Following our massive success of printing using SMB, and being told it was a security hole we then evaluated IPP. IPP works fine, as long as we clobber it so that it works over HTTP.
Trouble is, of course, that HTTP isn’t secure. So we need to use HTTPS, which brings with it a whole new and exciting swathe of problems to deal with. Put simply – it doesn’t work at the moment.
I’m currently trying to break in to the server at the other end so that I can see what’s going on other than the cryptic messages which get dumped to the client. I strongly suspect that somebody has forgotten to tick a box, or that HTTP authentication is disabled or using the wrong realm.
It will work, I really mean it! Even if I have to rip apart CUPS and Kerberos and slam them together in a Frankenstein’s Monster of a print system with authentication to the AD (although I’d really rather not – CUPS is a mess internally and Kerberos would involve Yet Another Server).
Update: I managed to break into the server, admittedly by getting myself set as an admin. Once inside I discovered that as I suspected HTTP authentication was disabled entirely. A quick click to turn it on, set the default domain and realm, and force clients to use HTTPS. Job done.
Next up, documentation and implementation.