<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Authentication and Encryption</title>
<meta name="GENERATOR" content=
"Modular DocBook HTML Stylesheet Version 1.7">
<link rel="HOME" title=" LPRng Reference Manual" href=
"index.htm">
<link rel="UP" title="Permissions and Authentication " href=
"permsref.htm">
<link rel="PREVIOUS" title="More Examples" href="x8984.htm">
<link rel="NEXT" title="User Identification" href="x9037.htm">
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link=
"#0000FF" vlink="#840084" alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border=
"0" cellpadding="0" cellspacing="0">
<tr>
<th colspan="3" align="center">LPRng Reference Manual: 24
Sep 2004 (For LPRng-3.8.28)</th>
</tr>
<tr>
<td width="10%" align="left" valign="bottom"><a href=
"x8984.htm" accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter
17. Permissions and Authentication</td>
<td width="10%" align="right" valign="bottom"><a href=
"x9037.htm" accesskey="N">Next</a></td>
</tr>
</table>
<hr align="LEFT" width="100%">
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="AUTHREF">17.7. Authentication and
Encryption</a></h1>
<p>One of the major problems in a print spooler system is
providing privacy and authentication services for users. One
method is to construct a specific set of protocols which will
be used for providing the privacy or authentication; another
is to provide a simple interface to a set of tools that will
do the authentication and/or encryption.</p>
<p><b class="APPLICATION">LPRng</b> provides native support
for the MIT Kerberos 4 extensions and Kerberos 5
authentication.</p>
<p><b class="APPLICATION">LPRng</b> uses the OpenSSL
libraries to support SSL authentication and encrypted data
transfers.</p>
<p><b class="APPLICATION">LPRng</b> has native support for
the PGP (Pretty Good Privacy) program and can sign and
optionally encrypt command and responses between servers and
clients. Due to legal restrictions, an external PGP program
must be used for this purpose.</p>
<p>A simple MD5 hash based authentication scheme is also
provided as an example to illustrate how new or different
authentication methods can be adddd.</p>
<p>Finally, <b class="APPLICATION">LPRng</b> provide a
general purpose interface allowing users to insert their own
authentication methods, either at the program level or at the
code level.</p>
<p>A careful study of the authentication problem shows that
it should be done during reception of commands and/or jobs
from a remote user and/or spooler. At this time the following
must be done:</p>
<ol type="1">
<li>
<p>The received command must be checked for consistency,
and the remote user and host must be determined.</p>
</li>
<li>
<p>The remote user and host must be authenticated.</p>
</li>
<li>
<p>The command and/or spooling operation must be carried
out.</p>
</li>
<li>
<p>The results must be returned to the remote system.</p>
</li>
</ol>
<br>
<br>
<p> To accomplish these goals, the following printcap
entries are used:</p>
<ul>
<li>
<a name="AUTHTYPE"></a>
<p><var class="LITERAL">auth=</var><span class=
"emphasis"><i class="EMPHASIS">AUTHTYPE</i></span> - pgp,
kerberos, etc</p>
</li>
<li>
<a name="AUTHTYPEPATH"></a>
<p><var class="LITERAL">AUTHTYPE_path=</var><span class=
"emphasis"><i class="EMPHASIS">pathname</i></span> - the
pathname of a program to be used to support this
authentication type</p>
</li>
<li>
<a name="AUTHTYPEID"></a>
<p><var class="LITERAL">AUTHTYPE_id=</var><span class=
"emphasis"><i class="EMPHASIS">identification</i></span>
- the identification of the server for the authentication
method. For example, the kerberos principal for the
server, the PGP key id for the server, and so forth.</p>
</li>
<li>
<a name="AUTHTYPESERVERKEY"></a>
<p><var class="LITERAL">AUTHTYPE_server_key=</var><span
class="emphasis"><i class=
"EMPHASIS">identification</i></span> - location of a file
on the server where a key used to unlock or encrypt a
message is kept.</p>
</li>
<li>
<a name="AUTHTYPEFORWARDID"></a>
<p><var class="LITERAL">AUTHTYPE_forward_id=</var><span
class="emphasis"><i class=
"EMPHASIS">identification</i></span> - the identification
of the remote destination, This is used by the server
when forwarding a job to a remote destination. By
default, the AUTHTYPE_id value is used by the server as
its identification.</p>
</li>
<li>
<a name="AUTHTYPEDEFAULTCLIENT"></a>
<p><var class=
"LITERAL">AUTHTYPE_default_client=</var><span class=
"emphasis"><i class="EMPHASIS">identification</i></span>
- when forwarding a job and the job arrived via an
unauthenticated method, use this as the default client
identification.</p>
</li>
</ul>
<br>
<br>
</div>
<div class="NAVFOOTER">
<hr align="LEFT" width="100%">
<table summary="Footer navigation table" width="100%" border=
"0" cellpadding="0" cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href=
"x8984.htm" accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href=
"index.htm" accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href=
"x9037.htm" accesskey="N">Next</a></td>
</tr>
<tr>
<td width="33%" align="left" valign="top">More
Examples</td>
<td width="34%" align="center" valign="top"><a href=
"permsref.htm" accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">User
Identification</td>
</tr>
</table>
</div>
</body>
</html>
syntax highlighted by Code2HTML, v. 0.9.1