suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man5/client.conf.5.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

155 lines
7.0 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of client.conf</TITLE>
</HEAD><BODY>
<H1>client.conf</H1>
Section: Apple Inc. (5)<BR>Updated: CUPS<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
client.conf - client configuration file for cups (deprecated on macos)
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
The <B>client.conf</B> file configures the CUPS client and is normally located in the <I>/etc/cups</I> and/or <I>~/.cups</I> directories.
Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
<P>
<B>Note:</B> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
The <B>ServerName</B> directive is not supported on macOS at all.
Starting with macOS 10.12, all applications can access these settings in the <I>/Library/Preferences/org.cups.PrintingPrefs.plist</I> file instead.
See the NOTES section below for more information.
<A NAME="lbAD">&nbsp;</A>
<H3>DIRECTIVES</H3>
The following directives are understood by the client. Consult the online help for detailed descriptions:
<DL COMPACT>
<DT id="1"><B>AllowAnyRoot Yes</B><DD>
<DT id="2"><B>AllowAnyRoot No</B><DD>
Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
The default is &quot;Yes&quot;.
<DT id="3"><B>AllowExpiredCerts Yes</B><DD>
<DT id="4"><B>AllowExpiredCerts No</B><DD>
Specifies whether to allow TLS with expired certificates.
The default is &quot;No&quot;.
<DT id="5"><B>DigestOptions DenyMD5</B><DD>
<DT id="6"><B>DigestOptions None</B><DD>
Specifies HTTP Digest authentication options.
<B>DenyMD5</B> disables support for the original MD5 hash algorithm.
<DT id="7"><B>Encryption IfRequested</B><DD>
<DT id="8"><B>Encryption Never</B><DD>
<DT id="9"><B>Encryption Required</B><DD>
Specifies the level of encryption that should be used.
<DT id="10"><B>GSSServiceName </B><I>name</I><DD>
Specifies the Kerberos service name that is used for authentication, typically &quot;host&quot;, &quot;http&quot;, or &quot;ipp&quot;.
CUPS adds the remote hostname (&quot;<A HREF="mailto:name@server.example.com">name@server.example.com</A>&quot;) for you. The default name is &quot;http&quot;.
<DT id="11"><B>ServerName </B><I>hostname-or-ip-address</I>[<I>:port</I>]<DD>
<DT id="12"><B>ServerName </B><I>/domain/socket</I><DD>
Specifies the address and optionally the port to use when connecting to the server.
<B>Note: This directive is not supported on macOS 10.7 or later.</B>
<DT id="13"><B>ServerName </B><I>hostname-or-ip-address</I>[<I>:port</I>]<B>/version=1.1</B><DD>
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
<DT id="14"><B>SSLOptions </B>[<I>AllowDH</I>] [<I>AllowRC4</I>] [<I>AllowSSL3</I>] [<I>DenyCBC</I>] [<I>DenyTLS1.0</I>] [<I>MaxTLS1.0</I>] [<I>MaxTLS1.1</I>] [<I>MaxTLS1.2</I>] [<I>MaxTLS1.3</I>] [<I>MinTLS1.0</I>] [<I>MinTLS1.1</I>] [<I>MinTLS1.2</I>] [<I>MinTLS1.3</I>]<DD>
<DT id="15"><B>SSLOptions None</B><DD>
Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
Security is reduced when <I>Allow</I> options are used.
Security is enhanced when <I>Deny</I> options are used.
The <I>AllowDH</I> option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
The <I>AllowRC4</I> option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The <I>AllowSSL3</I> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The <I>DenyCBC</I> option disables all CBC cipher suites.
The <I>DenyTLS1.0</I> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
The <I>MinTLS</I> options set the minimum TLS version to support.
The <I>MaxTLS</I> options set the maximum TLS version to support.
Not all operating systems support TLS 1.3 at this time.
<DT id="16"><B>TrustOnFirstUse Yes</B><DD>
<DT id="17"><B>TrustOnFirstUse No</B><DD>
Specifies whether to trust new TLS certificates by default.
The default is &quot;Yes&quot;.
<DT id="18"><B>User </B><I>name</I><DD>
Specifies the default user name to use for requests.
<DT id="19"><B>UserAgentTokens None</B><DD>
<DT id="20"><B>UserAgentTokens ProductOnly</B><DD>
<DT id="21"><B>UserAgentTokens Major</B><DD>
<DT id="22"><B>UserAgentTokens Minor</B><DD>
<DT id="23"><B>UserAgentTokens Minimal</B><DD>
<DT id="24"><B>UserAgentTokens OS</B><DD>
<DT id="25"><B>UserAgentTokens Full</B><DD>
Specifies what information is included in the User-Agent header of HTTP requests.
&quot;None&quot; disables the User-Agent header.
&quot;ProductOnly&quot; reports &quot;CUPS&quot;.
&quot;Major&quot; reports &quot;CUPS/major IPP/2&quot;.
&quot;Minor&quot; reports &quot;CUPS/major.minor IPP/2.1&quot;.
&quot;Minimal&quot; reports &quot;CUPS/major.minor.patch IPP/2.1&quot;.
&quot;OS&quot; reports &quot;CUPS/major.minor.path (osname osversion) IPP/2.1&quot;.
&quot;Full&quot; reports &quot;CUPS/major.minor.path (osname osversion; architecture) IPP/2.1&quot;.
The default is &quot;Minimal&quot;.
<DT id="26"><B>ValidateCerts Yes</B><DD>
<DT id="27"><B>ValidateCerts No</B><DD>
Specifies whether to only allow TLS with certificates whose common name matches the hostname.
The default is &quot;No&quot;.
</DL>
<A NAME="lbAE">&nbsp;</A>
<H2>NOTES</H2>
The <B>client.conf</B> file is deprecated on macOS and will no longer be supported in a future version of CUPS.
Configuration settings can instead be viewed or changed using the
<B><A HREF="/cgi-bin/man/man2html?1+defaults">defaults</A></B>(1)
command:
<PRE>
defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO
defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
</PRE>
On Linux and other systems using GNU TLS, the <I>/etc/cups/ssl/site.crl</I> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?1+cups">cups</A></B>(1),
<B><A HREF="/cgi-bin/man/man2html?1+default">default</A></B>(1),
CUPS Online Help (<A HREF="http://localhost:631/help)">http://localhost:631/help)</A>
<A NAME="lbAG">&nbsp;</A>
<H2>COPYRIGHT</H2>
Copyright &#169; 2007-2019 by Apple Inc.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="28"><A HREF="#lbAB">NAME</A><DD>
<DT id="29"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DL>
<DT id="30"><A HREF="#lbAD">DIRECTIVES</A><DD>
</DL>
<DT id="31"><A HREF="#lbAE">NOTES</A><DD>
<DT id="32"><A HREF="#lbAF">SEE ALSO</A><DD>
<DT id="33"><A HREF="#lbAG">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:02 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink