From owner-freebsd-questions@FreeBSD.ORG Thu Feb 4 19:29:16 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 535E0106568B for ; Thu, 4 Feb 2010 19:29:16 +0000 (UTC) (envelope-from web@umich.edu) Received: from hellskitchen.mr.itd.umich.edu (smtp.mail.umich.edu [141.211.14.82]) by mx1.freebsd.org (Postfix) with ESMTP id 015B68FC21 for ; Thu, 4 Feb 2010 19:29:15 +0000 (UTC) Received: FROM itcom245.staff.itd.umich.edu (itcom245.staff.itd.umich.edu [141.213.135.249]) By hellskitchen.mr.itd.umich.edu ID 4B6B200A.DA86D.3752 ; Authuser web; 4 Feb 2010 14:29:14 EST Date: Thu, 4 Feb 2010 14:28:33 -0500 From: William Bulley To: freebsd-questions@freebsd.org Message-ID: <20100204192833.GL31136@itcom245.staff.itd.umich.edu> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: confounding finding in print/cups-base (CUPS 1.4.2) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Feb 2010 19:29:16 -0000 Since I need the GSSAPI (for Kerberos) feature of CUPS in FreeBSD 8.0-STABLE, I was somewhat taken aback when I found the cupsd server failed to read its configuration file "cupsd.conf" when the line: DefaultAuthType Negotiate was present in that file upon server start/restart. The "Negotiate" keyword is the way to indicate Kerberos support in CUPS according to the CUPS documentation. Attempting to start the CUPS server cupsd(8) from the command line as root resulted in this error: freebsd# /usr/local/etc/rc.d/cupsd start Starting cupsd. Message from syslogd@itcom245 at Feb 4 10:35:31 ... itcom245 cupsd: Unable to read configuration file '/usr/local/etc/cups/cupsd.conf' - exiting! cupsd: Child exited with status 1! /usr/local/etc/rc.d/cupsd: WARNING: failed to start cupsd freebsd# /usr/local/etc/rc.d/cupsd stop cupsd not running? and in the /var/log/cups/error.log file I found this line: Unknown default authorization type Negotiate on line 6. Once line six (6) was removed, the cupsd server was able to start without error (of course, Kerberos support was unavailable...) :-( The file print/cups-base/work/cups-1.4.2/scheduler/conf.c has this section: #ifdef HAVE_GSSAPI else if (!strcasecmp(value, "negotiate")) { loc->type = CUPSD_AUTH_NEGOTIATE; if (loc->level == CUPSD_AUTH_ANON) loc->level = CUPSD_AUTH_USER; } #endif /* HAVE_GSSAPI */ which would normally be controlled by running ./configure at build time and affecting lines such as these in work/cups-1.4.2/config.h: /* * Do we have the GSSAPI support library (for Kerberos support)? */ /* #undef HAVE_GSSAPI */ /* #undef HAVE_GSSAPI_H */ /* #undef HAVE_GSSAPI_GSSAPI_H */ /* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ /* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ /* #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY */ /* #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE */ /* #undef HAVE_KRB5_CC_NEW_UNIQUE */ /* #undef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */ /* #undef HAVE_KRB5_H */ /* #undef HAVE_HEIMDAL */ Interestingly the Makefile in print/cups-base has this line inside the CONFIGURE_ARGS section which makes all the above irrelevant: --disable-gssapi So, my question is: why is the GSSAPI feature disabled in CUPS 1.4.2 when it was a configurable OPTION in CUPS 1.3.9 last Fall? What should I do if I desire Kerberos support in CUPS 1.4.2 ?? Regards, web... -- William Bulley Email: web@umich.edu 72 characters width template ----------------------------------------->|