Table of Contents
Advertisement
1.
2.
3.
YaST can find CUPS servers by either scanning local network hosts to see if they offer
the IPP service or by listening to IPP broadcasts. This requires the firewall to let incom-
ing packets on port 631/UDP (service IPP client) pass through. This is automatically
enabled when you have configured your machine to be in the internal firewall zone.
Opening a port to configure access to remote queues in the external zone can be a secu-
rity risk because an attacker could broadcast a server that might be accepted by users.
By default IPP broadcasts are rejected in the external zone. See
figuring the Firewall with YaST"
Alternatively, the user can detect CUPS servers by actively scanning the local network
hosts or configure all queues manually. However, because of the reasons mentioned in
the beginning of this section, this method is not recommended.
24.6.2 Changes in the CUPS Print Service
These changes were initially applied for SUSE Linux 9.1.
462
Installation and Administration
For every queue on the network server, you can configure a local queue through
which to forward all jobs to the corresponding network server (forwarding queue).
Usually, this approach is not recommended, because all client machines must
be reconfigured whenever the configuration of the network server changes.
Print jobs can also be forwarded directly to one network server. For this type of
configuration, do not run a local CUPS daemon. lp or corresponding library
calls of other programs can send jobs directly to the network server. However,
this configuration does not work if you also want to print on a local printer.
The CUPS daemon can listen to IPP broadcast packets that other network servers
send to announce available queues.
This is the best CUPS configuration for printing over remote CUPS servers.
However, there is a risk that an attacker sends IPP broadcasts with queues and
the local daemon accesses a counterfeit queue. If it then displays the queue with
the same name as another queue on the local server, the owner of the job may
believe the job is sent to a local server, while in reality it is sent to the attacker's
server.
(page 834) for details on firewall configuration.
Section 44.4.1, "Con-
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
- NOVELL IDENTITY MANAGER 3.6.1 - UNDERSTANDING POLICIES 05-06-2009
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 08-04-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - ARCHITECTURE-SPECIFIC INFORMATION 08-05-2008
- NOVELL LOGIN SCRIPTS - 08-2008
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - ADMINISTRATOR REFERENCE 06-17-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - 03-31-2010
- NOVELL SUPPORT ADVISOR - 04-2010
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009