Provided by: lprng_3.8.B-2_i386 bug


       lpd - line printer daemon


       lpd [-L logfile] [-F] [-V] [-D debugopt] [-p port]


       The  lpd  program  is  the printer server program of the LPRng software
       suite.  This software is  an  enhanced  and  modified  version  of  the
       Berkeley LPD software.


       -L logfile
              specifies  an  alternate  file  to be used for logging error and
              debugging messages.  The  syslog(8)  facility  is  used  to  log
              critical  messages as well.  Please note that you need to create
              the file by yourself, a 'touch' is sufficient.  This  is  needed
              for security reasons.

       -F     Under  normal  operation,  the LPD server will run in background
              mode.  The -F flag forces it to run in foreground mode, where it
              is more easily debugged.

       -V     Print program version information.

       -D debugopt
              Debugging  is  controlled  using  the  -D option. This accepts a
              comma-separated list of debugging settings. These settings  take
              one  of  two  forms: facility=value , or value to set an overall
              default value.  The available facilities can  be  determined  by
              invoking LPD with the -D= parameter.

       -p port
              Bind  to  the  specified  port rather than port 515 specified by


       Lpd is the line printer daemon (spool queue handler)  and  is  normally
       invoked  at  boot time from the rc(8) file; it can also be started by a
       user.  Note that the lpd server needs only run on systems where  actual
       printing  or  spooling  is  taking  place.   lpr(1)  and  other related
       programs transfer files using network facilities to the lpd.

       When  started,  lpd  reads  a  configuration  file  to   obtain   basic
       operational   parameters   and  then  reads  the  printcap(5)  database
       information to determine the which printers have spool  queues  and  to
       start spool queue server processes.  If running as a background server,
       it will disconnect from its control terminal and run in the background.
       It uses the system calls listen(2) and accept(2) to receive requests to
       print files in the queue, transfer files to the spooling area,  display
       the queue, remove jobs from the queue, or perform a spool queue control
       function.  In each case it creates one  or  more  server  processes  to
       handle the request and the lpd process will listen for more requests.

       Sending  the  server  a  SIGHUP  signal causes the server to reread the
       various configuration  and  inititialization  files.   This  action  is
       similar  to  that  of  the INETD and other servers.  The same action is
       taken when sent a reread command by the lpc(1) program.  At an interval
       specified  by  the poll_time configuration variable, lpd will check for
       spool queues with jobs and no printing activity, and start printing.

       LPD access control is done using a rule set and match algorithm similar
       to  a  packet  filter.   Each  request for printing, status, or control
       operations is matched against the rule set, and  the  first  ACCEPT  or
       REJECT  value  determines  if  the  operation  can  be  performed.  The
       following is a typical permissions file:
              # Set default permissions
              DEFAULT ACCEPT
              # Reject any connections from outside our subnet
              REJECT SERVICE=X NOT IP=
              # Only accept Printing (P) and spooling (LPR) from
              # the private network, the  network and fw
              REJECT SERVICE=P,R NOT REMOTEHOST=*.private,,
              # Do not accept forwarded jobs for printing
              # Allow only the administrators control access
              ACCEPT SERVICE=C,M USER=root,papowell
              ACCEPT SERVICE=C,M SERVER REMOTEUSER=root,papowell
              # Allow only the user on the same host who spooled job to remove it
              REJECT SERVICE=M,C

       Permission checking is done by using a set of  keys  (or  fields)  with
       associated values to check for permission.  The SERVICE key has value P
       for printing (i.e.- unspooling), R for spooling (i.e.- LPR request),  C
       and  S for printer control and status respectively (i.e.- LPC request),
       M for removal (i.e.- LPRM request), Q for queue information (i.e.- LPRM
       request),  and so forth.  The X key indicates the initial connection to
       the LPD spooler, and can be used to  control  connections  from  remote
       systems.   The  values  of  the  USER, HOST, and IP keys taken from the
       control file which is being received or checked for  permissions.   The
       REMOTEUSER,  REMOTEHOST and REMOTEIP keys are those either sent as part
       of a command, or derived from information  about  the  current  network
       connection.  Each line of the permissions file is scanned for key names
       and values, and these are matched against the request keys information.
       When  all  matches  on a line are made, then search terminates with the
       specified action (ACCEPT/REJECT).  If no match  is  found  the  default
       permission  value  is  used.   The  DEFAULT  key is used to specify the
       current default permission to be used  for  successful  matches  or  if
       there is no match after scanning the entire permissions database.

       The  GROUP entry is used to check that the USER name appears in a group
       entry   in   the   system   user   group   database.    For    example,
       GROUP=student*,staff*  would  check  to  see  if  any of the group name
       matching student* or staff* have the specified user name in them.  If a
       system  has  the  netgroups  capability, a group name starting with a @
       will be treated as a netgroup name, and current user name from the  job
       file  will  be  checked  to  see if it is in the group.  Similarly, the
       REMOTEGROUP entry will check a remote user name.  The PORT entry can be
       used  to  ensure  that  a  connection  to  the server originates from a
       specified range of ports.  For more details, see  the  lpd.perm(5)  man

       The  permissions database is scanned in order of the fixed file entries
       and then by invoking the specified filters for each of the  permissions
       lists.   It is recommended that the filters be placed at the end of the
       permissions lists.  The user name is one of the  parameters  passed  to
       the  filter,  and can be used to determine if a user has permissions to
       print a file.

