[prev in list] [next in list] [prev in thread] [next in thread]
List: lprng
Subject: Re: [LPRng] Does lprng support external permission testing
From: papowell () astart ! com
Date: 1999-03-26 15:11:17
[Download RAW message or body]
> From majordomo-owner@iona.com Wed Mar 24 19:02:56 1999
> From: Neil Brown <neilb@cse.unsw.edu.au>
> To: lprng@iona.com
> Date: Thu, 25 Mar 1999 13:21:49 +1100 (EST)
> Subject: [LPRng] Does lprng support external permission testing
>
>
>
> I am currently using PLP(4.0) and an considering moving to lprng.
>
> A particular need that I have is for some interesting permission
> checking that was a bit beyond the scope of PLP.
>
> Two examples are:
> 1/ We have "staff" and "students", and we have some printers in
> restricted areas that "students" should not be able to print to.
> We do not have one group for all out (2000) students, so user or
> group based permission checked just didn't work.
> I extended plp to understand netgroups (using innetgr) when
> checking for users and as I have all my users in meaningful
> netgroups, this worked well.
Still there
/etc/lpd.perms
REJECT PRINTER=staff,student REMOTEGROUP=@badgroup
ACCEPT PRINTER=staff REMOTEGROUP=@staff
ACCEPT PRINTER=students REMOTEGROUP=@staff,@students
OR you can put the bad users in a file:
REJECT SERVICE=RMLP REMOTEUSER=</etc/badguys
This last one seems to be useful, if you only have a few
users to watch out for
>
> 2/ We have a print page allocation scheme that needs to remove access
> to printers when people have exceeded their allocation. I
> currently do this by puting such users in a special netgroup and
> denying access for anyone in that netgroup.
Still there
>
>
> Now I could, of course, enhance lprng to understand netgroups (I don't
> think it understands them), but I would rather not have to maintain my
> own modifications to an actively-develped product.
>
> An alternate which seems very much in line with the philosophy of
> lprng is to have an external program which is given all the
> information, and makes the decision itself. This seems so much in line
> with having external authentication and external routing etc that I
> was surprised not to find it.
Also there:
>
> So my question is (or questions are):
>
> Does lprng support this and I didn't notice?
> Is there any plan to include it?
> If not, is it an appropriate thing to do?
> If I wanted to do it myself and contribute, what source should I
> start with?
> Is there any possibility of, or strong beliefs against, including
> netgroup support (i.e. username checking understands @netgroupname)?
>
> Thankyou,
> NeilBrown
>
Patrick Powell Astart Technologies,
papowell@astart.com 9475 Chesapeake Drive, Suite D,
Network and System San Diego, CA 92123
Consulting 619-874-6543 FAX 619-279-8424
LPRng - Print Spooler (http://www.astart.com)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic