Description of problem: I'm trying to print to a kerberized CUPS daemon, with Gtk2 clients (firefox 3.0, but the same with gtk-demo). When trying to print, the client fails due to authorization error. Version-Release number of selected component (if applicable): gtk2-2.10.4-20.el5 cups-1.3.7-8.el5 cups-libs-1.3.7-8.el5 How reproducible: Always Steps to Reproduce: 1. Launch gtk-demo and select "Printing" 2. Send the job 3. Actual results: Expected results: Additional info: Seems to be a limitation of the gtk sources. But it is quite annoying as RHEL 5 contains a kerberized cups.
Probable related bug (on RedHat bugzilla): Bug 476232 - gtk2 cups printer backend does not attempt SO_PEERCRED authentication
I attempted to apply the patch provided with Gnome bug report on my gtk2 version (gtk2-2.10.4-20). Authentication seems to succeed, but print failed. On the client side, I obtain a "Too many failed attempts" error. The server log contains: Feb 24 18:12:16 server cupsd[26585]: get_gss_creds: Attempting to acquire credentials for ipp... Feb 24 18:12:16 server cupsd[26585]: get_gss_creds: Credentials acquired successfully for ipp. Feb 24 18:12:16 server cupsd[26585]: cupsdAuthorize: Authorized as user using Negotiate
Thanks for testing that patch! But it would be much more useful to provide feedback about it in the upstream bug where we are working on it.
2. What is the nature and description of the request? Customer would like to see the possibility of kerberos authentication via SSO for print jobs, so users without a valid kerberos ticket can not print anything. 3. Why does the customer need this? (List the business requirements here) The entire infrastructure at the customer site is kerberized and therefore they also need it for printing purposes. 4. How would the customer like to achieve this? (List the functional requirements here) Additional authentication backend in lib-cups as it already exists upstream (cupslib 1.4.4) 5. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Make sure you can only print when you have a valid kerberos ticket and the kerberos authentication is enabled in cups. 6. Is there already an existing RFE upstream or in Red Hat bugzilla? Yes, there is the upstream bz https://bugzilla.gnome.org/show_bug.cgi?id=553690 and the Red Hat bz https://bugzilla.redhat.com/show_bug.cgi?id=489734 7. How quickly does this need resolved? (desired target release) 5.7 if possible, 5.8 if not and 6.1 8. Does this request meet the RHEL Inclusion criteria (please review) From my point of view it does. 9. List the affected packages cups cups-libs 10. Would the customer be able to assist in testing this functionality if implemented? Yes, definitely.
RFE to be considered for a later release. ---------------------------------------------------------- The request is relevant to RHEL and needs to be considered for a later release. Thank you for submitting this feature request for inclusion in Red Hat Enterprise Linux. Your request will be considered in a future release of Red Hat Enterprise Linux.
Thank you for submitting this issue for consideration. Red Hat Enterprise Linux 5 has reached the end of Production 1 Phase of its Life Cycle. Red Hat does not plan to incorporate the suggested capability in a future Red Hat Enterprise Linux 5 minor release. If you would like Red Hat to re-consider this feature request and the requested functionality is not currently in Red Hat Enterprise Linux 6, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux.
please disregard the previous comment.