Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

SMB printer creation stores a plain-text password System
This warning is implied in some of the other hints here on SMB printing, but I thought it might warrant a hint of its own ... If you use Printer Setup Utility (I've only tested this on Panther, but I would expect it to hold with Print Center on Jaguar as well) and you add a Windows printer, it will prompt you for a username and password to access the printer. There is a checkbox here asking to remember the password in your keychain. However, once you add this printer, the system will actually store your username and password directly in the URI in the /etc/cups/printers.conf file. For example, the URI path will read like this:
smb://username:password@workgroup/server/printer
(this is what is implied by some other hints on this issue). Note that this file by default is only readable by root, so it only exposes the password to anyone who has admin access on the machine (technically, it's anyone with the root password or sudo permission). That may or not be acceptable on your system.

If you really want to keep your password out of a text file, you should use a non-authenticated protocol like LPD. You can add that to any Windows 2000 or higher machine by going to Add/Remove Programs and adding the 'Print Services for UNIX' component under Other Networking Services. Or alternatively, you can use the Internet Printing Protocol over HTTP (which is built in as part of the web service), as long as you enable anonymous access in the IIS settings for the printers virtual directory on the Windows print server.

Of course, since we're talking about security, you should make sure that either of the services above are on a trusted network (i.e. behind a firewall) so every human on the Internet does not have the ability to send to your printer!
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[6,846 views]  

SMB printer creation stores a plain-text password | 1 comments | Create New Account
Click here to return to the 'SMB printer creation stores a plain-text password' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
SMB printer creation stores a plain-text password
Authored by: freddiepingpong on Feb 25, '04 11:35:29PM

Good points. For the record Jaguar didn't have the Windows printing support, so that wouldn't be applicable.



[ Reply to This | # ]