summaryrefslogtreecommitdiffstats
path: root/upstream/debian-bookworm/man8/lpd.8
blob: 873d8b3b06d4b86572ae31b451252d0192947454 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
.TH LPD 8 2008-03-14 "LPRng" "lpd daemon"

.hy 0
.de NP
.IP \\n(nP
.nr nP \\n(nP+1
..
.de np
.nr nP 1
..
.de L
.ie !"\\$1"" \{\
.ft CW
\&\\s-2\\$1\\s+2\\fP\\$2
.ft R
.\}
.el \{\
.ft CW
.ps -2
.\}
..
.SH NAME
lpd \- line printer daemon
.SH SYNOPSIS
.B lpd
.RB [ \-L
.IR logfile ]
.RB [ \-F ]
.RB [ \-V ]
.RB [ \-D
.IR debugopt ]
.RB [ -p
.IR port ]
.SH DESCRIPTION
The lpd program is the printer server program of the LPRng software
suite.
This software is an enhanced and modified version of the Berkeley LPD
software.
.SH OPTIONS
.TP
.BI \-L " logfile"
specifies an alternate file to be used for logging error and debugging
messages.
The
.IR syslog (8)
facility is used to log critical messages as well.
Please note that you need to create the file by yourself, a 'touch' is sufficient.
This is needed for security reasons.
.TP
.B \-F
Under normal operation, the LPD server will run in
background mode.
The -F flag forces it to run in foreground mode,
where it is more easily debugged.
.TP
.B \-V
Print program version information.
.TP
.BI \-D " debugopt"
Debugging is controlled using the 
.B \-D
option. This accepts a comma-separated list of debugging
settings. These settings take one of two forms:
.B facility=value ,
or
.B value 
to set an overall default value.
The available facilities can be determined by
invoking LPD with the \-D= parameter.
.TP
.BI \-p " port"
Bind to the specified port rather than port 515 specified by RFC1179.
.SH OPERATION
.PP
.I Lpd
is the line printer daemon (spool queue handler) and is normally invoked
at boot time from the
.IR rc (8)
file;
it can also be started by a user.
Note that the lpd server needs only run on systems where actual printing
or spooling is taking place.
.IR lpr (1)
and other related programs transfer files using network facilities to the
.IR lpd .
.PP
When started,
.I lpd
reads a configuration file to obtain basic operational parameters
and then reads the
.IR printcap (5)
database information to determine the which printers have spool queues
and to start spool queue server processes.
If running as a background server,
it will disconnect from its control terminal and run in the background.
It uses the system calls
.IR listen (2)
and
.IR accept (2)
to receive requests to print files in the queue,
transfer files to the spooling area,
display the queue,
remove jobs from the queue,
or perform a spool queue control function.
In each case it creates one or more server processes to handle
the request and the lpd process will listen for more requests.
.PP
Sending the server a
SIGHUP signal causes the server to reread the various configuration
and inititialization files.
This action is similar to that of the
.I INETD
and other servers.
The same action is taken when sent a
.I reread
command by the
.IR lpc (1)
program.
At an interval specified by
the
.I poll_time
configuration variable,
.I lpd
will check for spool queues with jobs and no printing activity,
and start printing.
.PP
LPD access control is done using
a rule set and match algorithm similar to a packet filter.
Each request for printing, status, or control operations
is matched against the rule set,
and the first ACCEPT or REJECT value determines
if the operation can be performed.
The following is a typical permissions file:
.RS
.nf
.L
# Set default permissions
DEFAULT ACCEPT
# Reject any connections from outside our subnet
REJECT SERVICE=X NOT IP=130.191.0.0/255.255.0.0
# Only accept Printing (P) and spooling (LPR) from
# the private network, the 10.0.0.0/8  network and fw
REJECT SERVICE=P,R NOT REMOTEHOST=*.private,10.0.0.0/8,fw.astart.com
# Do not accept forwarded jobs for printing
REJECT SERVICE=P FORWARD
# Allow only the administrators control access
ACCEPT SERVICE=C,M REMOTEHOST=spooler.astart.com USER=root,papowell
ACCEPT SERVICE=C,M SERVER REMOTEUSER=root,papowell
# Allow only the user on the same host who spooled job to remove it
ACCEPT SERVICE=M SAMEUSER SAMEHOST
REJECT SERVICE=M,C
.RE
.fi
.sp
.LP
Permission checking is done by using a set of keys (or fields)
with associated values to check for permission.
The SERVICE key has value P for printing (i.e.- unspooling),
R for spooling (i.e.- LPR request),
C and S for printer control and status respectively (i.e.- LPC request),
M for removal (i.e.- LPRM request),
Q for queue information (i.e.- LPRM request),
and so forth.
The
.B X
key indicates the initial connection to the LPD spooler,
and can be used to control connections from remote systems.
The
values of the USER, HOST, and IP keys taken from the control file
which is being received or checked for permissions.
The REMOTEUSER, REMOTEHOST and REMOTEIP keys are those either sent
as part of a command,
or derived from information about the current network connection.
Each line of the permissions file is scanned for key names and
values, and these are matched against the request keys information.
When all matches on a line are made,
then search terminates with the specified action (ACCEPT/REJECT).
If no match is found the default permission value is used.
The
DEFAULT key is used to specify the current default permission to
be used for successful matches or if there is no match after
scanning the entire permissions database.
.LP
The GROUP entry is used to check that the USER name appears in a
group entry in the system user group database.
For example,
GROUP=student*,staff*
would check to see if any of the group name matching
student* or staff* have the specified user name in them.
If a system has the
.I netgroups
capability,
a group name starting with a
\f(CW@\fR
will be treated as a netgroup name,
and current user name from the job file will be checked to see if
it is in the group.
Similarly,
the
REMOTEGROUP entry will check a remote user name.
The
PORT
entry can be used to ensure that a connection to the server
originates from a specified range of ports.
For more details,
see the
.BR lpd.perm (5)
man page.
.LP
The permissions database is scanned in order of the fixed file entries
and then by invoking the specified filters for each
of the permissions lists.
It is recommended that the filters be placed at the end of the
permissions lists.
The user name is one of the parameters passed to the filter,
and can be used to determine if a user has permissions to print a file.
.sp
.nf
.ne 20v
.ta \w'Key__________'u +\w'Match_'u +\w'Connect_'u +\w'Job___'u +\w'Job____'u +\w'LPQ__'u +\w'LPRM__'u +\w'LPC'u
Key	Match	Connect	Job	Job	LPQ	LPRM	LPC
\0	\0	\0	Spool	Print
SERVICE	S	'X'	'R'	'P'	'Q'	'M'	'C,S'
USER	S	-	JUSR	JUSR	JUSR	JUSR	JUSR
HOST	S	RH	JH	JH	JH	JH	JH
GROUP	S	-	JUSR	JUSR	JUSR	JUSR	JUSR
IP	IP	RIP	JIP	JIP	RIP	JIP	JIP
PORT	N	PORT	PORT	-	PORT	PORT	PORT
REMOTEUSER	S	-	JUSR	JUSR	JUSR	CUSR	CUSR
REMOTEHOST	S	RH	RH	JH	RH	RH	RH
REMOTEGROUP	S	-	JUSR	JUSR	JUSR	CUSR	CUSR
REMOTEIP	IP	RIP	RIP	JIP	RIP	RIP	RIP
CONTROLLINE	S	-	CL	CL	CL	CL	CL
PRINTER	S	-	PR	PR	PR	PR	PR
FORWARD	V	-	SA	-	-	SA	SA	SA
SAMEHOST	V	-	SA	-	SA	SA	SA
SAMEUSER	V	-	-	-	SU	SU	SU
SERVER	V	-	SV	-	SV	SV	SV
AUTH	V	-	AU	-	AU	AU	AU
AUTHTYPE	S	-	AU	-	AU	AU	AU
AUTHUSER	S	-	AU	-	AU	AU	AU
FWDUSER	S	-	AU	-	AU	AU	AU


