Provided by: lprng_3.8.B-2_amd64 bug

NAME

       lpd - line printer daemon

SYNOPSIS

       lpd [-L logfile] [-F] [-V] [-D debugopt] [-p port]

DESCRIPTION

       The  lpd program is the printer server program of the LPRng software suite.  This software
       is an enhanced and modified version of the Berkeley LPD software.

OPTIONS

       -L logfile
              specifies an alternate file to be used for logging error  and  debugging  messages.
              The  syslog(8) facility is used to log critical messages as well.  Please note that
              you need to create the file by yourself, a 'touch' is sufficient.  This  is  needed
              for security reasons.

       -F     Under  normal  operation,  the LPD server will run in background mode.  The -F flag
              forces it to run in foreground mode, where it is more easily debugged.

       -V     Print program version information.

       -D debugopt
              Debugging is controlled using the -D option. This accepts a comma-separated list of
              debugging settings. These settings take one of two forms: facility=value , or value
              to set an overall default value.  The available facilities  can  be  determined  by
              invoking LPD with the -D= parameter.

       -p port
              Bind to the specified port rather than port 515 specified by RFC1179.

OPERATION

       Lpd  is the line printer daemon (spool queue handler) and is normally invoked at boot time
       from the rc(8) file; it can also be started by a user.  Note that  the  lpd  server  needs
       only  run  on systems where actual printing or spooling is taking place.  lpr(1) and other
       related programs transfer files using network facilities to the lpd.

       When started, lpd reads a configuration file to obtain basic  operational  parameters  and
       then reads the printcap(5) database information to determine the which printers have spool
       queues and to start spool queue server processes.  If running as a background  server,  it
       will  disconnect  from its control terminal and run in the background.  It uses the system
       calls listen(2) and accept(2) to receive requests to print files in  the  queue,  transfer
       files  to  the  spooling area, display the queue, remove jobs from the queue, or perform a
       spool queue control function.  In each case it creates one or  more  server  processes  to
       handle the request and the lpd process will listen for more requests.

       Sending  the  server a SIGHUP signal causes the server to reread the various configuration
       and inititialization files.  This action is  similar  to  that  of  the  INETD  and  other
       servers.   The  same action is taken when sent a reread command by the lpc(1) program.  At
       an interval specified by the poll_time configuration variable, lpd will  check  for  spool
       queues with jobs and no printing activity, and start printing.

       LPD  access  control  is  done  using  a  rule set and match algorithm similar to a packet
       filter.  Each request for printing, status, or control operations is matched  against  the
       rule  set,  and  the  first  ACCEPT  or  REJECT  value  determines if the operation can be
       performed.  The following is a typical permissions file:
              # Set default permissions
              DEFAULT ACCEPT
              # Reject any connections from outside our subnet
              REJECT SERVICE=X NOT IP=130.191.0.0/255.255.0.0
              # Only accept Printing (P) and spooling (LPR) from
              # the private network, the 10.0.0.0/8  network and fw
              REJECT SERVICE=P,R NOT REMOTEHOST=*.private,10.0.0.0/8,fw.astart.com
              # Do not accept forwarded jobs for printing
              REJECT SERVICE=P FORWARD
              # Allow only the administrators control access
              ACCEPT SERVICE=C,M REMOTEHOST=spooler.astart.com USER=root,papowell
              ACCEPT SERVICE=C,M SERVER REMOTEUSER=root,papowell
              # Allow only the user on the same host who spooled job to remove it
              ACCEPT SERVICE=M SAMEUSER SAMEHOST
              REJECT SERVICE=M,C

       Permission checking is done by using a set of keys (or fields) with associated  values  to
       check  for permission.  The SERVICE key has value P for printing (i.e.- unspooling), R for
       spooling (i.e.- LPR request), C and S for printer control and status  respectively  (i.e.-
       LPC  request),  M  for  removal  (i.e.- LPRM request), Q for queue information (i.e.- LPRM
       request), and so forth.  The X key indicates the initial connection to  the  LPD  spooler,
       and can be used to control connections from remote systems.  The values of the USER, HOST,
       and IP keys  taken  from  the  control  file  which  is  being  received  or  checked  for
       permissions.   The  REMOTEUSER, REMOTEHOST and REMOTEIP keys are those either sent as part
       of a command, or derived from information about the current network connection.  Each line
       of the permissions file is scanned for key names and values, and these are matched against
       the request keys information.  When all matches on a line are made, then search terminates
       with  the  specified  action (ACCEPT/REJECT).  If no match is found the default permission
       value is used.  The DEFAULT key is used to specify the current default  permission  to  be
       used  for successful matches or if there is no match after scanning the entire permissions
       database.

