MacOS X 10.3.x broke user authentication in the web interface. The following comes from the folks at Apple:
What's happening here is OS X 10.3 (Panther) switched to a form of shadow passwords that
cupsd isn't able to read. The
getpwent(3) man page discusses the details:
As of Mac OS X 10.3, there are now different per-user behaviours of this function, based on the AuthenticationAuthority value stored for the queried user in DirectoryServices.
If the queried user is still a legacy crypt password user, or now has an AuthenticationAuthority value containing ";basic;", these routines will behave in their standard BSD fashion. These functions will "shadow" the password file, e.g. allow only certain programs to have access to the encrypted password. If the process which calls them has an effective uid of 0, the encrypted password will be returned, otherwise, the password field of the returned structure will point to the string '*'.
By default in Mac OS X 10.3 and later all users will have an AuthenticationAuthority will contain the value ";ShadowHash;". These users will have a visible password value of "********". These functions will have no access to the encrypted password whatsoever. Setting or changing an user password must be done entirely through the DirectoryService APIs for this default user.
Two workarounds for now are:
- Remove the <Limit GET> / </Limit> lines from /etc/cups/cupsd.conf (it appears this will allow administration without any authentication.)
- Switch back to crypt passwords. This can be done in Netinfo Manager by changing a user's 'AuthenticationAuthority' from ';ShadowHash;' to ';basic;' and using 'openssl passwd' to set the password. The following macosxhints article talks about this: 10.3: Using UW IMAP and SSL
The CUPS CVS repositories (both Darwin's and ESP's) have been updated to install a pam(8) configuration file that works with these passwords via the pam_securityserver module. This will solve the problem in Tiger.
The Radar bug tracking this is : 7F44: Cannot access CUPS web admin after Security Update 2004-04-05