.ta 3m +\w'RH = REMOTEHOST    'u
KEY:
	JH = HOST	host in control file
	RH = REMOTEHOST	connecting host name
	JUSR = USER	user in control file
	CUSR = REMOTEUSER	user from control request
	JIP= IP	IP address of host in control file
	RIP= REMOTEIP	IP address of requesting host
	PORT=	connecting host origination port
	CONTROLLINE=	pattern match of control line in control file
	FW= IP of source of request = IP of host in control file
	SA= IP of source of request = IP of host in control file
	SU= user from request = user in control file
	SA= IP of source of request = IP of server host
	SV= matches if remote host is the server
	AU= authentication information
	IFIP= IP address of remote end of connection
	
Match: S = string with wild card, IP = IP address[/netmask],
	N = low[-high] number range, V = exact value match
SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
    'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
    'C' - lpc spool control request; 'S' - lpc spool status request
NOTE: when printing (P action), the remote and job check values
	(i.e. - RUSR, JUSR) are identical.
.fi
.sp
.PP
The special key
.I letter=patterns
searches the control file line starting with the 
(upper case) letter,
and is usually used with printing and spooling checks.
For example,
C=A*,B*
would check that the class information (i.e.- line in the control file
starting with C) had a value starting with A or B.
.SH "PERMISSIONS, MULTIHOMED HOSTS, IPV6"
.PP
There is a subtle problem with names and IP addresses which are
obtained for 'multi-homed hosts', i.e. - those with multiple
Ethernet interfaces,  and for IPV6 (IP Version 6),  in which a host
can have multiple addresses,  and for the normal host which can have
both a short name and a fully qualified domain name.
In addition,
a host can have multiple IP addresses,
depending on the complexity of its configuration.
.PP
The IFIP (interface IP) field can be used to check the IP address
of the origination of the request,  as reported by the information
returned by the accept() system call.  Note that this information may
be IPV4 or IPV6 information,  depending on the origination of the
system.  This information is used by gethostbyaddr() to obtain the
originating host fully qualified domain name (FQDN) and set of IP addresses.
Note that this FQDN will be for the originating interface,  and may
not be the canonical host name.  Some systems which use the Domain Name Server
(DNS) system may add the canonical system name as an alias.
.PP
When performing an IP address match,  the entire list of IP addresses
for a system will now be checked.  If one of these matches, then success
is reported.  Similarly,  the entire list of host names and aliases will
be checked.  If one of these matches,  then success will be reported.
.PP
In addition,  when checking for printing, if the name lookup for the
host reported in the control file fails,  then we assume that the host
is unknown and all match checks for names or IP addresses will fail.
You can determine if a host has an entry by using the following check,
which will reject all requests from a remotehost which does not have
a DNS entry.
.br
  REJECT NOT REMOTEHOST=*
.br
.SH "PRINTCAP DATABASE"
Individual printer operations are controlled by values in the
printcap database.
See
.IR printcap (5)
for details of the format and content of the various entries.
The following are typical printer entries for a local and remote printer.
.RS
.sp
.nf
.ft CW
# main or shared printcap file - usually /etc/printcap
# remote postscript printer
fullpage
   |postscript
   :lp=postscript@farside.astart.com
# give access to (remote) hosts
t1|postscript2
   :cm=Test Printer 1
   :lp=postscript2@nearside.astart.com

