Client pre authentication on Linux, macOS and Windows

KB Home   |   Client pre authentication on Linux, macOS and Windows

Main.LinuxPreAuthentication History

Hide minor edits - Show changes to output

April 01, 2019, at 02:22 AM by Alec - Fix typo
Changed line 13 from:
->'''2.''' When the user logs in, run the following command MUST be run as a privileged  user in order to read the secret file. For example on Linux
to:
->'''2.''' When the user logs in, run the following command. Note that the command MUST be run as a privileged  user in order to read the secret file. For example on Linux
March 18, 2019, at 01:52 AM by Alec - Fix numbering
Changed line 38 from:
->'''3.''' In the PaperCut admin interface consider making the printer Unauthenticated. Then all jobs will be sent as the the user configured above without the need for pop up authentication.
to:
->'''4.''' In the PaperCut admin interface consider making the printer Unauthenticated. Then all jobs will be sent as the the user configured above without the need for pop up authentication.
Changed line 22 from:
     `--user `"the_user`" `--shared-secret-file `"/path/to/root-secured/shared-secret`"
to:
     `--user `"the_user`" `--shared-secret-file `"c:\path\to\root-secured\shared-secret`"
Changed lines 3-9 from:
Q: I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux (or even Windows)?

A: Yes. To achieve this the workstation must be administered by your organization.  The admin must be able to setup login scripts that run as a privileged user, and also copy files to a location that only the privileged  user can access.


->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the privileged  user. IMPORTANT: For security reasons you must make this file readable by this user only.
to:
Q: I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux or Windows?

A: Yes. To achieve this the workstation must be administered by your organization.  The admin must be able to setup login scripts that run as a privileged user, and also copy files to a location that only a privileged  user can access.


->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by a privileged  user. IMPORTANT: For security reasons you must make this file readable by this user only.
Changed line 13 from:
->'''2.''' When the user logs in, run the following command MUST as the privileged  user in order to read the secret file. For example on Linux
to:
->'''2.''' When the user logs in, run the following command MUST be run as a privileged  user in order to read the secret file. For example on Linux
March 18, 2019, at 12:45 AM by Alec - Add information about Powershell and tidy up quotes
Changed lines 13-16 from:
->'''2.''' When the user logs in, run the following command MUST as the  privileged  user in order to read the secret file

   
pc-client-linux.sh `--pre-authenticate `--user "the_user"
        `--shared-secret-file "/path/to/root-secured/shared-secret"
to:
->'''2.''' When the user logs in, run the following command MUST as the  privileged  user in order to read the secret file. For example on Linux

   
pc-client-linux.sh `--pre-authenticate `--user `"the_user`"
        `--shared-secret-file `"/path/to/root-secured/shared-secret`"
Added lines 19-25:
or using Windows Powershell

    & `"C:\Program Files\PaperCut MF\client\win\pc-client.exe`" `--pre-authenticate
      `--user `"the_user`" `--shared-secret-file `"/path/to/root-secured/shared-secret`"
-->[-''(again all on same line)''-]

Changed lines 28-33 from:
     pc-client-linux.sh `--use-pre-authentication `--user "the_user"
to:
     pc-client-linux.sh `--use-pre-authentication `--user `"the_user`"

or

    & `"C:\Program Files\PaperCut MF\client\win\pc-client.exe`" `--use-pre-authentication
    `--user `"the_user`
"
Changed lines 8-9 from:
->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the  privileged  user. There should be no spaces in the file path. IMPORTANT: For security reasons you must make this file readable by this user only.
to:
->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the  privileged  user. IMPORTANT: For security reasons you must make this file readable by this user only.
Changed line 19 from:
->'''3.''' Start the client with the following additional option after this command as the logging in OS user (for instance "guest") but provide the --user option the name of the PaperCut user who will be charged for printing:
to:
->'''3.''' Start the client with the following additional option after this command as the logging in user:
February 08, 2018, at 02:59 AM by Alec - Add some clarifiction
Changed line 19 from:
->'''3.''' Start the client with the following additional option after this command as the logging in user:
to:
->'''3.''' Start the client with the following additional option after this command as the logging in OS user (for instance "guest") but provide the --user option the name of the PaperCut user who will be charged for printing:
December 12, 2017, at 06:44 AM by Alec - Note about no spaces in file path for secrets file
Changed line 8 from:
->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the  privileged  user. IMPORTANT: For security reasons you must make this file readable by this user only.
to:
->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the  privileged  user. There should be no spaces in the file path. IMPORTANT: For security reasons you must make this file readable by this user only.
December 12, 2017, at 05:05 AM by Alec - Add suggestion to make printer unauthenticated.
Added lines 25-26:

->'''3.''' In the PaperCut admin interface consider making the printer Unauthenticated. Then all jobs will be sent as the the user configured above without the need for pop up authentication.
Changed lines 1-9 from:
(:title Client pre authentication on Linux:)

Q: I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux?

