Client pre authentication on Linux, macOS and Windows

KB Home   |   Client pre authentication on Linux, macOS and Windows

Q I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen. Is this also possible on Linux (or even Windows)?

Yes. To achieve this the workstation must be administered by your organization. The admin must be able to setup login scripts that run as a privileged user, and also copy files to a location that only the privileged user can access.

1. Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the privileged user. There should be no spaces in the file path. IMPORTANT: For security reasons you must make this file readable by this user only.
    [app-path]/server/data/pc-shared-secret.dat
2. When the user logs in, run the following command MUST as the privileged user in order to read the secret file
    pc-client-linux.sh –-pre-authenticate –-user “the_user” 
        –-shared-secret-file “/path/to/root-secured/shared-secret”
(all on same line)
3. Start the client with the following additional option after this command as the logging in user:
    pc-client-linux.sh –-use-pre-authentication –-user “the_user”

You’ll need to have a good understanding of your workstation login process (e.g. GDM scripts) to leverage this configuration.

3. In the PaperCut admin interface consider making the printer Unauthenticated. Then all jobs will be sent as the the user configured above without the need for pop up authentication.

Categories: Administration


keywords: linux login hook, popup authentication,

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on December 12, 2017, at 06:44 AM
Printable View   |   Article History   |   Edit Article