       The GROUP entry is used to check that the USER name appears in a group entry in the system
       user  group database.  For example, GROUP=student*,staff* would check to see if any of the
       group name matching student* or staff* have the specified user name in them.  If a  system
       has the netgroups capability, a group name starting with a @ will be treated as a netgroup
       name, and current user name from the job file will be checked to  see  if  it  is  in  the
       group.   Similarly,  the  REMOTEGROUP entry will check a remote user name.  The PORT entry
       can be used to ensure that a connection to the server originates from a specified range of
       ports.  For more details, see the lpd.perm(5) man page.

       The  permissions  database  is  scanned  in  order  of  the fixed file entries and then by
       invoking the specified filters for each of the permissions lists.  It is recommended  that
       the  filters  be  placed at the end of the permissions lists.  The user name is one of the
       parameters passed to the filter, and can be used to determine if a user has permissions to
       print a file.

       Key          Match Connect Job   Job    LPQ  LPRM  LPC
                                  Spool Print
       SERVICE      S     'X'     'R'   'P'    'Q'  'M'   'C,S'
       USER         S     -       JUSR  JUSR   JUSR JUSR  JUSR
       HOST         S     RH      JH    JH     JH   JH    JH
       GROUP        S     -       JUSR  JUSR   JUSR JUSR  JUSR
       IP           IP    RIP     JIP   JIP    RIP  JIP   JIP
       PORT         N     PORT    PORT  -      PORT PORT  PORT
       REMOTEUSER   S     -       JUSR  JUSR   JUSR CUSR  CUSR
       REMOTEHOST   S     RH      RH    JH     RH   RH    RH
       REMOTEGROUP  S     -       JUSR  JUSR   JUSR CUSR  CUSR
       REMOTEIP     IP    RIP     RIP   JIP    RIP  RIP   RIP
       CONTROLLINE  S     -       CL    CL     CL   CL    CL
       PRINTER      S     -       PR    PR     PR   PR    PR
       FORWARD      V     -       SA    -      -    SA    SA SA
       SAMEHOST     V     -       SA    -      SA   SA    SA
       SAMEUSER     V     -       -     -      SU   SU    SU
       SERVER       V     -       SV    -      SV   SV    SV
       AUTH         V     -       AU    -      AU   AU    AU
       AUTHTYPE     S     -       AU    -      AU   AU    AU
       AUTHUSER     S     -       AU    -      AU   AU    AU
       FWDUSER      S     -       AU    -      AU   AU    AU

       KEY:
          JH = HOST          host in control file
          RH = REMOTEHOST    connecting host name
          JUSR = USER        user in control file
          CUSR = REMOTEUSER  user from control request
          JIP= IP            IP address of host in control file
          RIP= REMOTEIP      IP address of requesting host
          PORT=              connecting host origination port
          CONTROLLINE=       pattern match of control line in control file
          FW= IP of source of request = IP of host in control file
          SA= IP of source of request = IP of host in control file
          SU= user from request = user in control file
          SA= IP of source of request = IP of server host
          SV= matches if remote host is the server
          AU= authentication information
          IFIP= IP address of remote end of connection

       Match: S = string with wild card, IP = IP address[/netmask],
          N = low[-high] number range, V = exact value match
       SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
           'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
           'C' - lpc spool control request; 'S' - lpc spool status request
       NOTE: when printing (P action), the remote and job check values
          (i.e. - RUSR, JUSR) are identical.

