Hello,
I have a question that is causing me to wonder how access rights are
applied on an IPP printer, specifically on incoming requests. My
question was specific to access rights and how they are defined on the IPP
Printer. I’ll assume authentication is the domain of the OS – in our
case the authenticating Windows domain. However, when looking at the
printer, it is difficult to see how this is meshed to IPP access rights.
For instance, assuming a pause-printer request is sent from an
authenticated (by the OS) client. RFC 8011 stipulates:
"Access Rights: The authenticated user (see Section 9.3) performing
this operation MUST be an Operator or Administrator of the Printer
(see Sections 1 and 9.5). Otherwise, the IPP Printer MUST reject the
operation and return ’client-error-forbidden’,
’client-error-not-authenticated’, or ’client-error-not-authorized’
as appropriate."
In the case where the requesting-user-name is used, does the printer
attempt to use this as the authenticated user? As a Windows user token
is not passed to the printer, how are access rights determined?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20250309/8a4b755a/attachment.html>