       Key          Match Connect Job   Job    LPQ  LPRM  LPC
                                  Spool Print
       SERVICE      S     'X'     'R'   'P'    'Q'  'M'   'C,S'
       USER         S     -       JUSR  JUSR   JUSR JUSR  JUSR
       HOST         S     RH      JH    JH     JH   JH    JH
       GROUP        S     -       JUSR  JUSR   JUSR JUSR  JUSR
       IP           IP    RIP     JIP   JIP    RIP  JIP   JIP
       PORT         N     PORT    PORT  -      PORT PORT  PORT
       REMOTEUSER   S     -       JUSR  JUSR   JUSR CUSR  CUSR
       REMOTEHOST   S     RH      RH    JH     RH   RH    RH
       REMOTEIP     IP    RIP     RIP   JIP    RIP  RIP   RIP
       CONTROLLINE  S     -       CL    CL     CL   CL    CL
       PRINTER      S     -       PR    PR     PR   PR    PR
       FORWARD      V     -       SA    -      -    SA    SA SA
       SAMEHOST     V     -       SA    -      SA   SA    SA
       SAMEUSER     V     -       -     -      SU   SU    SU
       SERVER       V     -       SV    -      SV   SV    SV
       AUTH         V     -       AU    -      AU   AU    AU
       AUTHTYPE     S     -       AU    -      AU   AU    AU
       AUTHUSER     S     -       AU    -      AU   AU    AU
       FWDUSER      S     -       AU    -      AU   AU    AU

          JH = HOST          host in control file
          RH = REMOTEHOST    connecting host name
          JUSR = USER        user in control file
          CUSR = REMOTEUSER  user from control request
          JIP= IP            IP address of host in control file
          RIP= REMOTEIP      IP address of requesting host
          PORT=              connecting host origination port
          CONTROLLINE=       pattern match of control line in control file
          FW= IP of source of request = IP of host in control file
          SA= IP of source of request = IP of host in control file
          SU= user from request = user in control file
          SA= IP of source of request = IP of server host
          SV= matches if remote host is the server
          AU= authentication information
          IFIP= IP address of remote end of connection

       Match: S = string with wild card, IP = IP address[/netmask],
          N = low[-high] number range, V = exact value match
       SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
           'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
           'C' - lpc spool control request; 'S' - lpc spool status request
       NOTE: when printing (P action), the remote and job check values
          (i.e. - RUSR, JUSR) are identical.

       The special key letter=patterns searches the control file line starting
       with  the  (upper  case)  letter, and is usually used with printing and
       spooling checks.  For example,  C=A*,B*  would  check  that  the  class
       information  (i.e.-  line  in  the  control file starting with C) had a
       value starting with A or B.


       There is a subtle  problem  with  names  and  IP  addresses  which  are
       obtained  for  'multi-homed hosts', i.e. - those with multiple Ethernet
       interfaces,  and for IPV6 (IP Version 6),  in which  a  host  can  have
       multiple  addresses,   and  for  the  normal host which can have both a
       short name and a fully qualified domain name.  In addition, a host  can
       have  multiple  IP  addresses,  depending  on  the  complexity  of  its

       The IFIP (interface IP) field can be used to check the  IP  address  of
       the  origination  of  the  request,   as  reported  by  the information
       returned by the accept() system call.  Note that this  information  may
       be  IPV4  or  IPV6  information,   depending  on the origination of the
       system.  This information is used  by  gethostbyaddr()  to  obtain  the
       originating  host  fully  qualified  domain  name  (FQDN) and set of IP
       addresses.  Note that this FQDN will be for the originating  interface,
       and  may  not  be  the canonical host name.  Some systems which use the
       Domain Name Server (DNS) system may add the canonical system name as an

       When  performing  an IP address match,  the entire list of IP addresses
       for a system will now be  checked.   If  one  of  these  matches,  then
       success  is  reported.   Similarly,   the entire list of host names and
       aliases will be checked.  If one of these matches,  then  success  will
       be reported.

       In  addition,   when  checking for printing, if the name lookup for the
       host reported in the control file fails,  then we assume that the  host
       is  unknown  and  all match checks for names or IP addresses will fail.
       You can determine if a host has an entry by using the following  check,
       which  will reject all requests from a remotehost which does not have a
       DNS entry.


       Individual printer operations are controlled by values in the  printcap
       database.  See printcap(5) for details of the format and content of the
       various entries.  The following are typical printer entries for a local
       and remote printer.

              # main or shared printcap file - usually /etc/printcap
              # remote postscript printer
              # give access to (remote) hosts
                 :cm=Test Printer 1

              # local printcap file
              # specification for local printer on nearside
              # /usr/spool/LPD/t1/printcap file -

       Printcap  information  can be distributed by individual files or shared
       using NSF, YP, or other methods; see lpd.conf(5) for the exact  details
       of   the  location  of  printcap  files  and  programs,  given  by  the
       printcap_path and  lpd_printcap_path  configuration  information.   The
       usual  printcap  configuration  is  to  have  a  main (shared) printcap
       database which is used by  all  hosts.   The  printcap  information  is
       usually  extremely simple, consisting only of the printer name and host
       (i.e. - fullpage printer entry).

       On hosts which have printers attached or which are to provide  spooling
       queue  directories,  more extensive printcap information is needed.  In
       the shared  database,  oh  (options  for  specified  host  only)  field
       restricts  use  of  this  entry  to the specified host.  This entry can
       contain host specific information, such as the location  of  the  spool
       queue and/or actual device to be used for output.

       In the above example, the main printcap file, /etc/printcap has entries
       for all printers.  Note that these entries do  not  specify  the  spool
       directories  (sd and cd fields), but this could be provided.  On a host
       with a printer specific information can be provided  in  several  ways.
       The  simplest  is  to  simply  put  an  additional  entry in the shared
       printcap file, with the oh field set to  the  support  host  name.   An
       alternative  would  be  to  specify  the  spool  directories (sd and cd
       fields) in the shared information, and  to  put  the  printer  specific
       information in a printcap file.

       In  addition  to the oh flag, the server flag indicates that this entry
       is for a the LPD server  only.   This  can  be  used  to  simplify  the
       management of client and server entries.

       The  printcap  information  is obtained in the following order.  If the
       lpd_printcap_path configuration value is nonblank then the  lpd  server
       will  process only this information otherwise it uses the printcap_path
       information.  All client programs use the contents of the configuration
       printcap_path  variable  to  get a list of locations of printcap files.
       Each of these entries in the path lists are processed, and the printcap
       information  is  extracted.  Entries which have oh fields are only used
       by the specified host.  The  files  and  information  is  processed  in
       linear order, later entries overriding preceeding ones.