# local printcap file
# specification for local printer on nearside
t1|postscript2
   :oh=nearside.astart.com
   :cd=/usr/spool/LPD/safe
   :sd=/usr/spool/LPD/t1
#
# /usr/spool/LPD/t1/printcap file -
t1:
   :lp=/dev/pr
   :if=/usr/lib/pr/if
   :of=/usr/lib/pr/if
.RE
.sp
.fi
.PP
Printcap information can be distributed by individual files or shared using
NSF, YP, or other methods;
see
.IR lpd.conf (5)
for the exact details of the location of printcap files and programs,
given by the
.I printcap_path
and
.I lpd_printcap_path
configuration information.
The usual printcap configuration is to have a main (shared) printcap database
which is used by all hosts.
The printcap information is usually extremely simple,
consisting only of the printer name and host (i.e. - fullpage printer entry).
.PP
On hosts which have printers attached or which are to provide spooling queue
directories,
more extensive printcap information is needed.
In the shared database,
.I oh
(options for specified host only) field restricts use of this entry
to the specified host.
This entry can contain host specific information,
such as the location of the spool queue and/or actual device to be used
for output. 
.PP
In the above example,
the main printcap file, /etc/printcap
has entries for all printers.
Note that these entries do not specify the spool directories (sd and cd fields),
but this could be provided.
On a host with a printer specific information can be provided in several ways.
The simplest is to simply put an additional entry in the shared printcap file,
with the
.I oh
field set to the support host name.
An alternative would be to specify the spool directories (sd and cd fields) in the
shared information,
and to put the printer specific information in a printcap file.
.PP
In addition to the
.I oh
flag,
the
.I server
flag indicates that this entry is for a the LPD server only.
This can be used to simplify the management of client and server entries.
.PP
The printcap information is obtained in the following order.
If the lpd_printcap_path configuration value is nonblank
then the lpd server will process only this information
otherwise it uses the printcap_path information.
All client programs use the contents of the configuration
printcap_path variable to get a list of locations of printcap files.
Each of these entries in the path lists are processed,
and the printcap information is extracted.
Entries which have
.I oh
fields are only used by the specified host.
The files and information is processed in linear order,
later entries overriding preceeding ones.
.PP
When processing jobs or performing spool queue specific requests,
the LPD server will check to see if there is a printcap file in the control
directory for the spool queue and the contents will be processed.
Since only the LPD server has access to the spool and control queues,
this information is processed only by the server.
.PP
In addition to files,
printcap information can be obtained from programs or filters.
For example,
the printcap_path of the form
.L /etc/printcap:|/usr/lib/getpr
will use the contents of the
.L /etc/printcap
file,
and then use the
.L /usr/lib/getpr
program to get information about a specific printer.
When information about a particular spool queue is needed and
one or more filters are specified as the source of printcap information,
then the filter will be started and the printer name written on
its standard input.
The filter must provide a printcap entry for the requested printer on its standard output.
.PP
The filter can be used to interface to databases or nonstandard information sources
which do not produce printcap information in an acceptable form.
.SH "SPOOL DIRECTORY CONTENTS"
.PP
Each spool queue has a spool directory 
(sd) and optional control
directory
(cd)  where job and control information is kept.
Under normal operation the spool and control directories are
identical,
but if the spool directory is NFS exported for use by other printer
spoolers which write files directly into the spool queue,
then it is recommended that the control directory be a separate
directory and not NFS mounted.
The following files are used for printer operations.
Per job entries are marked with an asterisk (*).
.sp
.nf
.ta 20n +8n +4n
File Name	Dir	Purpose
printer	CD	lock file and server process PID
unspooler.printer	CD	subserver process PID
control.printer	CD	queue control information
*hfAnnn	SD	job hold file
*cfAnnnHOST	SD	job control file
*dfAnnnHOST	SD	job data file
*bfAnnn.*	SD	temporary files
.sp
.fi
.PP
The nnn in the file names stands for the job number.
RFC1179 requires this to be a 3 digit number,
but the longnumber printcap flag or a nonzero
longnumber configuration variable will enable 6 digit numbers.
.PP
The lock file is used to 
prevent multiple job queue servers from becoming active simultaneously,
and to store the server process id.
The lock file name is the name as the printer name;
all other control files have the printer name appended as indicated above.
.PP
The printer spool control file contains information controlling
the queue operations.
It consists of a series of lines with keywords and values to control
printing,
spooling,
and automatic job holding operations.
The following is an example of a typical spool control file.
.sp
.nf
.RS
spooling_disabled 0
printing_disabled 1
holdall 0
redirect p1@host2
debug 10,log=/tmp/log
class A
.RE
.sp
.fi
.PP
The
.I spooling_disabled
and
.I printing_disabled
entries control spooling and printing;
the lpc
.I enable,
.I disable,
.I start,
and
.I stop
command alter these values.
The
.I holdall
entry will prevent jobs from being processed until released
with the lpc
.I hold
or
.I release
comands;
the lpc
.I holdall
and
.I noholdall
commands alter these values.
.PP
The
.I redirect
entry causes the lpd server to forward jobs to the specified
remote printer;
the lpc
.I redirect
command alters this field.
The
.I class
field controls the class of jobs being printed.
By default,
the class value is a pattern that matches the
class entry in a job file;
however a entry of the form
.I letter=patterns
will print jobs whose control file line starting with
.I letter
matches one of the patterns.
The
.I debug
line provides a set of debugging parameters for diagnostic information
for the particular spool queue.
.PP
Each print job consists of a control file and one or more data files.
Lines in the control file
file specify the job data files or parameters for the job
and the general format of the file is specified by RFC1179.
Each line consists of a flag character and a parameter;
upper case and digit characters specify options and
lower case letters specify the printing format and names of data
files.
The following is a list of the control file flag characters.
.sp
.IP A
Identifier
A job identifier to be used when displaying job
information and/or status.
The insertion of this line is controlled by the
.I use_identifier
printcap/configuration variable.
.sp
.IP C
Class
String to be used for the class line on the burst page.
.IP H
Host Name.  Name of the machine where
.I lpr
was invoked.
.IP I
Indent.  The number of characters to indent the output by (in ascii).
.IP J
Job Name.  String to be used for the job name on the burst page.
.IP L
Banner user name.
Information for banner page.
.IP P
Person.  Login name of the person who invoked
.IR lpr .
This is used to verify ownership by
.IR lprm .
.IP M
Send mail to the specified user when the current print job completes.
.IP N
File name.
The original name of a data file which is in the job.
.IP T
Title.  String to be used as the title for
.IR pr (1)
when the LPR -p option was specified.
.IP U
Unlink.  Job file to remove when printing completed.
.IP W
Width. The page width (in characters) to used for printing.
.IP Z
zoptions. Options passed by
.IR lpr
.IR -Zzoptions.
These are passed to output filters to aid in printing.
.IP f
Formatted File.  Name of a file to print which is already formatted.
.IP l
Like ``f'' but passes control characters and does not make page breaks.
.IP p
Name of a file to print using
.IR pr (1)
as a filter.
.IP t
Troff File.  The file contains
.IR troff (1)
output (cat phototypesetter commands).
.IP d
DVI File.  The file contains
.IR Tex (l)
output (DVI format from Stanford).
.IP g
Graph File.  The file contains data produced by
.IR plot (3X).
.IP c
Cifplot File. The file contains data produced by
.IR cifplot .
.IP v
The file contains a raster image.
.IP r
The file contains text data with FORTRAN carriage control characters.
.IP 1
Troff Font R. Name of the font file to use instead of the default.
(Obsolete)
.IP 2
Troff Font I. Name of the font file to use instead of the default.
(Obsolete)
.IP 3
Troff Font B. Name of the font file to use instead of the default.
(Obsolete)
.IP 4
Troff Font S. Name of the font file to use instead of the default.
(Obsolete)
.in -5
.sp
.PP
Each job in the spool queue can have an associated job hold file
which is used by the server process to control the printing of
the job.
The status file contains information controlling the job
hold status and error status.
The spool server will attempt to print a job a limited number of times
before abandoning it or setting an error status in the job status file.
The following is a typical job hold file.
.RS
.ft CW
hold        0
priority    0
active      2135
redirect
remove      0
error
.RE
.PP
A nonzero
.I hold
entry will prevent the job from being processed;
the lpc
.I hold
and release
commands update this field.
The
.I priority
field overrides the normal first-in first-out printing priority;
jobs with non-zero priority fields are printed first.
The lpc
.I topq
command updates this field.
If the
.I active
field is non-zero, the job is being printed by the server with the
specified process id.
The
.I redirect
field allows individual jobs to be forwarded to a different printer;
the lpc
.I move
command updates this field.
Finally,
the remove and error fields are used to control printing of problem jobs.
The
.I remove
field is set when a job should be removed;
the
.I error
field records information that would prevent a job from being printed.
.SH "JOB SUBMISSION"
The LPR program is used to submit a job to the LPRng system.
The LPR program opens a connection to the LPD server and
then transfer the job control file and data files.
The LPD server checks to see if the remote host
and user has permissions to
spool to the requested printer,
and then checks to see if the printer is accepting jobs.
If both conditions are met,
the job is accepted and the control and data files
are placed in the spool directory.
The LPRng software sends the control file first,
followed by the data files.
.PP
If the LPR program is acting as a filter,
it is not necessary to temporarily store the
print job on the local machine.
The input data can be sent directly to the LPD server for spooling
using an implicit job size of 0 and sending data until the connection
is terminated to the server.
However,
some LPD servers do not accept 0 size jobs,
even though it is specified by the RFC1179,
so by default LPR will create a temporary file.
The LPR -k (seKure) option specifies this direct transmission mode
be used.
.SH "JOB TRANSMISSION"
When LPR is to send a job to the server,
it must determine the location of the server.
It does this by examining the values of the
specified printer and host.
.PP
If the printer and host are explicitly specified in the form
.L "pr@host"
then the LPR program will send the job to the specified spool queue
.L pr
and to the server running on
.L host .
This can be explicitly specified by the PRINTER environment variable
or by the LPR -P option.
.PP
If the printer is specified only by a name,
then the information in the printcap database is used.
The printcap entry for the printer is searched for and the
remote host and printer information extracted.
The job is sent to the server running on the specified host.
.PP
This action can be modified by the following printcap or configuration
tags.
.IP "1. default_host=host" 5
(Configuration)
If there is no printcap entry for the printer,
the job is sent to the LPD server running on
.L host .
.IP "2. force_localhost" 5
(Configuration or printcap)
If this flag is specified,  then LPR and other client programs will
send the job to the server running on the localhost.
This overrides the default_host information.
.SH "FORWARDING OPERATIONS"
The LPD system can forward jobs from one spool directory to another.
This is controlled by the following options.
.IP 1. 5
The forward field in the spool control file has a value
rp@rm.
This can be set using the LPC forward command.
.IP 2. 5
The lp (line printer) printcap entry has the form rp@rm.
There is a rm (remote machine) and optional rp (remote printer) printcap entry.
.LP
The first of the above conditions to be met will determine the
destination.
If printing is enabled,
then jobs will be forwarded to the remote destination.
Example:
.DS
.ft CW
.nf
# using lp=rp@host
test:sd=/usr/spool/test
  :lp=test@host
test:sd=/usr/spool/test
  :lp=test@host%port
# using :rp:rm:
test:sd=/usr/spool/test
  :rp=test:rm=host
.ft R
.fi
.DE
.IP 3. 5
The LPD server uses the same algorithm for sending jobs as the
LPR program.
A connection is made to the remote server and the files are copied
to the server.
A set of timeouts is used to control error recover and retry operations.
The printcap and configuration variables
.I connect_timeout,
.I connect_interval,
.I connect_grace,
and
.I send_try
control connecting to the remote host.
A connection is attempted to the remote server from a
random port in the range of ports specified by the
.I originate_port
variable.
If a connection is not completed within
.I connect_timeout
seconds,
the connection is aborted,
and then after the 
.I connect_interval
seconds it is retried.
The procedure repeated
indefinitely for printing,
but only once for status or control operations.
A
connect_timeout value of 0 indicates no timeout;
a value of 0 specifies infinite timeout
After a job has been successfully printed,
the connection is closed and the server waits for
.I connect_grace
seconds before trying to reconnect.
.SH "BOUNCE QUEUES"
.PP
Normally job files are forwarded to a printer without
modification.
The
.B lpd_bounce
flag makes the queue a
.I "bounce queue"
and allows banners to be generated and
data files to passed through the appropriate format filter.
The entire output of this process is then passed to the
destination with the format specified by 
the
.B bq_format
option (default
.B l
or binary).
See PRINTING OPERATIONS for details about filters.
For example,
the following printcap entry will filter format f files.
.ne 1i
.DS
.ft CW
.nf
testbq:sd=/usr/spool/testbq:
  :lpd_bounce
  :bq_format=l
  :lp=final@host
  :if=/usr/lib/filter_for_f
  :mf=/usr/lib/filter_for_m
  :pf=/usr/lib/filter_for_pr
.fi
.ft R
.DE
.SH "CHANGING FORMAT OF DATAFILES"
.PP
Sometimes only the indicated format of the data files needs to be
changed.
This can be done using the
.B translate_format
option.
This entry consists of pairs of lower case characters of the form SdSd...;
S is the original and d is the translated format.
.ne 1i
.DS
.ft CW
.nf
changeformat:
  :sd=/usr/spool/changeformat:
  :translate_format=mfpf
  :lp=final@host
.fi
.ft R
.DE
.PP
In the example above,
the m format is processed by a filter, and then its format type is changed to f;
the p format is processed similarly.
Note that the lpr -p option specifies that the job will be processed by the
.L /bin/pr
command - the filter must do both the pr processing and any necessary format conversions.
.SH "LPR FILTER PROCESSING"
.PP
The
.L :lpr_bounce:
printcap flag will cause LPR to do bounce queue filtering before sending the
job to the remote queue.
This can have unexpected effects if the filters are not
available on the local host.
.PP
A typical entry which will cause LPR to do filtering is shown below.
.ne 1i
.DS
.ft CW
.nf
testbq:lpr_bounce
  :lp=printer@host
  :if=/usr/lib/filter_for_f
  :vf=/usr/lib/filter_for_v
  :mf=/usr/lib/filter_for_m
  :translate_format=mfvf
.ft R
.DE
.PP
This entry will force LPR to run jobs with formats f, m, and v
through the appropriate filter.
It will also rename the formats to the f format.
.SH "ROUTING JOBS TO PRINTERS"
.PP
When a job is submitted for printing,
sometimes it is desirable to have it dynamically rerouted to another
spool queue, or multiple copies send to various destination.
This can be done by using a
.L routing_filter .
.PP
When a job is accepted by the LPD server,
part of the processing includes passing it to a program specified
by the printcap
.L router
entry.
This filter is invoked with the original control file as STDIN,
and the default set of filter options.
The output of the routing filter will be a set of directives
used by LPD when forwarding the job to another printer
or in processing the job.
The environment and options flags are set as for a standard filter.
(See "FILTERS" for details.)
Here is a sample printcap entry:
.DS
.ft CW
.nf
t2|Test Printer 2
    :sd=/var/spool/LPD/t2
    :lf=log
    :lp=t2@printserver
    :bq=t1@localhost
    :destinations=t1@localhost,t2@localhost
    :router=/usr/local/libexec/filters/router
.ft R
.DE
.PP
The routing filter exit status is used as follows:
.nf
	0  (JSUCC) - normal processing
	37 (JHOLD) - job is held
	any other value - job is deleted from queue
.fi
.PP
The router filter returns one or more routing entries with the
following format.  Note that entry order is not important, but each
entry will end with the 'end' tag.
.DS
dest <destination queue>
copies <number of copies to be made>
X<controlfile modifications>
end
.DE
.PP
Example of router output:
.DS
.ft CW
.nf
dest t1@localhost
copies 2
CA
end
dest t2@localhost
CZ
end
.ft R
.DE
.PP
The above routing information will have copies of the job sent to
the t1 and t2 spool queue servers.  If no valid routing information
is returned by the router filter the job will be sent to the default
bounce queue destination.
.PP
.SH "REFORMATING CONTROL FILES"
.PP
Sometimes it is desirable to reformat a control file before
sending to a remote destination.
If the
.L control_filter
printcap entry is present,
then the control file is passed through the filter.
If the filter exits with status JSUCC,
then the job is process normally;
status JABORT causes the job processing to be aborted,
status JREMOVE causes the job processing to be removed,
and any other status is treated as JFAIL.
.PP
After passing the control file through the control_filter,
the LPD server will reread it,
and transfer only the data files specified in the new control file
to the destination.
.SH "SPOOL QUEUE NAME OPTION"
.PP
The
.L qq
printcap entry
and the
.L use_queuename
configuration entry causes the name of the spool queue
to be placed in the job control file.
This value can be used by the filter to determine how to process a job.
When combined with the use of the Bounce Queue,
this can be used to reformat jobs before sending to another
printer spooler system.
.SH "PRINTING OPERATIONS"
.PP
When printing is enabled,
the LPD server will create a spool server process to carry out
printing operations.
For each job in the queue,
the spool server process will create a subserver process to carry out
the actual printing operations.
If the subserver process fails,
the server process will initiate recovery operations.
Job will be attempted to be printed until all are done or
a subserver returns an ABORT indication;
the server will then terminate operations.
.PP
The server process normally scans the queue once,
at initiation;
if the spool control file is modified,
usually by using the lpc command,
the spool queue is rescanned.
The overall algorithm for job printing is:
.nf
open the print device;
send some initialization strings;
send a banner to the device;
send the job data files to the device;
send some termination strings;
close the print device;
.fi
.PP
In order to handle the various device requirements,
the subserver process in turn uses 'filter' programs specified
in the printcap entry to carry out the individual steps.
.IP "OF Filter" 5
The 'of' filter is used for
initialization,
banner printing and the termination strings.
It has the peculiar property of suspending itself when sent
a special escape string,
allowing other filters to be used to print the individual job files.
.IP "Data Filters" 5
Each data file in a job has format specified by a lower case character
and an associated filter specified in the printcap file.
For example,
the 'g' format is printed by the 'gf' filter,
and so forth.
By convention,
the 'if' filter is used to print 'f' (ordinary text) and 'l'
(binary) format jobs.
.IP "lp-pipe Filters"
If the printcap device specification has the form
.I "|program"
then the output device is accessed by the specified program.
This allows the program to take care of any required initialization
or communication requirements.
.LP
The following is a concise summary of the actual algorithm
used to print files.
Note that LP stands for the printer device or filter specified by
the 'lp' printcap entry;
OF stands for the 'of' printcap filter;
IF is the default 'if' filter;
BP is the banner printing filter;
and
?F stands for the filter for data file.
The '??' values stand for entries from the printcap file.
.sp
.nf
.ft CW
.ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
.ps -2
.vs -2
LP = open( 'lp' );	// open device, filter, or network connection
OF = IF = LP;		// set defaults
set up accounting according to 'af' entry;
if( 'of' ) OF = filter( 'of' ) -> LP;	// make OF filter
if 'as' then record start of job accounting information.
if 'achk' then check for accounting limits.
if( leader on open 'ld' ) `ld` -> OF	// send leader
if( FF on open 'fo' ) `fo` -> OF	// send leader

