Date: Thu, 4 Feb 2010 14:28:33 -0500 From: William Bulley <web@umich.edu> To: freebsd-questions@freebsd.org Subject: confounding finding in print/cups-base (CUPS 1.4.2) Message-ID: <20100204192833.GL31136@itcom245.staff.itd.umich.edu>
next in thread | raw e-mail | index | archive | help
Since I need the GSSAPI (for Kerberos) feature of CUPS in FreeBSD
8.0-STABLE, I was somewhat taken aback when I found the cupsd server
failed to read its configuration file "cupsd.conf" when the line:
DefaultAuthType Negotiate
was present in that file upon server start/restart. The "Negotiate"
keyword is the way to indicate Kerberos support in CUPS according to
the CUPS documentation.
Attempting to start the CUPS server cupsd(8) from the command line
as root resulted in this error:
freebsd# /usr/local/etc/rc.d/cupsd start
Starting cupsd.
Message from syslogd@itcom245 at Feb 4 10:35:31 ...
itcom245 cupsd: Unable to read configuration file '/usr/local/etc/cups/cupsd.conf' - exiting!
cupsd: Child exited with status 1!
/usr/local/etc/rc.d/cupsd: WARNING: failed to start cupsd
freebsd# /usr/local/etc/rc.d/cupsd stop
cupsd not running?
and in the /var/log/cups/error.log file I found this line:
Unknown default authorization type Negotiate on line 6.
Once line six (6) was removed, the cupsd server was able to start
without error (of course, Kerberos support was unavailable...) :-(
The file print/cups-base/work/cups-1.4.2/scheduler/conf.c has this
section:
#ifdef HAVE_GSSAPI
else if (!strcasecmp(value, "negotiate"))
{
loc->type = CUPSD_AUTH_NEGOTIATE;
if (loc->level == CUPSD_AUTH_ANON)
loc->level = CUPSD_AUTH_USER;
}
#endif /* HAVE_GSSAPI */
which would normally be controlled by running ./configure at build
time and affecting lines such as these in work/cups-1.4.2/config.h:
/*
* Do we have the GSSAPI support library (for Kerberos support)?
*/
/* #undef HAVE_GSSAPI */
/* #undef HAVE_GSSAPI_H */
/* #undef HAVE_GSSAPI_GSSAPI_H */
/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
/* #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY */
/* #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE */
/* #undef HAVE_KRB5_CC_NEW_UNIQUE */
/* #undef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */
/* #undef HAVE_KRB5_H */
/* #undef HAVE_HEIMDAL */
Interestingly the Makefile in print/cups-base has this line inside
the CONFIGURE_ARGS section which makes all the above irrelevant:
--disable-gssapi
So, my question is: why is the GSSAPI feature disabled in CUPS
1.4.2 when it was a configurable OPTION in CUPS 1.3.9 last Fall?
What should I do if I desire Kerberos support in CUPS 1.4.2 ??
Regards,
web...
--
William Bulley Email: web@umich.edu
72 characters width template ----------------------------------------->|
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100204192833.GL31136>