This bug: https://bugzilla.redhat.com/show_bug.cgi?id=453951 remains unfixed. The problem can be seen when a URI such as smb://server/share is used, without authentication details, but authentication is required by the server. In this case, what is supposed to happen is that smbspool, acting as a CUPS backend, sets the IPP attribute auth-info-required indicating what type of authentication details it needs, such as: ATTR: auth-info-required=username,password or, if Kerberos authentication is required: ATTR: auth-info-required=negotiate The trouble is that it is using the latter form ('negotiate') even when the server has not been configured to required Kerberos. This means that proxy authentication (which e.g. system-config-printer implements) cannot go ahead. It also causes future jobs for that queue to fail even if the device URI is changed to include the authentication details in it, because CUPS caches this attribute in /etc/cups/printers.conf.
This relates slightly to https://bugzilla.samba.org/show_bug.cgi?id=4134, which is where the feature was originally requested.
Created attachment 3458 [details] Proposed patch This is the patch created by Tim Waugh for this problem. It looks correct to me but the comment here : https://bugzilla.redhat.com/show_bug.cgi?id=453951 claims James doesn't like it. I'll ping him before applying Tim's patch. Jeremy.
Created attachment 3459 [details] Final patch Added got_kerberos_mechanism flag into cli struct. Jeremy.
Marking this one as fixed. Patch will be in 3.2.2. Please re-open if it is still an issue for you. Thanks for reporting!