Client pre authentication on Linux, macOS and Windows

Q I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen. Is this also possible on Linux or Windows?

Yes. To achieve this the workstation must be administered by your organization. The admin must be able to setup login scripts that run as a privileged user, and also copy files to a location that only a privileged user can access.

1. Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by a privileged user. IMPORTANT: For security reasons you must make this file readable by this user only.
2. When the user logs in, run the following command. Note that the command MUST be run as a privileged user in order to read the secret file. For example on Linux –-pre-authenticate –-user ”the_user” 
        –-shared-secret-file ”/path/to/root-secured/shared-secret”
(all on same line)

or using Windows Powershell

    & ”C:\Program Files\PaperCut MF\client\win\pc-client.exe” –-pre-authenticate
     –-user ”the_user” –-shared-secret-file ”c:\path\to\root-secured\shared-secret”
(again all on same line)
3. Start the client with the following additional option after this command as the logging in user: –-use-pre-authentication –-user ”the_user”


   & ”C:\Program Files\PaperCut MF\client\win\pc-client.exe” –-use-pre-authentication
    –-user ”the_user”

You’ll need to have a good understanding of your workstation login process (e.g. GDM scripts) to leverage this configuration.

4. In the PaperCut admin interface consider making the printer Unauthenticated. Then all jobs will be sent as the the user configured above without the need for pop up authentication.

Categories: How-to Articles, User Client, Authentication

keywords: linux login hook, popup authentication,