# Authentification against printer with cups?

## tuxificator

Hi,

does anyone have an idea how to tell cups to transmit a http/ipp auth to an ipp printserver?

We have a bizhub 750 printer here and a linux driver exists (plain ppd). The problem is that cups just sets the username to "PRINT" and doesn't send a password either. Therefore the printer rejects any jobs sent.

Thanks in Advance

----------

## darkphader

 *tuxificator wrote:*   

> does anyone have an idea how to tell cups to transmit a http/ipp auth to an ipp printserver?

 

If you find out post it here. Would like to know also.

I have a client with a bizhub as well (jeez I hate those all-in-one self-contained printer/servers) and set it up like a normal printer letting CUPS on the Gentoo server handle the printing duties (via Samba). Basically allowed printing without auth, but only allowing connections from the server, which uses pykota for print accounting. Best of both worlds - page accounting and auto-driver download/install.

Chris

----------

## darkphader

Just want to mention the other benefit of the setup above is that the users don't need to enter credentials to print, which I find quite annoying doing it the bizhub way. It seems quite absurd that once the user is authenticated to network services that they should need to enter creds everytime they print from a new app. 

Chris

----------

## wynn

 *tuxificator wrote:*   

> does anyone have an idea how to tell cups to transmit a http/ipp auth to an ipp printserver?

 You might like to put your question to the CUPS Forum at http://www.cups.org/newsgroups.php, cups.bugs is probably the best one.

The CUPS backend(7) manpage says *Quote:*   

> Starting with CUPS 1.1.22, any authentication information in argv[0] is removed, so backend developers are urged to use the DEVICE_URI environment variable whenever authentication information is required. The CUPS API includes a cupsBackendDeviceURI function for retrieving the correct device URI.

 but searching the documentation for DEVICE_URI doesn't turn up anything and I can't find cupsBackendDeviceURI to get any more information ...

----------

## tuxificator

Hi,

as it seems the bizhub 750 (and probably all other machines by KM) does not send auth info using the ipp auth at all.

The windows driver wraps up the print job with a bunch of PJL statements (also setting all the printing options, what CAN be done with plain PS as well). If the user enters a username/password the driver adds the variables KMUSERNAME and KMUSERKEY. If the user has no password set on the printer KMUSERNAME will be sufficient.

The password is encoded using an encryption scheme based on 8 Byte blocks (scheme repeats each 8 bytes, one changed byte in the password changes all bytes in the encrypted block). The encrypted data is then just dumped into the PJL (there  seems to be absolutely no restriction to the byte values in the PJL).

A print job sent to the machine will therefore look like this:

```

<esc>%-12345X@PJL

@PJL SET STRINGCODESET = UTF8

@PJL SET USERNAME = "irrelevant"

@PJL SET KMUSERNAME="theusername"

@PJL SET KMUSERKEY="<binary data>"

@PJL ENTER LANGUAGE = POSTSCRIPT

(postscript code comes here)

<esc>%-12345X@PJL

```

Unfortunately the password encoding routine in the driver is very confusing (seems to be wanted) so it may take a while to find out how it works.

Greets

Andreas Lang

----------

