The last couple weeks have involved a lot of me banging my head on my desk trying to make printing sane. We have used LPRng at NCSU for quite some time now. It scales well and it supports strong authentication via kerberos. Authentication is important as users buy print quota with a credit card, normally 6 cents per black and white page.
However, LPRng has become rather unmaintained and Linux and other platforms are moving in the direction of Cups and IPP based printing. Even more, Cups provides a printing API that GUI applications, like OpenOffice.org, are starting to use. So I am quickly approaching a divide where CLI based printing still works but the GUI applications insist on printing to Cups which knows nothing about my kerberized LPRng printers.
Cups is currently not deployable mainly due to the lack of strong authentication. It supports PAM authentication which is an attempt in the right direction. However, who wants to enter their username and password for every print job…that’s when the local print drivers know what to do with Apache style basic auth. That’s more broken than functional.
I’m getting into more and more situations where if somebody has set up a Cups browsable printer near a lab that breaks printing for the entire lab. So what to do as Cups develops kerberos support and better scalability? We write our own driver. Halloween coding style. Its some scary code.
In a nutshell, it runs as root and nukes things that Cups puts in LPRng’s way. Then it changes to the user that ran the print job, finds their authentication bits, and runs lpr from our local LPRng distribution. Some impressively bad code, but it is successful at integrating Cups onto our printing system.
While I’m working on all this I’ve also been poking around Cups as I know well of the Google Summer of Code project to add proper kerberos support for Cups 1.3. Oddly enough, today I was made aware that apparently the work is done. Today I was made aware of the rumors saying that Cups 1.3 will be released very soon. *sigh*
To top things off looks like there’s some LPRng code that supports kerberized IPP too. Its really bothersome how powerful LPRng can be yet I’m almost being forced to move away from it. Another thing I’m interested in is pulling printer information out of LDAP and into Cups. However, Cups doesn’t seem to understand that LDAP is a read only database, it seems to want to use LDAP as its own data store.
In any case, I look forward to testing Cups 1.3 and seeing what’s new and what’s different.