Add possibility to restrict queue usage based on IP addresses #142
Comments
|
@wiene Which are the corresponding CUPS commands / directives? |
|
This can be implemented using custom operation policies and assigning those policies to the respective queues using the command
Such policies can (among others) include IP restrictions like You can find nice examples in the "Managing Operation Policies" section of the CUPS documentation. |
|
I think we are half way there: the The problem is in setting the CUPS policies: I am working on this in a feature branch, but it is quite a monster: https://github.com/leoarnold/puppet-cups/blob/leoarnold/feature/cupsd_policies/templates/cupsd/_policies.erb |
|
Wow, I am really impressed. I have not studied the code in all its details but from a first glimpse it looks like things are on a good track. Thank you very much for your effort. |
|
This has been an issue for me. I have clients on 3 different subnets. About a year ago I hacked this module to handle it, but I haven't attempted to patch forward to the latest release. The CUPS access control is annoyingly fine-grained, but I think in essence most of the control at the network IP level comes down to these 3 function classes: Submit/status of jobs, Control of jobs and printers, Administration (for example, add/remove printers and classes, etc.) So I came up with "allow_submit_from/deny_submit_from", /_control_from, /_admin_from extension keywords. Although I like the new user-level syntax which might be a better way of doing it. |
|
This would indeed be important also for us. With a growing number of clients (will be >200) and many printers (>50) simple access control will be a must for select queues. The branch looks already like a good start, thanks for the good work! |
It would be nice to be able to restrict queue usage based on IP addresses. It seems that at the moment access control is only possible based on user/group information.
The text was updated successfully, but these errors were encountered: