice?
>  Is there any plan to include it?
>  If not, is it an appropriate thing to do?
>  If I wanted to do it myself and contribute, what source should I
>    start with?
>  Is there any possibility of, or strong beliefs against, including
>  netgroup support (i.e. username checking understands @netgroupname)?
>
> Thankyou,
> NeilBrown
>


Patrick Powell                 Astart Technologies,
papowell@astart.com            9475 Chesapeake Drive, Suite D,
Network and System             San Diego, CA 92123
  Consulting                   619-874-6543 FAX 619-279-8424 
LPRng - Print Spooler (http://www.astart.com)

[prev in list] [next in list] [prev in thread] [next in thread]