       The  special  key  letter=patterns searches the control file line starting with the (upper
       case) letter, and is usually used with printing and spooling checks.  For example, C=A*,B*
       would  check  that  the class information (i.e.- line in the control file starting with C)
       had a value starting with A or B.

PERMISSIONS, MULTIHOMED HOSTS, IPV6

       There is a subtle problem with names and IP addresses which are obtained for  'multi-homed
       hosts',  i.e. - those with multiple Ethernet interfaces,  and for IPV6 (IP Version 6),  in
       which a host can have multiple addresses,  and for the normal host which can have  both  a
       short  name  and  a fully qualified domain name.  In addition, a host can have multiple IP
       addresses, depending on the complexity of its configuration.

       The IFIP (interface IP) field can be used to check the IP address of  the  origination  of
       the  request,   as reported by the information returned by the accept() system call.  Note
       that this information may be IPV4 or IPV6 information,  depending on  the  origination  of
       the  system.   This  information is used by gethostbyaddr() to obtain the originating host
       fully qualified domain name (FQDN) and set of IP addresses.  Note that this FQDN  will  be
       for  the  originating  interface,   and  may not be the canonical host name.  Some systems
       which use the Domain Name Server (DNS) system may add the  canonical  system  name  as  an
       alias.

       When  performing  an  IP address match,  the entire list of IP addresses for a system will
       now be checked.  If one of these matches,  then  success  is  reported.   Similarly,   the
       entire  list  of  host  names and aliases will be checked.  If one of these matches,  then
       success will be reported.

       In addition,  when checking for printing, if the name lookup for the host reported in  the
       control  file  fails,   then  we  assume that the host is unknown and all match checks for
       names or IP addresses will fail.  You can determine if a host has an entry  by  using  the
       following  check,  which  will reject all requests from a remotehost which does not have a
       DNS entry.
         REJECT NOT REMOTEHOST=*

PRINTCAP DATABASE

       Individual printer operations are controlled by values  in  the  printcap  database.   See
       printcap(5)  for  details of the format and content of the various entries.  The following
       are typical printer entries for a local and remote printer.

              # main or shared printcap file - usually /etc/printcap
              # remote postscript printer
              fullpage
                 |postscript
                 :lp=postscript@farside.astart.com
              # give access to (remote) hosts
              t1|postscript2
                 :cm=Test Printer 1
                 :lp=postscript2@nearside.astart.com

              # local printcap file
              # specification for local printer on nearside
              t1|postscript2
                 :oh=nearside.astart.com
                 :cd=/usr/spool/LPD/safe
                 :sd=/usr/spool/LPD/t1
              #
              # /usr/spool/LPD/t1/printcap file -
              t1:
                 :lp=/dev/pr
                 :if=/usr/lib/pr/if
                 :of=/usr/lib/pr/if

       Printcap information can be distributed by individual files or shared using  NSF,  YP,  or
       other methods; see lpd.conf(5) for the exact details of the location of printcap files and
       programs, given by the printcap_path and lpd_printcap_path configuration information.  The
       usual printcap configuration is to have a main (shared) printcap database which is used by
       all hosts.  The printcap information is usually extremely simple, consisting only  of  the
       printer name and host (i.e. - fullpage printer entry).

       On  hosts which have printers attached or which are to provide spooling queue directories,
       more extensive printcap information is needed.  In the shared database,  oh  (options  for
       specified  host only) field restricts use of this entry to the specified host.  This entry
       can contain host specific information, such as the location  of  the  spool  queue  and/or
       actual device to be used for output.

       In  the above example, the main printcap file, /etc/printcap has entries for all printers.
       Note that these entries do not specify the spool directories (sd and cd fields), but  this
       could  be  provided.   On  a  host  with a printer specific information can be provided in
       several ways.  The simplest is to simply put an additional entry in  the  shared  printcap
       file,  with the oh field set to the support host name.  An alternative would be to specify
       the spool directories (sd and cd fields) in the shared information, and to put the printer
       specific information in a printcap file.

       In  addition  to  the  oh flag, the server flag indicates that this entry is for a the LPD
       server only.  This can be used to simplify the management of client and server entries.

