17.12. PGP Authentication Support

PGP is a well known encryption and authentication program. For more details see the web site http://www.pgp.net or the ftp site ftp://ftp.pgp.net.

LPRng has greatly simplified the use of PGP for authentication by building in support as follows.



17.12.1. Printcap Configuration

Options used:



Example printcap entry:

    pr:
        :lp=pr@wayoff
        :auth=pgp
        :pgp_id=lpr@wayoff.com
        :pgp_path=/usr/local/bin/pgp
    pr:server
        :lp=pr@faroff
        :auth_forward=pgp
        :pgp_id=lpr@wayoff.com
        :pgp_path=/usr/bin/pgp
        :pgp_forward_id=lpr@faroff.com


The pgp_path value is the path to the PGP program. The program must be executable by all users.

The pgp_id value is the id used by PGP to look extract keys from key rings. When doing a client to server transfer this will be supplied as the id to be used for the destination, and the user's public keyring will be checked for a key corresponding to this id. When a request arrives at the server, the server will use this value as the id of a key in its private key ring. Finally, when a server is forwarding a request to a remote server, it will use this value as the id of the key in its private key ring to be used to sign or encode the destination information.

The pgp_forward_id value is used by the lpd server as the id to use to find a key for the destination.

The pgp_server_key is the path to the file containing the server passphrase. This file will be read by lpd to get the passphrase to unlock the server's keyring.

17.12.2. User Files and Environment Variables

Options used:



One problem with using PGP is the need to have users input their passphrases. The following methods can be used.