       When  processing  jobs or performing spool queue specific requests, the
       LPD server will check to see if there is a printcap file in the control
       directory  for  the  spool  queue  and  the contents will be processed.
       Since only the LPD server has access to the spool and  control  queues,
       this information is processed only by the server.

       In  addition  to  files,  printcap  information  can  be  obtained from
       programs or filters.   For  example,  the  printcap_path  of  the  form
       /etc/printcap:|/usr/lib/getpr    will   use   the   contents   of   the
       /etc/printcap file, and then use  the  /usr/lib/getpr  program  to  get
       information  about  a  specific  printer.   When  information  about  a
       particular spool queue is needed and one or more filters are  specified
       as  the source of printcap information, then the filter will be started
       and the printer name written on its standard input.   The  filter  must
       provide  a  printcap  entry  for  the requested printer on its standard

       The filter can  be  used  to  interface  to  databases  or  nonstandard
       information  sources  which  do  not produce printcap information in an
       acceptable form.


       Each spool queue has  a  spool  directory  (sd)  and  optional  control
       directory  (cd)   where  job  and  control  information is kept.  Under
       normal operation the spool and control directories are  identical,  but
       if  the  spool  directory  is  NFS  exported  for  use by other printer
       spoolers which write files directly into the spool queue,  then  it  is
       recommended  that the control directory be a separate directory and not
       NFS mounted.  The following files are used for printer operations.  Per
       job entries are marked with an asterisk (*).

       File Name           Dir     Purpose
       printer             CD      lock file and server process PID
       unspooler.printer   CD      subserver process PID
       control.printer     CD      queue control information
       *hfAnnn             SD      job hold file
       *cfAnnnHOST         SD      job control file
       *dfAnnnHOST         SD      job data file
       *bfAnnn.*           SD      temporary files

       The  nnn in the file names stands for the job number.  RFC1179 requires
       this to be a 3 digit number, but the  longnumber  printcap  flag  or  a
       nonzero longnumber configuration variable will enable 6 digit numbers.

       The  lock  file  is  used  to  prevent  multiple job queue servers from
       becoming active simultaneously, and to store  the  server  process  id.
       The  lock  file name is the name as the printer name; all other control
       files have the printer name appended as indicated above.

       The printer spool control file  contains  information  controlling  the
       queue  operations.   It consists of a series of lines with keywords and
       values  to  control  printing,  spooling,  and  automatic  job  holding
       operations.   The  following  is  an example of a typical spool control

              spooling_disabled 0
              printing_disabled 1
              holdall 0
              redirect p1@host2
              debug 10,log=/tmp/log
              class A

       The spooling_disabled and printing_disabled  entries  control  spooling
       and  printing;  the  lpc enable, disable, start, and stop command alter
       these values.  The holdall entry will prevent jobs from being processed
       until  released  with  the lpc hold or release comands; the lpc holdall
       and noholdall commands alter these values.

       The redirect entry causes  the  lpd  server  to  forward  jobs  to  the
       specified  remote  printer; the lpc redirect command alters this field.
       The class field controls the class of jobs being printed.  By  default,
       the  class  value  is  a  pattern that matches the class entry in a job
       file; however a entry of the form letter=patterns will print jobs whose
       control  file  line  starting  with letter matches one of the patterns.
       The debug line provides a set of debugging  parameters  for  diagnostic
       information for the particular spool queue.

       Each  print  job consists of a control file and one or more data files.
       Lines in the control file file specify the job data files or parameters
       for the job and the general format of the file is specified by RFC1179.
       Each line consists of a flag character and a parameter; upper case  and
       digit  characters  specify  options  and lower case letters specify the
       printing format and names of data files.  The following is  a  list  of
       the control file flag characters.

       A      Identifier  A  job  identifier  to  be  used when displaying job
              information and/or  status.   The  insertion  of  this  line  is
              controlled    by   the   use_identifier   printcap/configuration

       C      Class String to be used for the class line on the burst page.

       H      Host Name.  Name of the machine where lpr was invoked.

       I      Indent.  The number of characters to indent the  output  by  (in

       J      Job Name.  String to be used for the job name on the burst page.

       L      Banner user name.  Information for banner page.

       P      Person.  Login name of the person who invoked lpr.  This is used
              to verify ownership by lprm.

       M      Send mail to the specified  user  when  the  current  print  job

       N      File  name.   The  original  name of a data file which is in the

       T      Title.  String to be used as the title for pr(1) when the LPR -p
              option was specified.

       U      Unlink.  Job file to remove when printing completed.

       W      Width. The page width (in characters) to used for printing.

       Z      zoptions. Options passed by lpr -Zzoptions.  These are passed to
              output filters to aid in printing.

       f      Formatted File.  Name of  a  file  to  print  which  is  already

       l      Like  ``f'' but passes control characters and does not make page

       p      Name of a file to print using pr(1) as a filter.

       t      Troff  File.    The   file   contains   troff(1)   output   (cat
              phototypesetter commands).

       d      DVI  File.   The  file  contains  Tex(l) output (DVI format from

       g      Graph File.  The file contains data produced by plot(3X).

       c      Cifplot File. The file contains data produced by cifplot.

       v      The file contains a raster image.

       r      The file  contains  text  data  with  FORTRAN  carriage  control

       1      Troff  Font  R.  Name  of  the  font  file to use instead of the
              default.  (Obsolete)

       2      Troff Font I. Name of the  font  file  to  use  instead  of  the
              default.  (Obsolete)

       3      Troff  Font  B.  Name  of  the  font  file to use instead of the
              default.  (Obsolete)

       4      Troff Font S. Name of the  font  file  to  use  instead  of  the
              default.  (Obsolete)

       Each  job in the spool queue can have an associated job hold file which
       is used by the server process to control the printing of the job.   The
       status  file  contains  information controlling the job hold status and
       error status.  The spool server will attempt to print a job  a  limited
       number  of times before abandoning it or setting an error status in the
       job status file.  The following is a typical job hold file.
              hold        0 priority    0  active       2135  redirect  remove
              0 error