// print a banner
// first check to see if required
//   and then to see if not suppressed by printcap
//   or by user
do_banner = 
	(always banner 'ab'
		|| (!suppress banner 'sb' && job has banner ));
if( ! header last 'hl' && do_banner ){
	if( banner program 'bp' ){
		fork and exec bp to generate banner, but into temp file.
		cat temp file -> OF;
	} else {
		short banner info -> OF;
	}
}

// now we suspend the OF filter, use other filters
if( OF != LP ) suspend OF filter;

for each data file df in job do
	// send FF between files of job
	if( !first job && ! no FF separator 'sf' ){
		if( OF != LP ) wake up OF filter;
		'ff' -> OF;
		if( OF != LP ) suspend OF filter;
	}

	// get filter for job
	format = jobformat;
	if( jobformat == 'f' or jobformat = 'l' ){
		format = 'f';
	}
	filter = check pc for filter for format;
	?F = LP; // default - no filter
	if( filter ){
		?F = filter( filter ) -> LP;
	}

	data file -> ?F;
	// note: if :direct_read: flag set, filter input
	// is directly from the file,  otherwise the 
	// file contents are written to the filter input.

	if( ?F != LP ) close( ?F )
endfor

// finish printing

if( OF != LP ) wake up OF filter;
if( header last 'hl' && do_banner ){
	if( ! no FF separator 'sf' ){
		'ff' -> OF;
	}
	if( banner program 'bp' ){
		fork and exec bp to generate banner, but into temp file.
		cat temp file -> OF;
	} else {
		short banner info -> OF;
	}
}

if( ff on close 'fq' ){
	'ff' -> OF;
}

if( trailer on close 'tr' ){
	tr -> OF;
}

if 'ae' then record end of job accounting information.

