]>
Commit | Line | Data |
---|---|---|
b423cd4c | 1 | .\" |
7131e285 | 2 | .\" client.conf man page for CUPS. |
b423cd4c | 3 | .\" |
f2e87147 | 4 | .\" Copyright 2007-2017 by Apple Inc. |
7131e285 | 5 | .\" Copyright 2006 by Easy Software Products. |
b423cd4c | 6 | .\" |
7131e285 MS |
7 | .\" These coded instructions, statements, and computer programs are the |
8 | .\" property of Apple Inc. and are protected by Federal copyright | |
9 | .\" law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
10 | .\" which should have been included with this file. If this file is | |
11 | .\" file is missing or damaged, see the license at "http://www.cups.org/". | |
b423cd4c | 12 | .\" |
02c88e67 | 13 | .TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc." |
b423cd4c | 14 | .SH NAME |
08d56b1f | 15 | client.conf \- client configuration file for cups |
b423cd4c | 16 | .SH DESCRIPTION |
7131e285 MS |
17 | The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories. |
18 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
19 | .LP | |
8072030b MS |
20 | \fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. |
21 | The \fBServerName\fR directive is not supported on macOS at all. | |
22 | Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead. | |
08d56b1f | 23 | See the NOTES section below for more information. |
7131e285 MS |
24 | .SS DIRECTIVES |
25 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
b423cd4c | 26 | .TP 5 |
f51f3773 | 27 | \fBAllowAnyRoot Yes\fR |
f9988e18 | 28 | .TP 5 |
f51f3773 | 29 | \fBAllowAnyRoot No\fR |
f9988e18 | 30 | Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. |
f51f3773 | 31 | The default is "Yes". |
f9988e18 | 32 | .TP 5 |
f51f3773 | 33 | \fBAllowExpiredCerts Yes\fR |
f9988e18 | 34 | .TP 5 |
f51f3773 | 35 | \fBAllowExpiredCerts No\fR |
f9988e18 | 36 | Specifies whether to allow TLS with expired certificates. |
08d56b1f | 37 | The default is "No". |
f9988e18 | 38 | .TP 5 |
7131e285 | 39 | \fBEncryption IfRequested\fR |
b423cd4c | 40 | .TP 5 |
7131e285 | 41 | \fBEncryption Never\fR |
b423cd4c | 42 | .TP 5 |
7131e285 MS |
43 | \fBEncryption Required\fR |
44 | Specifies the level of encryption that should be used. | |
b423cd4c | 45 | .TP 5 |
7131e285 MS |
46 | \fBGSSServiceName \fIname\fR |
47 | Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
48 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
07ed0e9a | 49 | .TP 5 |
7131e285 | 50 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR] |
b423cd4c | 51 | .TP 5 |
7131e285 MS |
52 | \fBServerName \fI/domain/socket\fR |
53 | Specifies the address and optionally the port to use when connecting to the server. | |
21d8d62b | 54 | \fBNote: This directive is not supported on macOS 10.7 or later.\fR |
3e7fe0ca | 55 | .TP 5 |
7131e285 MS |
56 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR |
57 | Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
3699c637 | 58 | .TP 5 |
f2e87147 | 59 | \fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] |
63aefcd5 MS |
60 | .TP 5 |
61 | \fBSSLOptions None\fR | |
62 | Sets encryption options (only in /etc/cups/client.conf). | |
63 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
02c88e67 MS |
64 | Security is reduced when \fIAllow\fR options are used. |
65 | Security is enhanced when \fIDeny\fR options are used. | |
66 | The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). | |
67 | The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. | |
63aefcd5 | 68 | The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. |
f2e87147 | 69 | The \fIDenyCBC\fR option disables all CBC cipher suites. |
ee6226a5 | 70 | The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. |
63aefcd5 | 71 | .TP 5 |
08d56b1f MS |
72 | \fBTrustOnFirstUse Yes\fR |
73 | .TP 5 | |
74 | \fBTrustOnFirstUse No\fR | |
75 | Specifies whether to trust new TLS certificates by default. | |
76 | The default is "Yes". | |
77 | .TP 5 | |
7131e285 | 78 | \fBUser \fIname\fR |
3e7fe0ca | 79 | Specifies the default user name to use for requests. |
f51f3773 MS |
80 | .TP 5 |
81 | \fBValidateCerts Yes\fR | |
82 | .TP 5 | |
83 | \fBValidateCerts No\fR | |
84 | Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
85 | The default is "No". | |
7131e285 | 86 | .SH NOTES |
8072030b | 87 | The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS. |
08d56b1f MS |
88 | Configuration settings can instead be viewed or changed using the |
89 | .BR defaults (1) | |
90 | command: | |
91 | .nf | |
92 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
93 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
94 | ||
95 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
96 | .fi | |
97 | On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
b423cd4c | 98 | .SH SEE ALSO |
7131e285 | 99 | .BR cups (1), |
08d56b1f | 100 | .BR default (1), |
7131e285 | 101 | CUPS Online Help (http://localhost:631/help) |
b423cd4c | 102 | .SH COPYRIGHT |
bd5a2f28 | 103 | Copyright \[co] 2007-2017 by Apple Inc. |