http://bugzilla.suse.com/show_bug.cgi?id=899118 --- Comment #4 from Joschi Brauchle <joschibrauchle@gmx.de> --- (In reply to Johannes Meixner from comment #3)

Johannes,

We used to exercise this approach, where cupsd would get a TGT and allow backends to re-issue tickets as needed. But back in CUPS 1.6 or so we dropped doing so (too fragile, difficult to deploy on Wi-Fi networks) and instead have the IPP backend (and the SMB backend on OS X - can't speak to what is being done on Linux for Samba) "trampoline" into the user account to send the print job as the user, with the user's Kerberos session... Naturally this doesn't work for a print server daisy chaining to another server, e.g.:

Client ----> Server -----> Server with Printer

but then Kerberos has trouble with this sort of trust relationship anyways...

Thank you for clearing this up. So it is true what was stated in the bug description that this "forwarding functionality" was dropped. As far as I can see, this is the case for CUPS 1.5 already. We have also tried to use the approach described in Michael Sweets answer with openSUSE 13.1: Let CUPS "trampoline" into a *local* users session and use the *locally available* credentials to allow for kerberized SMB printing, but failed to get this working here. So it seems like the SMB backend for OS X is different than the Linux one, in the sense that it offers this additional functionality... Should I split this into a new but report, as this is a somewhat simplified problem? -- You are receiving this mail because: You are on the CC list for the bug.