if( OF != LP ) close( OF );
close( LP );
.ps +2
.vs +2
.sp
.fi
.PP
When printing or transferring a job to a spool queue fails,
it is retried the number of times specified by the
.I rt
(or
.I send_try )
printcap variable.
A 0 value specifies an infinite number or retries.
When the retry count is exceeded,
then the
.I send_failure_action
printcap variable determines the action to be taken.
The variable can be the values
.I succ ,
.I fail ,
.I abort ,
.I remove ,
.I ignore ,
or
.I hold ,
which will cause the job to be treated as normally completed,
retried,
aborted,
removed,
or ignored and retried at a later time respectively.
These names correspond to the
.I JSUCC ,
.I JFAIL ,
etc. error codes returned by filters.
If the variable has the form
.I |/filter ,
then the filter is run and passed the number of attempts
on the standard input.
The filter must exits with a
.I JSUCC,
.I JFAIL,
etc.,
error code and the server will take the appropriate
action as listed above.
.PP
The print filters normally have their input provided by
a process via a pipe.
However,
if the
.I direct_read
printcap flag is set,
then the filter input is taken directly from the job file.
This is compatible with the vintage BSD method,
but loses the ability to track the job progress.
.PP
After the job print or transfer attempt,
if the job is to be removed and the printcap variable
.I "save_on_error"
is true,
the job will not be removed from the spool queue but only flagged with an error.
The job can then be retried at a later time.
If the job is successfully printed it is usually removed from the spool queue.
However,
if the printcap variable
.I "save_when_done"
is true the job will merely be marked as completed and not removed from the queue.
.SH "FILTERS"
.PP
As described in the previous section,
filters are created to handle output to devices or other filters.
The command line to invoke a filter is generated in the following manner.
.IP 1. 5
The printcap entry or configuration value defining the filter command
is obtained.
.IP 2. 5
The file to be printed or the banner line/file
generated by the banner printer
will be written to STDIN  (file descriptor 0) of the filter.
The output device
(or /dev/null if this is not a printing filter)
will be be STDOUT  (file descriptor 1) and
STDERR (file descriptor 2) will be connected to the error logging file.
If this is a printing filter,
the error log will be determined by the :af: printcap field
and FD 3 will be opened and set to the either the file,
remote host,
or input of the filter program.
.IP 3. 5
Filter specifications starting with ROOT will be
run as root (EUID = 0).
This can be a serious security loophole
and should only be used as a last resort for specific problems.
.IP 4. 5
The options for the filter command line will be replaced by appropriate
values.
Option specifications have the form $[0| ][-]X.
.\" Option specifications have the form $[0| ][-][']X.
The default option expansion has the form $X -> -X'value';
the form $0X or $(space)X adds a space after the -X, i.e.- $0X -> -X 'value';
the form $-X suppresses the -X, i.e. - $-X -> value.
.\" the form $-X suppresses the -X, i.e. - $-X -> 'value';
.\" and the form $'X suppresses the quotes around the value.
.\" Note that the 0,-, and ' can be combined. For example, $-'X -> value.
The options will be expanded as follows:
.RS
.sp
.nf
.ta \w'Key  'u +4n +4n
Key	Value
a	Accounting file (printcap 'af' entry)
b	Job size, i.e.- total data file size, in bytes
c	if binary (format 'l') expands to -c
d	Control directory
e	job data file
f	original print file name (control file N field)
h	Control file hostname
i	Control file indent (I) field
j	job number from control file name
k	Control file name
l	printcap Page length (pl) value
m	printcap Cost factor (co) value
n	Control file user logname (P) field
p	Remote Printer name for forwarded jobs
r	Remote Host name for forwarded jobs
s	printer Status file (ps) value
t	current time in simple format
w	printcap Page width (pw) value
x	printcap x dimension (px) value
y	printcap y dimension (py) value
F	data file format character
P	Printer name
S	printcap Comment tag (cm) value
Upper Case	control file line starting with letter
Digit control file line starting with digit
.sp
.RE
.fi
.IP 5. 5
The options specified by the filter_options (for none OF filters)
or of_filter_options (for the OF filter) will
be appended to the command line and expanded.
To suppress adding options,
you can use the form '-$ filter',
i.e. - of=-$/bin/cat.
If the 'bkf' (backwards compatible filter options)
printcap flag is set,
the of filter is given the options specified by
bk_of_filter_options and other filters those by
bk_filter_options.
The following shows the various combinations possible,
and typical values for the options.
.RS
.sp
.nf
.ta \w'default_options   'u +4n +4n +4n
Options
filter_options	$C $F $H $J $L $P $Q $R $Z $a $c $d $e $f $h $i \e
	$j $k $l $n $s $w $x $y $-a
bk_filter_options $P $w $l $x $y $F $c $L $i $J $C $0n $0h $-a
bk_of_filter_options $w $l $x $y
.RE
.IP 6. 5
A printing filter which executes correctly and completely should
exit with a 0 error status.
A nonzero error status will be interpreted as follows:
.RS
.nf
.ta 9n +4n +4n
JFAIL	32	 failed - retry later
JABORT	33	 aborted - do not try again, but keep job
JREMOVE	34	 failed - remove job
.RE
.fi
.PP
The JFAIL will cause the job to be retried at a later time.
A limit can be placed on the number of retries using the
:rt: or :send_try: printcap entry.
A retry value of 0 will cause infinite retries.
The JABORT indicates serious problems and will cause printing operations
on the job to stop until restarted by operator intervention.
The JREMOVE status indicates problems,
and the job should be removed from the spool queue.
.PP
The environment variables for filters are highly restricted,
due to the possibility for abuse by users.
The following variables are set:
.IP "USER and LOGNAME" 5
user name or daemon name.
.IP "LOGDIR" 5
home directory of user or daemon.
.IP PATH 5
from the
.I filter_path
configuration variable.
.IP LD_LIBRARY_PATH 5
from the
.I filter_ld_path
configuration variable.
.IP SHELL 5
set to
.I /bin/sh
.IP IFS 5
set to blank and tab.
.IP TZ 5
the TZ environment variable.
.IP SPOOL_DIR 5
the spool directory for the printer
.IP CONTROL_DIR 5
the control directory for the printer
.IP PRINTCAP_ENTRY 5
the printcap entry for the printer
.IP CONTROL 5
the control file for the print job
.IP "pass_env environment variables" 5
Values of environment variables listed in the pass_env configuration variable.
.SH ACCOUNTING
.PP
The LPRng software provides several methods of performing accounting.
The printcap
af
(accounting field),
as and ae (accounting start and end),
and
achk (accounting check)
provide a basic set of facilities.
The
af field specifies a file,
filter,
or TCP network connection to an accounting server.
If af has the form
.ft CW
|filter
.ft R
or
.ft CW
|-$ filter
.ft R
then a filter will be started and all accounting information will
be sent to the filter.
The first form passes the filter the command line options specified by the
filter_options configuration variable and the second suppresses option passing.
If af has the form
.ft CW
host%port
.ft R
then a TCP connection will be opened to the port on the specified host
and accounting information sent there.
All other forms will be treated as a pathname relative to the
queue spool directory.
.PP
If af specifies a file,
then the accounting information is appended to an existing file;
the accounting file will not be created.
.PP
When af specifies a filter or network connection and the
achk flag is set,
then after writing the initial accounting information (see as printcap field below)
the server will wait for a reply of the form
ACCEPT from the filter or server.
If not received,
the job will not be printed.
.PP
The as (accounting start) and ae (accounting end) fields can specify
a string to be printed or a filter.
Options in the string will be expanded as for filters,
and the strings printed to either the accounting information destination.
If the as field specifies a filter,
then the print server will wait for the filter to exit
before printing the job.
If the exit status is 0 (successful),
the job will be printed.
A non-zero JREMOVE status will remove the job,
while any other status will terminate queue printing operations.
After printing the job,
the ae filter will be started and the server will wait for it to complete
before printing the next job.
.PP
The as and ae filters will have STDOUT set to the printing device and or filter,
and the STDERR set to the error log file for the print queue,
and file descriptor 3 set to the destination specified by the
af field.
.PP
As a convenience, all format filters for printing will be
started with file descriptor 3 set to the destination
(file or filter)
specified by the printcap af field.
This allows special filters which can query devices for
page counts to pass their information directly to an accounting
program.
The descriptor will READ/WRITE,
allowing filters to query the accounting program and/or update
the information directly.
.SH "LOGGING INFORMATION"
.PP
In order to provide a centralized method to track job status and information,
the printcap/configuration variable
logger_destination enable the send of status and other information to a remote
destination.
The logger_destination value has the form
.RS
.nf
.L host[%port][,protocol]
.ti -4n
Examples:
.L taco%451,UDP
.L dickory%2001,TCP
.RE
.fi
.br
where host is the host name or IP address,
port is an optional port number,
and protocol is an optional protocol type such as UDP or TCP.
The configuration variables
default_logger_port and
default_logger_protocol can be used to override
the default port number (2001) and protocol (UDP)
to be used if none is specified.
Logging information has the format below.
.RS
.nf
IDENTIFIER jobid [PRINTER name] at \fItimestamp\fP \e
