From: Michael R Sweet <michaelrsweet@gmail.com>
Date: Wed, 1 Nov 2017 20:03:41 +0000 (-0400)
Subject: Update the Kerberos help file (Issue #4580)
X-Git-Tag: v2.3b1~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47386fc10674d23fa6a7c83cffe7146c0c50cbbc;p=thirdparty%2Fcups.git

Update the Kerberos help file (Issue #4580)
---

diff --git a/CHANGES.md b/CHANGES.md
index c67aba9305..0c4031dd1f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,7 @@ CHANGES - 2.3b1 - 2017-11-01
 Changes in CUPS v2.3b1
 ----------------------
 
+- Documentation updates (Issue #4580)
 - The `lpstat` command now reports when new jobs are being held (Issue #4761)
 - The scheduler now supports the "printer-id" attribute (Issue #4868)
 - No longer support backslash, question mark, or quotes in printer names
diff --git a/doc/help/kerberos.html b/doc/help/kerberos.html
index ebbadbdf8c..9d5a9ee24e 100644
--- a/doc/help/kerberos.html
+++ b/doc/help/kerberos.html
@@ -26,7 +26,7 @@ DNS server(s).</li>
 	</ol></li>
 
 	<li>Properly configured Kerberos infrastructure:<ol type='a'>
-		<li>KDC configured to allow CUPS servers to obtain Service Granting Tickets (SGTs) for the "host" service,</li>
+		<li>KDC configured to allow CUPS servers to obtain Service Granting Tickets (SGTs) for the "host" and "HTTP" services/principals,</li>
 		<li>LDAP-based user accounts - both OpenDirectory and ActiveDirectory provide this with the KDC, and</li>
 		<li>CUPS clients and servers bound to the same KDC and LDAP
 	server(s).</li>
@@ -77,11 +77,11 @@ http://server.example.com:631/admin
 
 <H2 CLASS="title"><A NAME="IMPLEMENT">Implementation Information</A></H2>
 
-<P>CUPS implements Kerberos over HTTP using GSSAPI and the service name "host". Because of limitations in the HTTP GSSAPI protocol extension, only a single domain/KDC is supported for authentication. The HTTP extension is described in <a href="http://tools.ietf.org/html/rfc4559">RFC 4559</a>.</P>
+<P>CUPS implements Kerberos over HTTP using GSSAPI and the service/principal names "host/server.example.com" for command-line access and "HTTP/server.example.com" for web-based access, where "server.example.com" is replaced by your CUPS server's hostname. Because of limitations in the HTTP GSSAPI protocol extension, only a single domain/KDC is supported for authentication. The HTTP extension is described in <a href="http://tools.ietf.org/html/rfc4559">RFC 4559</a>.</P>
 
-<P>When doing printing tasks that require authentication, CUPS requests single-use "tickets" from your login session to authenticate who you are. These tickets give CUPS a username of the form "user@REALM", which is then converted to just "user" for purposes of user and group checks.</P>
+<P>When doing printing tasks that require authentication, CUPS requests single-use "tickets" from your login session to authenticate who you are. These tickets give CUPS a username of the form "user@REALM", which is then truncated to just "user" for purposes of user and group checks.</P>
 
-<P>In order to support printing to a shared printer, CUPS runs the IPP backend as the owner of the print job so it can obtain the necessary credentials when the job is de-spooled to the server.</P>
+<P>In order to support printing to a shared printer, CUPS runs the IPP or SMB backend as the owner of the print job so it can obtain the necessary credentials when the job is de-spooled to the server.</P>
 
 </BODY>
 </HTML>
diff --git a/ppdc/ppdc-catalog.cxx b/ppdc/ppdc-catalog.cxx
index 602321887b..859f160402 100644
--- a/ppdc/ppdc-catalog.cxx
+++ b/ppdc/ppdc-catalog.cxx
@@ -1,7 +1,7 @@
 //
 // Shared message catalog class for the CUPS PPD Compiler.
 //
-// Copyright 2007-2016 by Apple Inc.
+// Copyright 2007-2017 by Apple Inc.
 // Copyright 2002-2006 by Easy Software Products.
 //
 // These coded instructions, statements, and computer programs are the