       A nonzero hold entry will prevent the job from being processed; the lpc
       hold and release  commands  update  this  field.   The  priority  field
       overrides  the  normal  first-in first-out printing priority; jobs with
       non-zero priority fields are  printed  first.   The  lpc  topq  command
       updates  this field.  If the active field is non-zero, the job is being
       printed by the server with the  specified  process  id.   The  redirect
       field  allows  individual  jobs to be forwarded to a different printer;
       the lpc move command updates this field.  Finally, the remove and error
       fields  are used to control printing of problem jobs.  The remove field
       is  set  when  a  job  should  be  removed;  the  error  field  records
       information that would prevent a job from being printed.


       The  LPR  program is used to submit a job to the LPRng system.  The LPR
       program opens a connection to the LPD server and then transfer the  job
       control  file  and  data  files.   The  LPD server checks to see if the
       remote host and user has permissions to spool to the requested printer,
       and  then  checks  to  see  if  the printer is accepting jobs.  If both
       conditions are met, the job is accepted and the control and data  files
       are  placed  in  the  spool  directory.   The  LPRng software sends the
       control file first, followed by the data files.

       If the LPR program is acting as  a  filter,  it  is  not  necessary  to
       temporarily  store  the print job on the local machine.  The input data
       can be sent directly to the LPD server for spooling using  an  implicit
       job  size  of  0 and sending data until the connection is terminated to
       the server.  However, some LPD servers do not accept 0 size jobs,  even
       though  it is specified by the RFC1179, so by default LPR will create a
       temporary file.  The LPR  -k  (seKure)  option  specifies  this  direct
       transmission mode be used.


       When LPR is to send a job to the server, it must determine the location
       of the server.  It does this by examining the values of  the  specified
       printer and host.

       If  the  printer  and host are explicitly specified in the form pr@host
       then the LPR program will send the job to the specified spool queue  pr
       and to the server running on host.  This can be explicitly specified by
       the PRINTER environment variable or by the LPR -P option.

       If the printer is specified only by a name, then the information in the
       printcap  database  is  used.   The  printcap  entry for the printer is
       searched for and the remote host  and  printer  information  extracted.
       The job is sent to the server running on the specified host.

       This  action can be modified by the following printcap or configuration

       1. default_host=host
            (Configuration) If there is no printcap entry for the printer, the
            job is sent to the LPD server running on host.

       2. force_localhost
            (Configuration  or  printcap) If this flag is specified,  then LPR
            and other client programs will send the job to the server  running
            on the localhost.  This overrides the default_host information.


       The  LPD  system  can forward jobs from one spool directory to another.
       This is controlled by the following options.

       1.   The forward field in the spool control file  has  a  value  rp@rm.
            This can be set using the LPC forward command.

       2.   The lp (line printer) printcap entry has the form rp@rm.  There is
            a rm (remote machine) and optional rp  (remote  printer)  printcap

       The  first  of  the  above  conditions  to  be  met  will determine the
       destination.  If printing is enabled, then jobs will  be  forwarded  to
       the remote destination.  Example:
       # using lp=rp@host
       # using :rp:rm:

       3.   The LPD server uses the same algorithm for sending jobs as the LPR
            program.  A connection is made to the remote server and the  files
            are  copied  to  the server.  A set of timeouts is used to control
            error  recover   and   retry   operations.    The   printcap   and
            configuration    variables    connect_timeout,   connect_interval,
            connect_grace, and send_try control connecting to the remote host.
            A  connection is attempted to the remote server from a random port
            in the range of ports specified by  the  originate_port  variable.
            If  a  connection is not completed within connect_timeout seconds,
            the connection is aborted, and  then  after  the  connect_interval
            seconds  it  is  retried.  The procedure repeated indefinitely for
            printing, but only once  for  status  or  control  operations.   A
            connect_timeout  value  of  0  indicates  no timeout; a value of 0
            specifies infinite timeout  After  a  job  has  been  successfully
            printed,  the  connection  is  closed  and  the  server  waits for
            connect_grace seconds before trying to reconnect.


       Normally job files are forwarded to  a  printer  without  modification.
       The  lpd_bounce  flag makes the queue a bounce queue and allows banners
       to be generated and data files to passed through the appropriate format
       filter.   The  entire  output  of  this  process  is then passed to the
       destination with the format specified by the bq_format option  (default
       l  or binary).  See PRINTING OPERATIONS for details about filters.  For
       example, the following printcap entry will filter format f files.


       Sometimes only the indicated format of  the  data  files  needs  to  be
       changed.   This  can  be  done using the translate_format option.  This
       entry consists of pairs of lower case characters of the form SdSd...; S
       is the original and d is the translated format.

       In  the  example above, the m format is processed by a filter, and then
       its format type is changed to f; the p format is  processed  similarly.
       Note that the lpr -p option specifies that the job will be processed by
       the /bin/pr command - the filter must do both the pr processing and any
       necessary format conversions.


       The  :lpr_bounce:  printcap  flag  will  cause  LPR  to do bounce queue
       filtering before sending the job to the remote queue.   This  can  have
       unexpected effects if the filters are not available on the local host.

       A typical entry which will cause LPR to do filtering is shown below.

       This entry will force LPR to run jobs with formats f, m, and v
       through the appropriate filter.
       It will also rename the formats to the f format.


       When a job is submitted for printing, sometimes it is desirable to have
       it dynamically rerouted to another spool queue, or multiple copies send
       to various destination.  This can be done by using a routing_filter.