   STATUS | TRACE | FILTER_STATUS PID nnn
[ status information]
.RE
.fi
.PP
The status information format consists of an identifier line,
followed by a specifier of the status type.
The logging information entry is terminated by a
line with a single period on it.
Lines with a starting period have the period duplicated.
.SH AUTHENTICATION
.PP
Rather than building authentication facilties into LPRng,
an interface to authentication programs is defined,
and will be used as follows.
The printcap and configuration entries
.I auth,
.I auth_client_filter,
.I auth_forward,
.I auth_forward_id,
.I auth_forward_filter,
.I auth_receive_filter,
and
.I auth_server_id
entries control authentication.
The
.I auth
value specifies the type of authentication to be used
for client to server authentication.
Typical values would be
kerberos, md5, etc.
If the authentication type is not built-in,
the client programs use the
.I auth_client_filter
program to perform authentication.
When a server gets and an authentication request,
it will use the
.I auth_receive_filter
program to perform authentication.
The
.I auth_server_id
is the remote server id used when a client
is sending jobs to the server
or when the server is originating a request.
When a server forwards a request,
it uses
.I auth_forward
value to determine if authentication is to be done,
and the
.I auth_forward_id
as the destination server id.
.de NP
.fi
.in 0
.PP
.br
.in +4n
.ti -4n
\\n(nP.\ \ \c
.nr nP \\n(nP+1
..
.de sP
.fi
.PP
.br
.in +4n
..
.de np
.nr nP 1
..
.SH "Client To Server Authentication"
.np
.NP
The client will open a connection to the server
and sends a command with the following format.
The REQ_SECURE field in the command corresponds to the one-byte
command type used by the LPR protocol.
.RS
.nf
Commands:
.ta 4n +4n
	\eREQ_SECUREprinter C user\en
Print job transfers:
	\eREQ_SECUREprinter C user controfilename\en
.RE
.fi
.NP
On reception of this command,  the server will send a one byte
success code as below.  An error code may be followed by additional
error information.  The values used by LPRng include:
.RS
.nf
.ta 16n +4n +4n
ACK_SUCCESS	0	success, no error
ACK_STOP_Q	1	failed; no spooling to the remote queue
ACK_RETRY	2	failed; retry later
ACK_FAIL	3	failed; job rejected, no retry
.RE
.fi
.NP
If there is an error the connection will be terminated.
The server will then start an authentication process, and provide
the following open file descriptors for it.  The authenticator
process will run as the UID of the server (i.e.- usually daemon).
.RS
.nf
.ta 6n +8n +4n
FD	Options	Purpose
0	R/W	socket connection to remote host (R/W)
1	W	pipe or file descriptor
		for information for server
2	W	error log
3	R	pipe or file descriptor
		for responses to client
.RE
.sP
The command line arguments will have the form:
.RS
.nf
program -S -Pprinter -nuser -Rserver_user -Ttempfile
.RE
.sP
The printer and user information will be obtained from the
command line sent to the server.
The authenticator can create additional temporary or working
files with the pathnames tempfile.ext;  these should be deleted
after the authentication process has been completed.
.NP
After receiving \eACK_SUCCESS, the client starts an authenticator
process, and provides the following open file descriptors for
it.  The authenticator process will run UID user.
.RS
.nf
.ta 6n +8n +4n
FD	Options	Purpose
0	R/W	socket connection to remote host (R/W)
1	W	pipe or file descriptor
		for responses to client
2	W	error log
.RE
.sP
The command line arguments will have the form:
.RS
.nf
program -C -Pprinter -nuser -Rserver_user -Ttempfile
.RE
.fi
.NP
The authenticator can create additional temporary or working
files with the pathnames tempfile.ext;  these will be deleted
after the authentication process has been completed.
The client authenticator will be running as the client user.
.NP
After exchanging authentication information,
the client authenticator will transfer the contents of the
temporary file to the server authenticator, using FD 0.  It will
then wait for reply status on FD 0.   If the transfer step fails,
or there is no reply status of the correct format,  the client
authenticator will print any received information on FD 1,
error information on FD 2, and then exit with error code JFAIL.
.NP
After receiving the files on FD 0,  the server authenticator
will perform the required authentication procedures and leave
the results in tempfile.  The server authenticator will write
the following to FD 1,  for use by the server:
.RS
.nf
authentication_info\en
.RE
.sP
If the transfer step or authentication fails,  then the server
will write an error message to FD 2 and exit with error code
JFAIL.
The server will use this authentication information to
determine if the remote user has permission to access the system.
.NP
The server authentication process will read input from FD 3
until and end of file,
and then proceed to transfer the input to the client authenticator.
If the data transfer fails,  then the process will exit with
error code JFAIL, otherwise it will exit with error code JSUCC.
.NP
The client authenticator will read the status information from
FD 0,  and after performing authentication will write it to FD 1.
If data transfer or authentication fails,  the authenticator
will write an error message to FD 2 and exit with error code
JFAIL, otherwise it will exit with error code JSUCC.
.SH "Server to Server Authentication"
.np
.PP
The Server to Server authentication procedure is used by one server
to forward jobs or commands to another server.  It should be noted
that this forwarding operation puts an implicit trust in the security
of the client to server to server chain.  In the description below,
src and dst are the userid of the source and destination servers
respectively.
.NP
The originating host takes the part of the client, and will
transfer a job acting like the client.  The initial information
transfer from the originating (src) server will have the format:
.RS
.nf
.ta 4n +4n
Commands:
	\eREQ_SECUREprinter F user\en
Print job transfers:
	\eREQ_SECUREprinter F user controfilename\en
.RE
.sP
After receiving a 0 acknowledgment byte,
the src server will invoke its authenticator with the arguments
below.
The forward_user value will default to the
server_user value if not explicitly provided.
.RS
.nf
.ta 4n +4n
.L
program -C -Pprinter -nserver_user \e
	-Rforward_user -Ttempfile
.RE
.NP
On the destination server the authenticator is invoked with the arguments:
.RS
.nf
.ta 4n +4n
.L
program -S -Pprinter -nserver_user \e
	-Rforward_user -Ttempfile
.RE
.sP
The authentication is performed to determine that the transfer was
between the two servers,  rather than the user to server.
.SH "KERBEROS AUTHENTICATION"
.PP
As a convenience,
Kerberos 5 authentication has been built into the LPD clients and
servers.
If you are not familiar with Kerberos,
then you should obtain other documentation and/or assistance
before attempting to use this.
The following facilities/configuration values are used to
support Kerberos.
.PP
A Kerberos principal is the name used for authentication purposes
by Kerberos.
For example,
user principals have the form user@REALM;
for example,
papowell@ASTART.COM.
Services and/or servers have the form service/host@REALM;
for example,
the lpd server on dickory would have the form:
.ti +5n
lpr/astart2.astart.com@ASTART.COM
.PP
User to server authentication process will use the user's principal
name,
and generate a service name for the server.
The name generation is controlled by the following configuration
and/or printcap values.
.IP service
The name of the service to be used to identify the service.
This is usually "lpr".
.IP kerberos_keytab
The location of the server keytab file.
The keytab file corresponds to the user password,
and must be considered a security risk.
It should be owned by the LPD server user,
and readable/writable only by the server.
.IP kerberos_life
The lifetime of the authentication ticket used by the server.
This usually defaults to 10 hours.
.IP kerberos_renew
The renewal time of the ticket.
.PP
In addition to the default values,
an explicit server principal can be specified in the printcap
file using the kerberos_server_principal
This allows cross domain authentication to be done.
.PP
When setting up Kerberos authentication,
you will need to establish principals for each server,
and to distribute and install the keytab files on each server.
.SH "AUTHENTICATION PERMISSIONS"
.PP
The following permissions tags are available to check on authentication
procedures.
.RS
.nf
.ta 4n +12n +4n +4n +4n +4n
AUTH=[NONE,USER,FWD]	- authentication
	AUTH=NONE	- no authentication
	AUTH=USER	- authentication from a client
	AUTH=FWD	- forwarded authentication from a lpd server
AUTHTYPE=globmatch
AUTHUSER=globmatch
FWDUSER=globmatch
.RE
.fi
.np
.NP
The AUTH tag can be used to determine the type of authentication
being done.
The AUTHTYPE tag can be used to match the authentication type
being used or requested by the client or remote server.
The authentication process returns an authentication identifier
for the user;
this information can be matched by the AUTHUSER tag.
.NP
For a command sent from a client or forwarded from a server,
AUTHUSER matches the auth_user_id provided for the user when
sent to a server.
(This information will be forwarded by a remote server).
For a forwarded command,
FWDUSER refers to the authentication information
for the server doing the forwarding.
.NP
For example,  to reject non-authenticated operations, the following
line could be put in the permissions file.
.RS
.nf
REJECT AUTH=NONE
.RE
.NP
To reject server forwarded authentication as well, we use REJECT AUTH=NONE,FWD.
If a remote server with name
.I serverhost
has id information FFEDBEEFDEAF,  then the
following will accept only forwarded jobs from this server.
.RS
.nf
ACCEPT FWDUSER=FFEDBEEFDEAF REMOTEHOST=serverhost
REJECT AUTH=FWD
.RE
.fi

