Jaharmi’s Irreality renewable hyperlinks with 0% transfat since 1999

A few posts on the MacEnterprise mailing list have reported that Leopard does support authenticated printing with Active Directory. This is a good step forward for Mac OS X. However, it’s unclear if it is using Kerberos to do so.

Leopard includes CUPS 1.3.3. I don’t exactly know how to tell this from the command line. There’s no cups -V at all, as the main executable is cupsd. But, there’s no cupsd -V, either. So, I resorted to the CUPS Web administration page, which is found at http://localhost:631/ on any modern Mac.

The What’s new in CUPS page — which as of this writing documents version 1.3 — says that Kerberos is now supported. So it’s reasonable to guess that Kerberos could be in use on Leopard for this type of authenticated printing.

So, I took a moment to ask on the Apple Printing mailing list, and got immediate results. Right away, Michael Sweet posted that no, by default it doesn’t … but it can be activated with the “Negotiate” option in cupsd.conf. There is one caveat: it reportedly doesn’t work with Windows Server 2003R2, however. You need CUPS 1.3.4 for that.

I found out that CUPS 1.3.3 in Leopard can potentially be replaced with version 1.3.4 at your own risk. You should only do that if you are comfortable with compiling applications, if you absolutely need to make Kerberized authenticated printing work with Windows Server 2003R2, and you are willing to test the changes before you deploy it to more than your non-production test computer. Otherwise, the following risk is not worth it. However, if you still feel the need to try CUPS 1.3.4 despite these warnings:

1. Get the CUPS 1.3.4 source and compile it as a “4-way fat” binary with:
   $ ./configure --with-archflags="-arch i386 -arch ppc -arch x86_64 -arch ppc64"
$ make
2. Copy the resulting cups/libcups.2.dylib file to /usr/lib/.
3. Reboot or log out.

The new libcups.2.dylib could then be copied to other computers if your testing with it is successful and it fixes the problem with authenticated printing through Windows Server 2003R2. You’re on your own if you try any of this; I’m not suggesting you do it, and can’t help you if you try. It’s unsupported and YMMV.

(By the way, replacing one key file like this is a really great opportunity to use a Radmind overload, if you’re into that sort of thing.)