#
-# "$Id: cupsd.conf,v 1.25 2000/11/17 19:57:12 mike Exp $"
+# "$Id: cupsd.conf,v 1.32.2.2 2001/12/26 16:52:09 mike Exp $"
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler.
#
-# Copyright 1997-2000 by Easy Software Products, all rights reserved.
+# Copyright 1997-2001 by Easy Software Products, all rights reserved.
#
# These coded instructions, statements, and computer programs are the
# property of Easy Software Products and are protected by Federal
#AccessLog /var/log/cups/access_log
+#
+# Classification: the classification level of the server. If set, this
+# classification is displayed on all pages, and raw printing is disabled.
+# The default is the empty string.
+#
+
+#Classification classified
+#Classification confidential
+#Classification secret
+#Classification topsecret
+#Classification unclassified
+
+#
+# ClassifyOverride: whether to allow users to override the classification
+# on printouts. If enabled, users can limit banner pages to before or
+# after the job, and can change the classification of a job, but cannot
+# completely eliminate the classification or banners.
+#
+# The default is off.
+#
+
+#ClassifyOverride off
+
#
# DataDir: the root directory for the CUPS data files.
# By default /usr/share/cups.
# By default the compiled in directory.
#
-#DocumentRoot /usr/share/cups/doc
+#DocumentRoot /usr/share/doc/cups
#
# ErrorLog: the error log file; if this does not start with a leading /
# LogLevel: controls the number of messages logged to the ErrorLog
# file and can be one of the following:
#
-# debug Log everything.
+# debug2 Log everything.
+# debug Log almost everything.
# info Log all requests and state changes.
# warn Log errors and warnings.
# error Log only errors.
#
# MaxJobs: maximum number of jobs to keep in memory (active and completed.)
-# Default is 0 (no limit.)
+# Default is 500; the value 0 is used for no limit.
#
-#MaxJobs 0
+#MaxJobs 500
#
# Printcap: the name of the printcap file. Default is /etc/printcap.
#ServerRoot /etc/cups
+########
+######## Encryption Support
+########
+
+#
+# ServerCertificate: the file to read containing the server's certificate.
+# Defaults to "/etc/cups/ssl/server.crt".
+#
+
+#ServerCertificate /etc/cups/ssl/server.crt
+
+#
+# ServerKey: the file to read containing the server's key.
+# Defaults to "/etc/cups/ssl/server.key".
+#
+
+#ServerKey /etc/cups/ssl/server.key
+
+
########
######## Filter Options
########
# Listen 1.2.3.4
# Listen 1.2.3.4:631
#
+# NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades
+# for encryption. If you want to support web-based encryption you'll
+# probably need to listen on port 443 (the "https" port...)
+#
#Port 80
+#Port 443
Port 631
#
########
#
-# Browsing: whether or not to broadcast printer information to
-# other CUPS servers. Enabled by default.
+# Browsing: whether or not to broadcast and/or listen for CUPS printer
+# information on the network. Enabled by default.
#
#Browsing On
#
-# BrowseShortNames: whether or not to use "short" names for remote printers
-# when possible (e.g. "printer" instead of "printer@host".) Enabled by
-# default.
+# BrowseProtocols: which protocols to use for browsing. Can be
+# any of the following separated by whitespace and/or commas:
+#
+# all - Use all supported protocols.
+# cups - Use the CUPS browse protocol.
+# slp - Use the SLPv2 protocol.
+#
+# The default is "cups".
+#
+# NOTE: If you choose to use SLPv2, it is *strongly* recommended that
+# you have at least one SLP Directory Agent (DA) on your
+# network. Otherwise, browse updates can take several seconds,
+# during which the scheduler will not response to client
+# requests.
#
-#BrowseShortNames Yes
+#BrowseProtocols cups
#
# BrowseAddress: specifies a broadcast address to be used. By
-# default browsing information is broadcast to all active interfaces.
+# default browsing information is not sent!
#
-# Note: HP-UX 10.20 and earlier do not properly handle broadcast unless
-# you have a Class A, B, C, or D netmask (i.e. no CIDR support).
+# Note: HP-UX does not properly handle broadcast unless you have a
+# Class A, B, C, or D netmask (i.e. no CIDR support).
+#
+# Note: Using the "global" broadcast address (255.255.255.255) will
+# activate a Linux demand-dial link with the default configuration.
+# If you have a LAN as well as the dial-up link, use the LAN's
+# broadcast address.
#
#BrowseAddress x.y.z.255
#BrowseAddress x.y.255.255
#BrowseAddress x.255.255.255
+#BrowseAddress 255.255.255.255
+
+#
+# BrowseShortNames: whether or not to use "short" names for remote printers
+# when possible (e.g. "printer" instead of "printer@host".) Enabled by
+# default.
+#
+
+#BrowseShortNames Yes
#
# BrowseAllow: specifies an address mask to allow for incoming browser
#ImplicitClasses On
+#
+# ImplicitAnyClasses: whether or not to create "AnyPrinter" implicit
+# classes.
+#
+# When ImplicitAnyClasses is On and a local queue of the same name
+# exists, e.g. "printer", "printer@server1", "printer@server1", then
+# an implicit class called "Anyprinter" is created instead.
+#
+# When ImplicitAnyClasses is Off, implicit classes are not created
+# when there is a local queue of the same name.
+#
+# Disabled by default.
+#
+
+#ImplicitAnyCLasses Off
+
+#
+# HideImplicitMembers: whether or not to show the members of an
+# implicit class.
+#
+# When HideImplicitMembers is On, any remote printers that are
+# part of an implicit class are hidden from the user, who will
+# then only see a single queue even though many queues will be
+# supporting the implicit class.
+#
+# Enabled by default.
+#
+
+#HideImplicitMembers On
+
########
######## Security Options
# The host and domain address require that you enable hostname lookups
# with "HostNameLookups On" above.
#
+# Encryption: whether or not to use encryption; this depends on having
+# the OpenSSL library linked into the CUPS library and scheduler.
+#
+# Possible values:
+#
+# Always - Always use encryption (SSL)
+# Never - Never use encryption
+# Required - Use TLS encryption upgrade
+# IfRequested - Use encryption if the server requests it
+#
+# The default value is "IfRequested".
+#
<Location />
+Order Deny,Allow
+Deny From All
+Allow From 127.0.0.1
</Location>
#<Location /classes>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
+
+#Encryption Required
+</Location>
+
+<Location /conf>
+#
+# You definitely will want to limit access to the configuration files.
+# The default configuration requires a local connection from a user who
+# is a member of the system group to do any admin tasks. You can change
+# the group name using the SystemGroup directive.
+#
+
+AuthType Basic
+AuthClass System
+
+## Restrict access to local domain
+Order Deny,Allow
+Deny From All
+Allow From 127.0.0.1
+
+#Encryption Required
</Location>
#
-# End of "$Id: cupsd.conf,v 1.25 2000/11/17 19:57:12 mike Exp $".
+# End of "$Id: cupsd.conf,v 1.32.2.2 2001/12/26 16:52:09 mike Exp $".
#