A: Yes.  On Mac OS, the login-hook (which runs as root) performs the additional pre-authentication steps
To achieve this the workstation must be administered by your organization.  The admin must be able to setup login scripts that run as root, and also copy files to a location that only the root user can access.


->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is accessible and readable by root only. IMPORTANT: You must make this file readable by root only.
to:
(:title Client pre authentication on Linux, macOS and Windows:)

Q: I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux (or even Windows)?

A: Yes. To achieve this the workstation must be administered by your organization
The admin must be able to setup login scripts that run as a privileged user, and also copy files to a location that only the privileged  user can access.


->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is only accessible by the  privileged  user. IMPORTANT: For security reasons you must make this file readable by this user only.
Changed lines 13-16 from:
->'''2.''' When the user logs in, run the following command MUST as root:

     pc-client-linux.sh --pre-authenticate --user "the_user"
 
      --shared-secret-file "/path/to/root-secured/shared-secret"
to:
->'''2.''' When the user logs in, run the following command MUST as the  privileged  user in order to read the secret file

    pc-client-linux.sh `--pre-authenticate `--user "the_user"
        `
--shared-secret-file "/path/to/root-secured/shared-secret"
Changed lines 21-24 from:
     pc-client-linux.sh --use-pre-authentication --silent


You'll
need to have a good understanding of your X login program (e.g. [[http://www.jirka.org/gdm-documentation/x241.html|GDM scripts]]) to leverage this configuration.
to:
     pc-client-linux.sh `--use-pre-authentication `--user "the_user"


You'll
need to have a good understanding of your workstation login process (e.g. [[http://www.jirka.org/gdm-documentation/x241.html|GDM scripts]]) to leverage this configuration.
Changed lines 5-8 from:
A: Yes.  On Mac OS, the login-hook (which runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:

->'''1
.''' When the user logs in, run the following command as root:
to:
A: Yes.  On Mac OS, the login-hook (which runs as root) performs the additional pre-authentication steps.  To achieve this the workstation must be administered by your organization.  The admin must be able to setup login scripts that run as root, and also copy files to a location that only the root user can access.


->'''1.''' Copy the shared-secret file from the PaperCut server (location below) to the workstation in a location that is accessible and readable by root only.  IMPORTANT: You must make this file readable by root only.

    [app-path]/server/data/pc-shared-secret.dat


->'''2.''' When the user logs in, run the following command MUST
as root:
Changed lines 19-20 from:
->'''2.''' Start the client with the following additional option after this command as the logging in user:
to:
->'''3.''' Start the client with the following additional option after this command as the logging in user:
Changed line 21 from:
''Categories:'' [[Category.UserClientTool|+]]
to:
''Categories:'' [[Category.Administration|+]]
Added lines 21-22:
''Categories:'' [[Category.UserClientTool|+]]
----
Changed lines 5-8 from:
A: Yes.  On the Mac, the login-hook (which runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:

->'''1.''' When the user logins, run the following command as root:
to:
A: Yes.  On Mac OS, the login-hook (which runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:

->'''1.''' When the user logs in, run the following command as root:
Changed lines 5-6 from:
A: Yes.  On the Mac, the login-hook (that runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:
to:
A: Yes.  On the Mac, the login-hook (which runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:
Changed lines 5-6 from:
A: Yes.  On the Mac, the (login-hook that runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:
to:
A: Yes.  On the Mac, the login-hook (that runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:
Changed lines 11-12 from:
-->''(all on same server)''
to:
-->[-''(all on same line)''-]
Changed line 9 from:
     pc-client-linux.sh --pre-authenticate --user "the_user" \
to:
     pc-client-linux.sh --pre-authenticate --user "the_user"
Changed lines 11-12 from:
to:
-->''(all on same server)''
Changed lines 9-10 from:
     pc-client-linux.sh --pre-authenticate --user "the_user" --shared-secret-file "/path/to/root-secured/shared-secret"
to:
     pc-client-linux.sh --pre-authenticate --user "the_user" \
       
--shared-secret-file "/path/to/root-secured/shared-secret"
Changed lines 3-4 from:
Q: I noticed the mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux?
to:
Q: I noticed the Apple Mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux?
Added lines 1-19:
(:title Client pre authentication on Linux:)

Q: I noticed the mac has the option to copy in a shared secret avoiding the need for the initial authentication screen.  Is this also possible on Linux?

A: Yes.  On the Mac, the (login-hook that runs as root) performs the additional pre-authentication steps.  This behavior can be mirrored on Linux with the following actions:

->'''1.''' When the user logins, run the following command as root:

    pc-client-linux.sh --pre-authenticate --user "the_user" --shared-secret-file "/path/to/root-secured/shared-secret"

->'''2.''' Start the client with the following additional option after this command as the logging in user:

    pc-client-linux.sh --use-pre-authentication --silent


You'll need to have a good understanding of your X login program (e.g. [[http://www.jirka.org/gdm-documentation/x241.html|GDM scripts]]) to leverage this configuration.

----
[-keywords: linux login hook, popup authentication, -]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on April 01, 2019, at 02:22 AM
Printable View   |   Article History   |   Edit Article