On 2014-04-05 11:41, Koenraad Lelong wrote:
B.T.W. is CUPS so leaky that "opening its IPP port 631 removes effectively any firewall protection from the workstation" ? Which is what that web-page says. If so, I will reconsider and go the Windows-way : install every printer locally.
If I remember correctly (I might not) CUPS uses passwords in clear, and by default, those passwords are the same as the user login password. A sniffer would capture those easily on the network. If you only print, there is no problem. But if you use the CUPS control web page to cancel a job, or configure a printer, it asks for the user, or even root password. That's the danger. I'm not sure if using CLI to a networked CUPS server also has this problem. However, you can setup up different passwords for CUPS for each user, and perhaps disallow the normal passwords - but that would not stop users from trying their login password, or them setting the same password, because it is one less to remember. This is what I understood, and I could be wrong. Better try to verify! -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)