       When  a  job  is  accepted  by  the  LPD server, part of the processing
       includes passing it to a  program  specified  by  the  printcap  router
       entry.  This filter is invoked with the original control file as STDIN,
       and the default set of filter  options.   The  output  of  the  routing
       filter  will be a set of directives used by LPD when forwarding the job
       to another printer or in  processing  the  job.   The  environment  and
       options  flags  are  set  as for a standard filter.  (See "FILTERS" for
       details.)  Here is a sample printcap entry:
       t2|Test Printer 2

       The routing filter exit status is used as follows:
                           0  (JSUCC) - normal processing
                           37 (JHOLD) - job is held
                           any other value - job is deleted from queue

       The router  filter  returns  one  or  more  routing  entries  with  the
       following  format.   Note  that  entry order is not important, but each
       entry will end with the 'end' tag.   dest  <destination  queue>  copies
       <number of copies to be made> X<controlfile modifications> end

       Example of router output:
       dest t1@localhost
       copies 2
       dest t2@localhost

       The above routing information will have copies of the job sent to
       the t1 and t2 spool queue servers.  If no valid routing information
       is returned by the router filter the job will be sent to the default
       bounce queue destination.


       Sometimes  it is desirable to reformat a control file before sending to
       a remote destination.  If the control_filter printcap entry is present,
       then  the  control  file  is  passed through the filter.  If the filter
       exits with status JSUCC, then  the  job  is  process  normally;  status
       JABORT  causes  the job processing to be aborted, status JREMOVE causes
       the job processing to be removed, and any other status  is  treated  as

       After  passing  the  control  file  through the control_filter, the LPD
       server will reread it, and transfer only the data  files  specified  in
       the new control file to the destination.


       The  qq printcap entry and the use_queuename configuration entry causes
       the name of the spool queue to be placed in the job control file.  This
       value  can  be  used  by  the filter to determine how to process a job.
       When combined with the use of the Bounce Queue, this  can  be  used  to
       reformat jobs before sending to another printer spooler system.


       When  printing  is  enabled,  the LPD server will create a spool server
       process to carry out printing operations.  For each job in  the  queue,
       the  spool  server process will create a subserver process to carry out
       the actual printing operations.  If the subserver  process  fails,  the
       server   process  will  initiate  recovery  operations.   Job  will  be
       attempted to be printed until all are done or a  subserver  returns  an
       ABORT indication; the server will then terminate operations.

       The server process normally scans the queue once, at initiation; if the
       spool control file is modified, usually by using the lpc  command,  the
       spool queue is rescanned.  The overall algorithm for job printing is:
       open the print device;
       send some initialization strings;
       send a banner to the device;
       send the job data files to the device;
       send some termination strings;
       close the print device;

       In  order  to  handle  the  various  device requirements, the subserver
       process in turn uses 'filter' programs specified in the printcap  entry
       to carry out the individual steps.

       OF Filter
            The  'of'  filter  is used for initialization, banner printing and
            the  termination  strings.   It  has  the  peculiar  property   of
            suspending  itself  when  sent  a  special escape string, allowing
            other filters to be used to print the individual job files.

       Data Filters
            Each data file in a job has  format  specified  by  a  lower  case
            character and an associated filter specified in the printcap file.
            For example, the 'g' format is printed by the 'gf' filter, and  so
            forth.   By  convention,  the  'if'  filter  is  used to print 'f'
            (ordinary text) and 'l' (binary) format jobs.

       lp-pipe Filters
            If the printcap device specification has the  form  |program  then
            the  output  device  is  accessed  by the specified program.  This
            allows the program to take care of any required initialization  or
            communication requirements.

       The  following  is  a  concise  summary of the actual algorithm used to
       print files.  Note that LP stands for  the  printer  device  or  filter
       specified  by  the 'lp' printcap entry; OF stands for the 'of' printcap
       filter; IF is the default  'if'  filter;  BP  is  the  banner  printing
       filter;  and  ?F  stands for the filter for data file.  The '??' values
       stand for entries from the printcap file.

       LP = open( 'lp' );  // open device, filter, or network connection
       OF = IF = LP;       // set defaults
       set up accounting according to 'af' entry;
       if( 'of' ) OF = filter( 'of' ) -> LP;// make OF filter
       if 'as' then record start of job accounting information.
       if 'achk' then check for accounting limits.
       if( leader on open 'ld' ) `ld` -> OF// send leader
       if( FF on open 'fo' ) `fo` -> OF    // send leader

       // print a banner
       // first check to see if required
       //   and then to see if not suppressed by printcap
       //   or by user
       do_banner =
           (always banner 'ab'
               || (!suppress banner 'sb' && job has banner ));
       if( ! header last 'hl' && do_banner ){
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;

       // now we suspend the OF filter, use other filters
       if( OF != LP ) suspend OF filter;

       for each data file df in job do
           // send FF between files of job
           if( !first job && ! no FF separator 'sf' ){
               if( OF != LP ) wake up OF filter;
               'ff' -> OF;
               if( OF != LP ) suspend OF filter;

           // get filter for job
           format = jobformat;
           if( jobformat == 'f' or jobformat = 'l' ){
               format = 'f';
           filter = check pc for filter for format;
           ?F = LP; // default - no filter
           if( filter ){
               ?F = filter( filter ) -> LP;

           data file -> ?F;
           // note: if :direct_read: flag set, filter input
           // is directly from the file,  otherwise the
           // file contents are written to the filter input.

           if( ?F != LP ) close( ?F )

       // finish printing

       if( OF != LP ) wake up OF filter;
       if( header last 'hl' && do_banner ){
           if( ! no FF separator 'sf' ){
               'ff' -> OF;
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;

       if( ff on close 'fq' ){
           'ff' -> OF;

       if( trailer on close 'tr' ){
           tr -> OF;

       if 'ae' then record end of job accounting information.

       if( OF != LP ) close( OF );
       close( LP );

       When printing or transferring a job to  a  spool  queue  fails,  it  is
       retried the number of times specified by the rt (or send_try ) printcap
       variable.  A 0 value specifies an infinite number or retries.  When the
       retry count is exceeded, then the send_failure_action printcap variable
       determines the action to be taken.  The variable can be the values succ
       ,  fail  , abort , remove , ignore , or hold , which will cause the job
       to be treated as normally  completed,  retried,  aborted,  removed,  or
       ignored  and  retried  at  a  later  time  respectively.   These  names
       correspond to the JSUCC , JFAIL , etc. error codes returned by filters.
       If  the  variable  has  the  form |/filter , then the filter is run and
       passed the number of attempts on the standard input.  The  filter  must
       exits  with  a  JSUCC, JFAIL, etc., error code and the server will take
       the appropriate action as listed above.

