Hi guys, For the first time in a while, I've needed to use the cups web interface, and when setting the password I'm told my password isn't long/difficult enough. What governs the password difficulty for lppasswd? It's not the same as the usual user password, because I'm trying to set it the same as my root password and it's not accepting it. theluggage:~ # lppasswd root Enter password: Enter password again: lppasswd: Sorry, password rejected. Your password must be at least 6 characters long, cannot contain your username, and must contain at least one letter and number. Thanks Hans -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Thursday 22 June 2006 6:16 am, Hans du Plooy wrote:
Hi guys,
For the first time in a while, I've needed to use the cups web interface, and when setting the password I'm told my password isn't long/difficult enough. What governs the password difficulty for lppasswd? It's not the same as the usual user password, because I'm trying to set it the same as my root password and it's not accepting it.
theluggage:~ # lppasswd root Enter password: Enter password again: lppasswd: Sorry, password rejected. Your password must be at least 6 characters long, cannot contain your username, and must contain at least one letter and number.
Thanks Hans
lppasswd is governing that, isn't it? Otherwise you'd be using passwd... From a system security view CUPS is trying to get you to be more secure. The idea being that if CUPS is compromised then they don't have root on the system too. Do what its asking you to do and all is fine. Start using a different password for CUPS' 'root'. Stan -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Thu, 2006-06-22 at 06:52 -0500, S Glasoe wrote:
lppasswd is governing that, isn't it? Otherwise you'd be using passwd...
From a system security view CUPS is trying to get you to be more secure. The idea being that if CUPS is compromised then they don't have root on the system too. I know I know. If this was a print server on a network, the password would have satisfied CUPS's requirements. But the only way someone will become root on my notebook is if they steal it and then CUPS or root would be the least of my worries :-)
Do what its asking you to do and all is fine. Start using a different password for CUPS' 'root'. <sigh> Thanks. Was hoping to avoid having another password to remember...
Thanks Hans -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-06-22 at 16:36 +0200, Hans du Plooy wrote:
<sigh> Thanks. Was hoping to avoid having another password to remember...
Change root's password to something else. Then, set cup's to the previous root's password. Then, reset Mr. root password. ;-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEmzgEtTMYHG2NR9URAm+sAJ4/OP9/zsBs/APXph6+61TQr+fg+wCfTmYA IIPvh6DqPZ1AttkIcPZpb2g= =z4Ef -----END PGP SIGNATURE----- -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On 22/06/06 18:38, Carlos E. R. wrote:
The Thursday 2006-06-22 at 16:36 +0200, Hans du Plooy wrote:
<sigh> Thanks. Was hoping to avoid having another password to remember...
Change root's password to something else. Then, set cup's to the previous root's password. Then, reset Mr. root password.
;-)
You've missed the point. A password for CUPS "must be at least 6 characters long, cannot contain your username, and must contain at least one letter and number." The system and CUPS passwords are stored in different places, so it is possible for them to be the same -- so long as the above conditions apply. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Thursday 22 June 2006 05:52 pm, Darryl Gregorash wrote:
On 22/06/06 18:38, Carlos E. R. wrote:
The Thursday 2006-06-22 at 16:36 +0200, Hans du Plooy wrote:
<sigh> Thanks. Was hoping to avoid having another password to remember...
Change root's password to something else. Then, set cup's to the previous root's password. Then, reset Mr. root password.
;-)
You've missed the point. A password for CUPS "must be at least 6 characters long, cannot contain your username, and must contain at least one letter and number."
The system and CUPS passwords are stored in different places, so it is possible for them to be the same -- so long as the above conditions apply.
Interesting solution. I hadn't heard of doing this. I still find it odd that CUPS needs a non-root password... I'll try it out for a few systems (which have the passwords written on sticky notes) and let you know how it goes. -- kai - www.perfectreign.com Welcome to the Internet - http://welcome.twysted.net/ -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On 22/06/06 22:24, kai wrote:
On Thursday 22 June 2006 05:52 pm, Darryl Gregorash wrote:
On 22/06/06 18:38, Carlos E. R. wrote:
The Thursday 2006-06-22 at 16:36 +0200, Hans du Plooy wrote:
<sigh> Thanks. Was hoping to avoid having another password to remember...
Change root's password to something else. Then, set cup's to the previous root's password. Then, reset Mr. root password.