.SH ENVIRONMENT
The lpd action can also be manipulated by using environment variables.

.TP
.B LPR_TMP

.SS Authentication
.TP
.B MD5KEYFILE
Used for md5 signated file transmission

.SH FILES
The files used by LPRng are set by values in the
printer configuration file.
The following are a commonly used set of default values.
.nf
.ta \w'/var/spool/lpd/printcap.<hostname>           'u
/etc/lprng/lpd.conf	LPRng configuration file
${HOME}/.printcap	user printer description file
/etc/printcap	printer description file
/etc/lprng/lpd.perms	permissions
/var/run/lprng/lpd	lock file for queue control
/var/spool/lpd		spool directories
/var/spool/lpd/QUEUE/control	queue control
/var/spool/lpd/QUEUE/log	trace or debug log file
/var/spool/lpd/QUEUE/acct	accounting file
/var/spool/lpd/QUEUE/status	status file
.fi
.SH "SEE ALSO"
.BR lpd.conf (5),
.BR lpc (8),
.BR checkpc (8),
.BR lpr (1),
.BR lpq (1),
.BR lprm (1),
.BR printcap (5),
.BR lpd.perms (5),
.BR pr (1).
.SH "AUTHOR"
Patrick Powell <papowell@lprng.com>.
.SH DIAGNOSTICS
Most of the diagnostics are self explanatory.
If you are puzzled over the exact cause of failure,
set the debugging level on (-D5) and run again.
The debugging information will 
help you to pinpoint the exact cause of failure.
.SH "HISTORY"
LPRng is a enhanced printer spooler system
with functionality similar to the Berkeley LPR software.
The LPRng developer mailing list is lprng-devel@lists.sourceforge.net;
subscribe by visiting 
.B https://lists.sourceforge.net/lists/listinfo/lprng-devel
or sending mail to 
.B lprng-request@lists.sourceforge.net
with
the word 
.I subscribe 
in the body.
.br
The software is available via 
.B http://lprng.sourceforge.net