       The print filters normally have their input provided by a process via a
       pipe.   However,  if  the  direct_read  printcap  flag is set, then the
       filter input is taken directly from the job file.  This  is  compatible
       with  the  vintage  BSD  method, but loses the ability to track the job

       After the job print or transfer attempt, if the job is  to  be  removed
       and  the  printcap  variable save_on_error is true, the job will not be
       removed from the spool queue but only flagged with an error.   The  job
       can  then  be  retried  at  a  later  time.  If the job is successfully
       printed it is usually removed from the spool queue.   However,  if  the
       printcap  variable save_when_done is true the job will merely be marked
       as completed and not removed from the queue.


       As described in the previous section, filters  are  created  to  handle
       output  to  devices  or  other  filters.   The command line to invoke a
       filter is generated in the following manner.

       1.   The printcap entry or  configuration  value  defining  the  filter
            command is obtained.

       2.   The  file  to  be printed or the banner line/file generated by the
            banner printer will be written to STDIN  (file  descriptor  0)  of
            the  filter.   The  output  device  (or /dev/null if this is not a
            printing filter) will be be STDOUT  (file descriptor 1) and STDERR
            (file  descriptor  2) will be connected to the error logging file.
            If this is a printing filter, the error log will be determined  by
            the  :af:  printcap  field  and FD 3 will be opened and set to the
            either the file, remote host, or input of the filter program.

       3.   Filter specifications starting with ROOT will be run as root (EUID
            =  0).  This can be a serious security loophole and should only be
            used as a last resort for specific problems.

       4.   The options for the  filter  command  line  will  be  replaced  by
            appropriate  values.   Option  specifications  have  the form $[0|
            ][-]X.  The default option expansion has the form $X -> -X'value';
            the  form $0X or $(space)X adds a space after the -X, i.e.- $0X ->
            -X 'value'; the form $-X suppresses the -X, i.e. - $-X  ->  value.
            The options will be expanded as follows:

            Key  Value
            a    Accounting file (printcap 'af' entry)
            b    Job size, i.e.- total data file size, in bytes
            c    if binary (format 'l') expands to -c
            d    Control directory
            e    job data file
            f    original print file name (control file N field)
            h    Control file hostname
            i    Control file indent (I) field
            j    job number from control file name
            k    Control file name
            l    printcap Page length (pl) value
            m    printcap Cost factor (co) value
            n    Control file user logname (P) field
            p    Remote Printer name for forwarded jobs
            r    Remote Host name for forwarded jobs
            s    printer Status file (ps) value
            t    current time in simple format
            w    printcap Page width (pw) value
            x    printcap x dimension (px) value
            y    printcap y dimension (py) value
            F    data file format character
            P    Printer name
            S    printcap Comment tag (cm) value
            Upper Case   control file line starting with letter
            Digit control file line starting with digit

       5.   The  options specified by the filter_options (for none OF filters)
            or of_filter_options (for the OF filter) will be appended  to  the
            command  line  and  expanded.  To suppress adding options, you can
            use the form '-$ filter', i.e.  -  of=-$/bin/cat.   If  the  'bkf'
            (backwards compatible filter options) printcap flag is set, the of
            filter is given the options specified by bk_of_filter_options  and
            other filters those by bk_filter_options.  The following shows the
            various combinations possible, and typical values for the options.

            filter_options    $C $F $H $J $L $P $Q $R $Z $a $c $d $e $f $h $i \
                              $j $k $l $n $s $w $x $y $-a
            bk_filter_options $P $w $l $x $y $F $c $L $i $J $C $0n $0h $-a
            bk_of_filter_options $w $l $x $y

       6.   A printing filter which executes correctly and completely should
            exit with a 0 error status.
            A nonzero error status will be interpreted as follows:
            JFAIL    32   failed - retry later
            JABORT   33   aborted - do not try again, but keep job
            JREMOVE  34   failed - remove job

       The JFAIL will cause the job to be retried at a later  time.   A  limit
       can  be  placed  on  the number of retries using the :rt: or :send_try:
       printcap entry.  A retry value of 0 will cause infinite  retries.   The
       JABORT indicates serious problems and will cause printing operations on
       the job to stop until restarted by operator intervention.  The  JREMOVE
       status indicates problems, and the job should be removed from the spool

       The environment variables for filters are highly restricted, due to the
       possibility for abuse by users.  The following variables are set:

       USER and LOGNAME
            user name or daemon name.

            home directory of user or daemon.

       PATH from the filter_path configuration variable.

            from the filter_ld_path configuration variable.

            set to /bin/sh

       IFS  set to blank and tab.

       TZ   the TZ environment variable.

            the spool directory for the printer

            the control directory for the printer

            the printcap entry for the printer

            the control file for the print job

       pass_env environment variables
            Values   of   environment   variables   listed   in  the  pass_env
            configuration variable.


       The LPRng software provides several methods of  performing  accounting.
       The  printcap  af  (accounting  field), as and ae (accounting start and
       end), and achk (accounting check) provide a basic  set  of  facilities.
       The  af field specifies a file, filter, or TCP network connection to an
       accounting server.  If af has the form |filter or  |-$  filter  then  a
       filter  will  be started and all accounting information will be sent to
       the filter.  The first form passes the filter the command line  options
       specified  by  the filter_options configuration variable and the second
       suppresses option passing.  If af has the form  host%port  then  a  TCP
       connection  will  be  opened  to  the  port  on  the specified host and
       accounting information sent there.  All other forms will be treated  as
       a pathname relative to the queue spool directory.

