2000/03/04 This readme documents the changes I have made to papd to implement Apple's Print Server Security Protocol (PSSP). With these patches and appropriate configuration choices in papd.conf, a client machine will be required to authenticate to papd with a username or userame/password pair before papd will spool the print job to lpr. This requires LaserWriter 8.6.1+ on the client Mac. Papd will switch to the username provided by the client and print as that user. Papd will now respond to the following Postscript queries: RBISpoolerID RBIUAMListQuery RBILogin Currently, only uams_guest.so, uams_passwd.so, and uams_pam.so authentication modules are supported. To enable PSSP authentication on a particular printer, add the "sp" flag to that printer's entry in papd.conf. To define which uams to use for authentication, use an "am" entry. The uams defined apply globally, to all printers. It is not currently possible to define different authentication methods for different printers. Here is an example printer setup for papd.conf: lp:\ :pr=|/usr/bin/lpr -Plp:\ :sp:\ :am=uams_guest.so,uams_clrtxt.so:\ :pd=/usr/local/atalk/etc/ppds/hp8100.ppd: Or see the example papd.conf. This patch also includes the patches by Andras Kadinger to enable binary printing through papd. I've only been able to test these changes on a limited number of client Macs and only on Linux. If there are any problems or feedback you'd like to give, feel free to send me email. 2000/07/31 I've also added CAP-style authenticated printing. For those that aren't familiar, this requires that a user login to a file share before they can print. The file server stores the user's login name in a file named after the client machine's Appletalk address. The print server then reads the login name when the client machine tries to print. You'll need to set a directory where afpd store these files. This is a compile-time option set in the top-level Makefile. Look for the CAPDIR setting. You enable CAP or PSSP (Print Server Security Protocol) authentication on a printer by printer basis, and you can use any combination of these two. If both methods are enabled for a particular printer, CAP authentication will be tried first, then it will fall back to PSSP. The printcap flag to enable CAP is "ca", and the printcap flag to enable PSSP is "sp". Enjoy! Andy Morgan