Update the Kerberos help file (Issue #4580)

diff --git a/CHANGES.md b/CHANGES.md
index c67aba9305605a0d092b03b5ef077960710803ef..0c4031dd1fdc1b30559e00452b80c2afc5c95e6e 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,7 @@ CHANGES - 2.3b1 - 2017-11-01
 Changes in CUPS v2.3b1
 ----------------------
 
+- Documentation updates (Issue #4580)
 - The `lpstat` command now reports when new jobs are being held (Issue #4761)
 - The scheduler now supports the "printer-id" attribute (Issue #4868)
 - No longer support backslash, question mark, or quotes in printer names

diff --git a/doc/help/kerberos.html b/doc/help/kerberos.html
index ebbadbdf8c66d9d4b0294942a4719727b61b3709..9d5a9ee24ee94ef9927d176dc7e309ea77908338 100644 (file)
--- a/doc/help/kerberos.html
+++ b/doc/help/kerberos.html
@@ -26,7 +26,7 @@ DNS server(s).</li>
        </ol></li>
 
        <li>Properly configured Kerberos infrastructure:<ol type='a'>
-               <li>KDC configured to allow CUPS servers to obtain Service Granting Tickets (SGTs) for the "host" service,</li>
+               <li>KDC configured to allow CUPS servers to obtain Service Granting Tickets (SGTs) for the "host" and "HTTP" services/principals,</li>
                <li>LDAP-based user accounts - both OpenDirectory and ActiveDirectory provide this with the KDC, and</li>
                <li>CUPS clients and servers bound to the same KDC and LDAP
        server(s).</li>
@@ -77,11 +77,11 @@ http://server.example.com:631/admin
 
 <H2 CLASS="title"><A NAME="IMPLEMENT">Implementation Information</A></H2>
 
-<P>CUPS implements Kerberos over HTTP using GSSAPI and the service name "host". Because of limitations in the HTTP GSSAPI protocol extension, only a single domain/KDC is supported for authentication. The HTTP extension is described in <a href="http://tools.ietf.org/html/rfc4559">RFC 4559</a>.</P>
+<P>CUPS implements Kerberos over HTTP using GSSAPI and the service/principal names "host/server.example.com" for command-line access and "HTTP/server.example.com" for web-based access, where "server.example.com" is replaced by your CUPS server's hostname. Because of limitations in the HTTP GSSAPI protocol extension, only a single domain/KDC is supported for authentication. The HTTP extension is described in <a href="http://tools.ietf.org/html/rfc4559">RFC 4559</a>.</P>
 
-<P>When doing printing tasks that require authentication, CUPS requests single-use "tickets" from your login session to authenticate who you are. These tickets give CUPS a username of the form "user@REALM", which is then converted to just "user" for purposes of user and group checks.</P>
+<P>When doing printing tasks that require authentication, CUPS requests single-use "tickets" from your login session to authenticate who you are. These tickets give CUPS a username of the form "user@REALM", which is then truncated to just "user" for purposes of user and group checks.</P>
 
-<P>In order to support printing to a shared printer, CUPS runs the IPP backend as the owner of the print job so it can obtain the necessary credentials when the job is de-spooled to the server.</P>
+<P>In order to support printing to a shared printer, CUPS runs the IPP or SMB backend as the owner of the print job so it can obtain the necessary credentials when the job is de-spooled to the server.</P>
 
 </BODY>
 </HTML>

diff --git a/ppdc/ppdc-catalog.cxx b/ppdc/ppdc-catalog.cxx
index 602321887b60eb5f6a766270ca5bf12480486278..859f16040216a559acc062b167031e777f1916ab 100644 (file)
--- a/ppdc/ppdc-catalog.cxx
+++ b/ppdc/ppdc-catalog.cxx
@@ -1,7 +1,7 @@
 //
 // Shared message catalog class for the CUPS PPD Compiler.
 //
-// Copyright 2007-2016 by Apple Inc.
+// Copyright 2007-2017 by Apple Inc.
 // Copyright 2002-2006 by Easy Software Products.
 //
 // These coded instructions, statements, and computer programs are the