;-)
You've missed the point. A password for CUPS "must be at least 6 characters long, cannot contain your username, and must contain at least one letter and number."
The system and CUPS passwords are stored in different places, so it is possible for them to be the same -- so long as the above conditions apply.
Interesting solution. I hadn't heard of doing this.
I still find it odd that CUPS needs a non-root password...
I'll try it out for a few systems (which have the passwords written on sticky notes) and let you know how it goes.
Note what Johannes wrote; CUPS doesn't need any passwords at all, if you are only going to use Yast for printer administration. The password is only needed if you intend to use the CUPS web interface (http://localhost:631) -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Hello, On Jun 22 23:01 Darryl Gregorash wrote (shortened):
The password is only needed if you intend to use the CUPS web interface (http://localhost:631)
More precisely: Special CUPS authentication is only needed if you use the CUPS web interface for administrative stuff, i.e.: http://localhost:631/admin The rest of the CUPS web interface works by default without authentication. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix@suse.de 90409 Nuernberg, Germany WWW: http://www.suse.de/ -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Thu, 2006-06-22 at 23:01 -0600, Darryl Gregorash wrote:
On 22/06/06 22:24, kai wrote:
Interesting solution. I hadn't heard of doing this.
I still find it odd that CUPS needs a non-root password...
I'll try it out for a few systems (which have the passwords written on sticky notes) and let you know how it goes.
Note what Johannes wrote; CUPS doesn't need any passwords at all, if you are only going to use Yast for printer administration. The password is only needed if you intend to use the CUPS web interface (http://localhost:631)
Keep in mind that the administrator for cups need not be the _name_ root. You can use any name you wish, I use my user name as the cups admin user with full admin rights. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Ken Schneider wrote:
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Hello, On Jun 22 13:16 Hans du Plooy wrote (shortened):
What governs the password difficulty for lppasswd?
As far as I know it is hardcoded rules in the CUPS sources.
I'm trying to set it the same as my root password and it's not accepting it.
You should be very thankful that it failed for you, see https://bugzilla.novell.com/show_bug.cgi?id=148099 By the way: Regarding how to use SSL/TLS (aka. "HTTPS") for the cupsd, see /usr/share/doc/packages/cups/ENCRYPTION.txt To allow only SSL/TLS for administration stuff set in cupsd.conf --------------------------------------- <Location /admin> ... Encryption Required --------------------------------------- The problem with "Encryption Required" is: Neither Mozilla nor Konqueror work with it. There is no "IPPS" port in /etc/services because an additional port for the secure version of IPP was rejected because "Upgrading to TLS Within HTTP" (RFC 2817) must be used nowadays. Unfortunately neither Mozilla nor Konqueror support "Upgrading to TLS Within HTTP" see the Mozilla bug report https://bugzilla.mozilla.org/show_bug.cgi?id=276813 ------------------------------------------------------------------- The TLS upgrade was designed for some specific applications such as the Internet Printing Protocol, not for general browser and server use. ... an appropriate URL scheme has not been created for TLS upgrade, and I consider the http:// URL scheme to be inappropriate" ------------------------------------------------------------------- :-( A workaround: Let cupsd provide HTTPS via a CUPS-specific SSLPort, e.g.: 4433 (set additionally "SSLPort 4433" in cupsd.conf) and use the right URL directly in the browser (e.g. https://localhost:4433/admin) and/or change the URLs in the HTTP templates in CUPS (e.g. in /usr/share/doc/packages/cups/index.html) so that the administration links point to the right URLs. Kind Regrads Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix@suse.de 90409 Nuernberg, Germany WWW: http://www.suse.de/ -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Hello, On Jun 22 14:49 Johannes Meixner wrote (shortened):
Regarding how to use SSL/TLS (aka. "HTTPS") for the cupsd, see /usr/share/doc/packages/cups/ENCRYPTION.txt
To avoid confusion: Of course you don't need to recompile CUPS with "./configure --enable-ssl". The cupsd in Suse Linux already supports SSL/TLS. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: jsmeix@suse.de 90409 Nuernberg, Germany WWW: http://www.suse.de/ -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (8)
-
Carlos E. R. -
Darryl Gregorash -
Hans du Plooy -
Johannes Meixner -
kai -
Ken Schneider -
Lisc Debu -
S Glasoe