]>
Commit | Line | Data |
---|---|---|
c277f98c | 1 | <!DOCTYPE HTML> |
94436c5a MS |
2 | <html> |
3 | <!-- SECTION: Man Pages --> | |
4 | <head> | |
5 | <link rel="stylesheet" type="text/css" href="../cups-printable.css"> | |
6 | <title>client.conf(5)</title> | |
7 | </head> | |
8 | <body> | |
9 | <h1 class="title">client.conf(5)</h1> | |
10 | <h2 class="title"><a name="NAME">Name</a></h2> | |
08d56b1f | 11 | client.conf - client configuration file for cups |
94436c5a | 12 | <h2 class="title"><a name="DESCRIPTION">Description</a></h2> |
651e0a22 MS |
13 | The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories. |
14 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
8072030b MS |
15 | <p><b>Note:</b> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. |
16 | The <b>ServerName</b> directive is not supported on macOS at all. | |
17 | Starting with macOS 10.12, all applications can access these settings in the <i>/Library/Preferences/org.cups.PrintingPrefs.plist</i> file instead. | |
08d56b1f | 18 | See the NOTES section below for more information. |
651e0a22 MS |
19 | <h3><a name="DIRECTIVES">Directives</a></h3> |
20 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
2909c66c | 21 | <dl class="man"> |
ddf95fe6 MS |
22 | <dt><b>AllowAnyRoot Yes</b> |
23 | <dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot No</b> | |
651e0a22 | 24 | <dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. |
ddf95fe6 MS |
25 | The default is "Yes". |
26 | <dt><b>AllowExpiredCerts Yes</b> | |
27 | <dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts No</b> | |
651e0a22 | 28 | <dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates. |
08d56b1f | 29 | The default is "No". |
651e0a22 MS |
30 | <dt><b>Encryption IfRequested</b> |
31 | <dd style="margin-left: 5.0em"><dt><b>Encryption Never</b> | |
32 | <dd style="margin-left: 5.0em"><dt><b>Encryption Required</b> | |
33 | <dd style="margin-left: 5.0em">Specifies the level of encryption that should be used. | |
34 | <dt><b>GSSServiceName </b><i>name</i> | |
35 | <dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
36 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
37 | <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>] | |
38 | <dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i> | |
39 | <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server. | |
8072030b | 40 | <b>Note: This directive it not supported on macOS 10.7 or later.</b> |
651e0a22 MS |
41 | <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b> |
42 | <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
c59e07c6 | 43 | <dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>] |
63aefcd5 MS |
44 | <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b> |
45 | <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf). | |
46 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
c59e07c6 | 47 | The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation. |
63aefcd5 MS |
48 | The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. |
49 | The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. | |
c59e07c6 | 50 | The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. |
08d56b1f MS |
51 | <dt><b>TrustOnFirstUse Yes</b> |
52 | <dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b> | |
53 | <dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default. | |
54 | The default is "Yes". | |
651e0a22 MS |
55 | <dt><b>User </b><i>name</i> |
56 | <dd style="margin-left: 5.0em">Specifies the default user name to use for requests. | |
ddf95fe6 MS |
57 | <dt><b>ValidateCerts Yes</b> |
58 | <dd style="margin-left: 5.0em"><dt><b>ValidateCerts No</b> | |
59 | <dd style="margin-left: 5.0em">Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
60 | The default is "No". | |
2909c66c | 61 | </dl> |
651e0a22 | 62 | <h2 class="title"><a name="NOTES">Notes</a></h2> |
8072030b | 63 | The <b>client.conf</b> file is deprecated on macOS and will no longer be supported in a future version of CUPS. |
08d56b1f MS |
64 | Configuration settings can instead be viewed or changed using the |
65 | <b>defaults</b>(1) | |
66 | command: | |
67 | <pre class="man"> | |
68 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
69 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
70 | ||
71 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
72 | </pre> | |
73 | On Linux and other systems using GNU TLS, the <i>/etc/cups/ssl/site.crl</i> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
94436c5a | 74 | <h2 class="title"><a name="SEE_ALSO">See Also</a></h2> |
651e0a22 | 75 | <a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a> |
08d56b1f | 76 | <b>default</b>(1), |
651e0a22 | 77 | CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>) |
94436c5a | 78 | <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2> |
08d56b1f | 79 | Copyright © 2007-2016 by Apple Inc. |
94436c5a MS |
80 | |
81 | </body> | |
82 | </html> |