]>
Commit | Line | Data |
---|---|---|
1 | .\" | |
2 | .\" client.conf man page for CUPS. | |
3 | .\" | |
4 | .\" Copyright 2007-2017 by Apple Inc. | |
5 | .\" Copyright 2006 by Easy Software Products. | |
6 | .\" | |
7 | .\" These coded instructions, statements, and computer programs are the | |
8 | .\" property of Apple Inc. and are protected by Federal copyright | |
9 | .\" law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
10 | .\" which should have been included with this file. If this file is | |
11 | .\" file is missing or damaged, see the license at "http://www.cups.org/". | |
12 | .\" | |
13 | .TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc." | |
14 | .SH NAME | |
15 | client.conf \- client configuration file for cups | |
16 | .SH DESCRIPTION | |
17 | The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories. | |
18 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
19 | .LP | |
20 | \fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. | |
21 | The \fBServerName\fR directive is not supported on macOS at all. | |
22 | Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead. | |
23 | See the NOTES section below for more information. | |
24 | .SS DIRECTIVES | |
25 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
26 | .TP 5 | |
27 | \fBAllowAnyRoot Yes\fR | |
28 | .TP 5 | |
29 | \fBAllowAnyRoot No\fR | |
30 | Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. | |
31 | The default is "Yes". | |
32 | .TP 5 | |
33 | \fBAllowExpiredCerts Yes\fR | |
34 | .TP 5 | |
35 | \fBAllowExpiredCerts No\fR | |
36 | Specifies whether to allow TLS with expired certificates. | |
37 | The default is "No". | |
38 | .TP 5 | |
39 | \fBEncryption IfRequested\fR | |
40 | .TP 5 | |
41 | \fBEncryption Never\fR | |
42 | .TP 5 | |
43 | \fBEncryption Required\fR | |
44 | Specifies the level of encryption that should be used. | |
45 | .TP 5 | |
46 | \fBGSSServiceName \fIname\fR | |
47 | Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
48 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
49 | .TP 5 | |
50 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR] | |
51 | .TP 5 | |
52 | \fBServerName \fI/domain/socket\fR | |
53 | Specifies the address and optionally the port to use when connecting to the server. | |
54 | \fBNote: This directive is not supported on macOS 10.7 or later.\fR | |
55 | .TP 5 | |
56 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR | |
57 | Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
58 | .TP 5 | |
59 | \fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] | |
60 | .TP 5 | |
61 | \fBSSLOptions None\fR | |
62 | Sets encryption options (only in /etc/cups/client.conf). | |
63 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
64 | Security is reduced when \fIAllow\fR options are used. | |
65 | Security is enhanced when \fIDeny\fR options are used. | |
66 | The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). | |
67 | The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. | |
68 | The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. | |
69 | The \fIDenyCBC\fR option disables all CBC cipher suites. | |
70 | The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. | |
71 | .TP 5 | |
72 | \fBTrustOnFirstUse Yes\fR | |
73 | .TP 5 | |
74 | \fBTrustOnFirstUse No\fR | |
75 | Specifies whether to trust new TLS certificates by default. | |
76 | The default is "Yes". | |
77 | .TP 5 | |
78 | \fBUser \fIname\fR | |
79 | Specifies the default user name to use for requests. | |
80 | .TP 5 | |
81 | \fBValidateCerts Yes\fR | |
82 | .TP 5 | |
83 | \fBValidateCerts No\fR | |
84 | Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
85 | The default is "No". | |
86 | .SH NOTES | |
87 | The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS. | |
88 | Configuration settings can instead be viewed or changed using the | |
89 | .BR defaults (1) | |
90 | command: | |
91 | .nf | |
92 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
93 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
94 | ||
95 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
96 | .fi | |
97 | On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
98 | .SH SEE ALSO | |
99 | .BR cups (1), | |
100 | .BR default (1), | |
101 | CUPS Online Help (http://localhost:631/help) | |
102 | .SH COPYRIGHT | |
103 | Copyright \[co] 2007-2017 by Apple Inc. |