       If  af specifies a file, then the accounting information is appended to
       an existing file; the accounting file will not be created.

       When af specifies a filter or network connection and the achk  flag  is
       set,  then  after  writing  the  initial accounting information (see as
       printcap field below) the server will wait for  a  reply  of  the  form
       ACCEPT from the filter or server.  If not received, the job will not be

       The as (accounting start) and ae (accounting end) fields can specify  a
       string  to  be  printed  or  a  filter.   Options in the string will be
       expanded as  for  filters,  and  the  strings  printed  to  either  the
       accounting  information  destination.   If  the  as  field  specifies a
       filter, then the print server will wait for the filter to  exit  before
       printing  the  job.  If the exit status is 0 (successful), the job will
       be printed.  A non-zero JREMOVE status will remove the job,  while  any
       other  status will terminate queue printing operations.  After printing
       the job, the ae filter will be started and the server will wait for  it
       to complete before printing the next job.

       The  as  and ae filters will have STDOUT set to the printing device and
       or filter, and the STDERR set to the  error  log  file  for  the  print
       queue, and file descriptor 3 set to the destination specified by the af

       As a convenience, all format filters for printing will be started  with
       file  descriptor 3 set to the destination (file or filter) specified by
       the printcap af field.  This allows special  filters  which  can  query
       devices  for  page  counts  to  pass  their  information directly to an
       accounting program.  The descriptor will READ/WRITE,  allowing  filters
       to query the accounting program and/or update the information directly.


       In  order  to  provide  a  centralized  method  to track job status and
       information,  the  printcap/configuration  variable  logger_destination
       enable   the   send  of  status  and  other  information  to  a  remote
       destination.  The logger_destination value has the form
       where host is the host name or IP address, port  is  an  optional  port
       number,  and  protocol is an optional protocol type such as UDP or TCP.
       The      configuration      variables      default_logger_port      and
       default_logger_protocol can be used to override the default port number
       (2001) and protocol (UDP) to be used if  none  is  specified.   Logging
       information has the format below.
              IDENTIFIER jobid [PRINTER name] at timestamp \
                 STATUS | TRACE | FILTER_STATUS PID nnn
              [ status information]

       The  status information format consists of an identifier line, followed
       by a specifier of the status type.  The logging  information  entry  is
       terminated by a line with a single period on it.  Lines with a starting
       period have the period duplicated.


       Rather than building authentication facilties into LPRng, an  interface
       to  authentication  programs  is  defined, and will be used as follows.
       The  printcap  and  configuration  entries  auth,   auth_client_filter,
       auth_forward,           auth_forward_id,           auth_forward_filter,
       auth_receive_filter, and auth_server_id entries control authentication.
       The  auth  value  specifies  the  type of authentication to be used for
       client to server authentication.  Typical  values  would  be  kerberos,
       md5,  etc.   If  the  authentication  type  is not built-in, the client
       programs use the auth_client_filter program to perform  authentication.
       When  a  server  gets  and  an  authentication request, it will use the
       auth_receive_filter   program   to   perform    authentication.     The
       auth_server_id  is  the  remote server id used when a client is sending
       jobs to the server or when the server is originating a request.  When a
       server  forwards  a request, it uses auth_forward value to determine if
       authentication  is  to  be  done,  and  the  auth_forward_id   as   the
       destination server id.

Client To Server Authentication

       1.  The client will open a connection to the server and sends a command
           with the following format.  The REQ_SECURE  field  in  the  command
           corresponds to the one-byte command type used by the LPR protocol.
                  \REQ_SECUREprinter C user\n
              Print job transfers:
                  \REQ_SECUREprinter C user controfilename\n

       2.  On  reception  of  this  command,   the server will send a one byte
           success code as below.  An error code may be followed by additional
           error information.  The values used by LPRng include:
              ACK_SUCCESS     0   success, no error
              ACK_STOP_Q      1   failed; no spooling to the remote queue
              ACK_RETRY       2   failed; retry later
              ACK_FAIL        3   failed; job rejected, no retry

       3.  If there is an error the connection will be terminated.  The server
           will  then  start  an  authentication  process,  and  provide   the
           following  open file descriptors for it.  The authenticator process
           will run as the UID of the server (i.e.- usually daemon).
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for information for server
              2     W       error log
              3     R       pipe or file descriptor
                            for responses to client

           The command line arguments will have the form:
              program -S -Pprinter -nuser -Rserver_user -Ttempfile

           The printer and user information will be obtained from the  command
           line  sent  to the server.  The authenticator can create additional
           temporary or working files with the pathnames tempfile.ext;   these
           should  be  deleted  after  the  authentication  process  has  been

       4.  After receiving \ACK_SUCCESS, the client  starts  an  authenticator
           process,  and  provides the following open file descriptors for it.
           The authenticator process will run UID user.
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for responses to client
              2     W       error log

           The command line arguments will have the form:
              program -C -Pprinter -nuser -Rserver_user -Ttempfile

       5.  The authenticator can create additional temporary or working  files
           with  the  pathnames tempfile.ext;  these will be deleted after the
           authentication   process   has   been   completed.    The    client
           authenticator will be running as the client user.

       6.  After    exchanging    authentication   information,   the   client
           authenticator will transfer the contents of the temporary  file  to
           the  server authenticator, using FD 0.  It will then wait for reply
           status on FD 0.   If the transfer step fails, or there is no  reply
           status  of the correct format,  the client authenticator will print
           any received information on FD 1, error information on  FD  2,  and
           then exit with error code JFAIL.

