'Re: LPRng: lpr kerberos auth problems'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lprng
Subject:    Re: LPRng: lpr kerberos auth problems
From:       Lucas Fisher <ljfisher () iastate ! edu>
Date:       2001-09-02 21:47:17
[Download RAW message or body]

Well, nevermind.  I just learned that our university implemented lpd kerberos
authentication before a standard to do just that existed.  Their
implemementation is incompatible with lprng.

thanks,
Lucas

Lucas Fisher wrote:
> 
> Hi,
> Our university uses a kerberos 4 enabled lpd print system.  I'm trying to use
> lprng with the campus printers, but I'm having some problems. I know kerberos
> is working since I can successfully use kerberos with telnet.
> 
> I'm running into all kinds of problems.  One of my problems I think is when I
> use lpr to print, it tries to use kerberos to authenticate with my local lpd
> instead of the university print server (print-1). If I do
>   lpr -Pdu139_lj4 test.ps
> 
> I get:
>   Status Information:
>   sending job 'ljfisher@endless+548' to du139_lj4@localhost
>   connecting to 'localhost', attempt 1
>   connected to 'localhost'
>   error msg: ' on client krb5_cc_get_principal failed - No credentials cache
>   file found'
> 
> and this in the system log:
>   Sep  1 19:22:12 endless RCVSEC[9730]: du139_lj4: on server server_krb5_auth
>   failed - cannot open server keytab file '/etc/lpd.keytab' - No such file or
>   directory
> 
> The ldp server should not be looking for the keytab since this is only needed
> by a server using kerberos to authenticate clients, right?
> 
> If I do 'lpr -Pdu139_lj4@print-1' I get:
>  Status Information:
>  sending job 'ljfisher@endless+732' to du139_lj4@print-1
>  connecting to 'print-1', attempt 1
>  connected to 'print-1'
>  requesting printer du139_lj4@print-1
>  sending control file 'cfA732endless.stures.iastate.edu' to du139_lj4@print-1
>  completed sending 'cfA732endless.stures.iastate.edu' to du139_lj4@print-1
>  sending data file 'dfA732endless.stures.iastate.edu' to du139_lj4@print-1
>  job 'ljfisher@endless+732' transfer to du139_lj4@print-1 failed
>   error 'NONZERO RFC1179 ERROR CODE FROM SERVER' with ack 'ACK_STOP_Q'
>   sending str '^C785920 dfA732endless.stures.iastate.edu' to du139_lj4@print-1
> 
> Here is my printcap:
> ------------------printcap-----------------------------
> #######################################################################
> #
> # queue lj4-1.default (375) serves (via PRINT-1.IASTATE.EDU)
> #    du139_lj4 (1543), a HP LJ4si MX in 139 Durham
> du139_lj4
>         :lp=du139_lj4@print-1.iastate.edu
>         :OQ=du139_lj4_0,du139_lj4_1,du139_lj4_2,du139_lj4_3
>         :sd=/var/spool/lpd/%P
>        :auth=kerberos4
>        :kerberos_id=lpr/IASTATE.EDU@IASTATE.EDU
> 
> #
> # queue color-1.default (410) serves (via PRINT-1.IASTATE.EDU)
> #    du139_color (1644), a Tek Phaser 340 in 139 Durham
> du139_color
>         :lp=du139_color@print-1.iastate.edu
>         :sd=/var/spool/lpd/%P
>         :OQ=du139_color_0,du139_color_1
>         :auth=kerberos4
>         :kerberos_id=lpr/IASTATE.EDU@IASTATE.EDU
> ------------------------------------------------------------
> 
> Thanks for any help,
> Lucas
> 
> -----------------------------------------------------------------------------
> YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
> The address you post from MUST be your subscription address
> 
> If you need help, send email to majordomo@lprng.com (or lprng-requests
> or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
> to subscribe to a list with name LIST,  send mail to majordomo@lprng.com
> with:                           | example:
> subscribe LIST <mailaddr>       |  subscribe lprng-digest myname@host.org
> unsubscribe LIST <mailaddr>     |  unsubscribe lprng myname@host.org
> 
> If you have major problems,  send email to papowell@astart.com with the word
> LPRNGLIST in the SUBJECT line.
> -----------------------------------------------------------------------------

-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address

If you need help, send email to majordomo@lprng.com (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
to subscribe to a list with name LIST,  send mail to majordomo@lprng.com
with:                           | example:
subscribe LIST <mailaddr>       |  subscribe lprng-digest myname@host.org
unsubscribe LIST <mailaddr>     |  unsubscribe lprng myname@host.org

If you have major problems,  send email to papowell@astart.com with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic