mirror of https://gitee.com/openkylin/cups.git
144 lines
5.7 KiB
Groff
144 lines
5.7 KiB
Groff
.\"
|
||
.\" client.conf man page for CUPS.
|
||
.\"
|
||
.\" Copyright © 2007-2019 by Apple Inc.
|
||
.\" Copyright © 2006 by Easy Software Products.
|
||
.\"
|
||
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||
.\" information.
|
||
.\"
|
||
.TH client.conf 5 "CUPS" "15 October 2019" "Apple Inc."
|
||
.SH NAME
|
||
client.conf \- client configuration file for cups (deprecated on macos)
|
||
.SH DESCRIPTION
|
||
The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories.
|
||
Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
|
||
.LP
|
||
\fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
|
||
The \fBServerName\fR directive is not supported on macOS at all.
|
||
Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead.
|
||
See the NOTES section below for more information.
|
||
.SS DIRECTIVES
|
||
The following directives are understood by the client. Consult the online help for detailed descriptions:
|
||
.\"#AllowAnyRoot
|
||
.TP 5
|
||
\fBAllowAnyRoot Yes\fR
|
||
.TP 5
|
||
\fBAllowAnyRoot No\fR
|
||
Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
|
||
The default is "Yes".
|
||
.\"#AllowExpiredCerts
|
||
.TP 5
|
||
\fBAllowExpiredCerts Yes\fR
|
||
.TP 5
|
||
\fBAllowExpiredCerts No\fR
|
||
Specifies whether to allow TLS with expired certificates.
|
||
The default is "No".
|
||
.\"#DigestOptions
|
||
.TP 5
|
||
\fBDigestOptions DenyMD5\fR
|
||
.TP 5
|
||
\fBDigestOptions None\fR
|
||
Specifies HTTP Digest authentication options.
|
||
\fBDenyMD5\fR disables support for the original MD5 hash algorithm.
|
||
.\"#Encryption
|
||
.TP 5
|
||
\fBEncryption IfRequested\fR
|
||
.TP 5
|
||
\fBEncryption Never\fR
|
||
.TP 5
|
||
\fBEncryption Required\fR
|
||
Specifies the level of encryption that should be used.
|
||
.\"#GSSServiceName
|
||
.TP 5
|
||
\fBGSSServiceName \fIname\fR
|
||
Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
|
||
CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
|
||
.\"#ServerName
|
||
.TP 5
|
||
\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]
|
||
.TP 5
|
||
\fBServerName \fI/domain/socket\fR
|
||
Specifies the address and optionally the port to use when connecting to the server.
|
||
\fBNote: This directive is not supported on macOS 10.7 or later.\fR
|
||
.TP 5
|
||
\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
|
||
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
|
||
.\"#SSLOptions
|
||
.TP 5
|
||
\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
|
||
.TP 5
|
||
\fBSSLOptions None\fR
|
||
Sets encryption options (only in /etc/cups/client.conf).
|
||
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
|
||
Security is reduced when \fIAllow\fR options are used.
|
||
Security is enhanced when \fIDeny\fR options are used.
|
||
The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
|
||
The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
|
||
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
|
||
The \fIDenyCBC\fR option disables all CBC cipher suites.
|
||
The \fIDenyTLS1.0\fR option disables TLS v1.0 support \- this sets the minimum protocol version to TLS v1.1.
|
||
The \fIMinTLS\fR options set the minimum TLS version to support.
|
||
The \fIMaxTLS\fR options set the maximum TLS version to support.
|
||
Not all operating systems support TLS 1.3 at this time.
|
||
.\"#TrustOnFirstUse
|
||
.TP 5
|
||
\fBTrustOnFirstUse Yes\fR
|
||
.TP 5
|
||
\fBTrustOnFirstUse No\fR
|
||
Specifies whether to trust new TLS certificates by default.
|
||
The default is "Yes".
|
||
.\"#User
|
||
.TP 5
|
||
\fBUser \fIname\fR
|
||
Specifies the default user name to use for requests.
|
||
.\"#UserAgentTokens
|
||
.TP 5
|
||
\fBUserAgentTokens None\fR
|
||
.TP 5
|
||
\fBUserAgentTokens ProductOnly\fR
|
||
.TP 5
|
||
\fBUserAgentTokens Major\fR
|
||
.TP 5
|
||
\fBUserAgentTokens Minor\fR
|
||
.TP 5
|
||
\fBUserAgentTokens Minimal\fR
|
||
.TP 5
|
||
\fBUserAgentTokens OS\fR
|
||
.TP 5
|
||
\fBUserAgentTokens Full\fR
|
||
Specifies what information is included in the User-Agent header of HTTP requests.
|
||
"None" disables the User-Agent header.
|
||
"ProductOnly" reports "CUPS".
|
||
"Major" reports "CUPS/major IPP/2".
|
||
"Minor" reports "CUPS/major.minor IPP/2.1".
|
||
"Minimal" reports "CUPS/major.minor.patch IPP/2.1".
|
||
"OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1".
|
||
"Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1".
|
||
The default is "Minimal".
|
||
.\"#ValidateCerts
|
||
.TP 5
|
||
\fBValidateCerts Yes\fR
|
||
.TP 5
|
||
\fBValidateCerts No\fR
|
||
Specifies whether to only allow TLS with certificates whose common name matches the hostname.
|
||
The default is "No".
|
||
.SH NOTES
|
||
The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS.
|
||
Configuration settings can instead be viewed or changed using the
|
||
.BR defaults (1)
|
||
command:
|
||
.nf
|
||
defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
|
||
defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse \-bool NO
|
||
|
||
defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
|
||
.fi
|
||
On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
|
||
.SH SEE ALSO
|
||
.BR cups (1),
|
||
.BR default (1),
|
||
CUPS Online Help (http://localhost:631/help)
|
||
.SH COPYRIGHT
|
||
Copyright \[co] 2007-2019 by Apple Inc.
|