       7.  After  receiving  the files on FD 0,  the server authenticator will
           perform  the  required  authentication  procedures  and  leave  the
           results  in  tempfile.   The  server  authenticator  will write the
           following to FD 1,  for use by the server:

           If the transfer step or authentication fails,  then the server will
           write an error message to FD 2 and exit with error code JFAIL.  The
           server will use this authentication information to determine if the
           remote user has permission to access the system.

       8.  The  server  authentication process will read input from FD 3 until
           and end of file, and then proceed to  transfer  the  input  to  the
           client  authenticator.   If  the  data  transfer  fails,   then the
           process will exit with error code JFAIL,  otherwise  it  will  exit
           with error code JSUCC.

       9.  The  client  authenticator will read the status information from FD
           0,  and after performing authentication will write it to FD 1.   If
           data  transfer  or  authentication  fails,   the authenticator will
           write an error message to FD 2 and  exit  with  error  code  JFAIL,
           otherwise it will exit with error code JSUCC.

Server to Server Authentication

       The  Server to Server authentication procedure is used by one server to
       forward jobs or commands to another server.  It should  be  noted  that
       this forwarding operation puts an implicit trust in the security of the
       client to server to server chain.  In the description  below,  src  and
       dst are the userid of the source and destination servers respectively.

       1.  The  originating  host  takes  the  part  of  the  client, and will
           transfer a job acting like the  client.   The  initial  information
           transfer from the originating (src) server will have the format:
                  \REQ_SECUREprinter F user\n
              Print job transfers:
                  \REQ_SECUREprinter F user controfilename\n

           After receiving a 0 acknowledgment byte, the src server will invoke
           its authenticator with the arguments below.  The forward_user value
           will default to the server_user value if not explicitly provided.
              program -C -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

       2.  On  the  destination  server  the authenticator is invoked with the
              program -S -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

           The authentication is performed to determine that the transfer  was
           between the two servers,  rather than the user to server.


       As a convenience, Kerberos 5 authentication has been built into the LPD
       clients and servers.  If you are not familiar with Kerberos,  then  you
       should  obtain  other documentation and/or assistance before attempting
       to use this.  The following facilities/configuration values are used to
       support Kerberos.

       A  Kerberos  principal  is the name used for authentication purposes by
       Kerberos.  For example, user principals have the form  user@REALM;  for
       example,  papowell@ASTART.COM.   Services  and/or servers have the form
       service/host@REALM; for example, the lpd server on dickory  would  have
       the form:

       User  to  server  authentication  process will use the user's principal
       name, and generate a service name for the server.  The name  generation
       is controlled by the following configuration and/or printcap values.

              The  name  of  the  service  to be used to identify the service.
              This is usually "lpr".

              The location  of  the  server  keytab  file.   The  keytab  file
              corresponds  to  the  user  password,  and  must be considered a
              security risk.  It should be owned by the LPD server  user,  and
              readable/writable only by the server.

              The  lifetime  of  the authentication ticket used by the server.
              This usually defaults to 10 hours.

              The renewal time of the ticket.

       In addition to the default values, an explicit server principal can  be
       specified in the printcap file using the kerberos_server_principal This
       allows cross domain authentication to be done.

       When setting up Kerberos authentication, you  will  need  to  establish
       principals  for  each  server, and to distribute and install the keytab
       files on each server.


       The following permissions tags are available to check on authentication
              AUTH=[NONE,USER,FWD]    - authentication
                  AUTH=NONE   - no authentication
                  AUTH=USER   - authentication from a client
                  AUTH=FWD    - forwarded authentication from a lpd server

       1.  The  AUTH  tag  can be used to determine the type of authentication
           being  done.   The  AUTHTYPE  tag  can  be  used   to   match   the
           authentication type being used or requested by the client or remote
           server.   The  authentication  process  returns  an  authentication
           identifier  for  the  user;  this information can be matched by the
           AUTHUSER tag.

       2.  For a command sent from  a  client  or  forwarded  from  a  server,
           AUTHUSER  matches  the auth_user_id provided for the user when sent
           to a server.  (This information  will  be  forwarded  by  a  remote
           server).    For   a   forwarded  command,  FWDUSER  refers  to  the
           authentication information for the server doing the forwarding.

       3.  For example,  to reject non-authenticated operations, the following
           line could be put in the permissions file.
              REJECT AUTH=NONE

       4.  To  reject  server  forwarded authentication as well, we use REJECT
           AUTH=NONE,FWD.  If a remote server  with  name  serverhost  has  id
           information  FFEDBEEFDEAF,   then  the  following  will accept only
           forwarded jobs from this server.
              REJECT AUTH=FWD


       The lpd action can also be manipulated by using environment variables.


              Used for md5 signated file transmission


       The files used by LPRng are set by values in the printer  configuration
       file.  The following are a commonly used set of default values.
       /etc/lprng/lpd.conf                          LPRng configuration file
       ${HOME}/.printcap                            user printer description file
       /etc/printcap                                printer description file
       /etc/lprng/lpd.perms                         permissions
       /var/run/lprng/lpd                           lock file for queue control
       /var/spool/lpd                               spool directories
       /var/spool/lpd/QUEUE/control                 queue control
       /var/spool/lpd/QUEUE/log                     trace or debug log file
       /var/spool/lpd/QUEUE/acct                    accounting file
       /var/spool/lpd/QUEUE/status                  status file


       lpd.conf(5),  lpc(8), checkpc(8), lpr(1), lpq(1), lprm(1), printcap(5),
       lpd.perms(5), pr(1).


       Patrick Powell <>.


       Most of the diagnostics are self explanatory.  If you are puzzled  over
       the  exact  cause  of failure, set the debugging level on (-D5) and run
       again.  The debugging information will help you to pinpoint  the  exact
       cause of failure.


       LPRng  is  a enhanced printer spooler system with functionality similar
       to the Berkeley LPR software.  The  LPRng  developer  mailing  list  is;      subscribe      by      visiting   or   sending
       mail  to with the word subscribe in
       the body.
       The software is available via