       The printcap information is obtained in the following  order.   If  the  lpd_printcap_path
       configuration  value  is  nonblank  then the lpd server will process only this information
       otherwise it uses the printcap_path information.  All client programs use the contents  of
       the  configuration  printcap_path  variable  to get a list of locations of printcap files.
       Each of these entries in the path lists are processed, and  the  printcap  information  is
       extracted.   Entries  which have oh fields are only used by the specified host.  The files
       and information is processed in linear order, later entries overriding preceeding ones.

       When processing jobs or performing spool queue specific  requests,  the  LPD  server  will
       check  to see if there is a printcap file in the control directory for the spool queue and
       the contents will be processed.  Since only the LPD server has access  to  the  spool  and
       control queues, this information is processed only by the server.

       In  addition to files, printcap information can be obtained from programs or filters.  For
       example, the printcap_path of the form /etc/printcap:|/usr/lib/getpr will use the contents
       of  the  /etc/printcap  file,  and  then use the /usr/lib/getpr program to get information
       about a specific printer.  When information about a particular spool queue is  needed  and
       one  or  more filters are specified as the source of printcap information, then the filter
       will be started and the printer name written on  its  standard  input.   The  filter  must
       provide a printcap entry for the requested printer on its standard output.

       The  filter can be used to interface to databases or nonstandard information sources which
       do not produce printcap information in an acceptable form.

SPOOL DIRECTORY CONTENTS

       Each spool queue has a spool directory (sd) and optional control directory (cd)  where job
       and control information is kept.  Under normal operation the spool and control directories
       are identical, but if the spool directory  is  NFS  exported  for  use  by  other  printer
       spoolers  which write files directly into the spool queue, then it is recommended that the
       control directory be a separate directory and not NFS mounted.  The  following  files  are
       used for printer operations.  Per job entries are marked with an asterisk (*).

       File Name           Dir     Purpose
       printer             CD      lock file and server process PID
       unspooler.printer   CD      subserver process PID
       control.printer     CD      queue control information
       *hfAnnn             SD      job hold file
       *cfAnnnHOST         SD      job control file
       *dfAnnnHOST         SD      job data file
       *bfAnnn.*           SD      temporary files

       The  nnn  in  the  file  names stands for the job number.  RFC1179 requires this to be a 3
       digit number, but the longnumber printcap  flag  or  a  nonzero  longnumber  configuration
       variable will enable 6 digit numbers.

       The  lock  file  is  used  to  prevent  multiple  job  queue  servers from becoming active
       simultaneously, and to store the server process id.  The lock file name is the name as the
       printer name; all other control files have the printer name appended as indicated above.

       The  printer spool control file contains information controlling the queue operations.  It
       consists of a series of lines with keywords and values to control printing, spooling,  and
       automatic  job holding operations.  The following is an example of a typical spool control
       file.

              spooling_disabled 0
              printing_disabled 1
              holdall 0
              redirect p1@host2
              debug 10,log=/tmp/log
              class A

       The spooling_disabled and printing_disabled entries control spooling and printing; the lpc
       enable,  disable,  start,  and  stop  command  alter these values.  The holdall entry will
       prevent jobs from being processed until released with the lpc hold or release comands; the
       lpc holdall and noholdall commands alter these values.

       The  redirect entry causes the lpd server to forward jobs to the specified remote printer;
       the lpc redirect command alters this field.  The class field controls the  class  of  jobs
       being printed.  By default, the class value is a pattern that matches the class entry in a
       job file; however a entry of the form letter=patterns will print jobs whose  control  file
       line  starting  with letter matches one of the patterns.  The debug line provides a set of
       debugging parameters for diagnostic information for the particular spool queue.

       Each print job consists of a control file and one  or  more  data  files.   Lines  in  the
       control  file  file  specify  the job data files or parameters for the job and the general
       format of the file is specified by RFC1179.  Each line consists of a flag character and  a
       parameter;  upper case and digit characters specify options and lower case letters specify
       the printing format and names of data files.  The following is a list of the control  file
       flag characters.

       A      Identifier  A  job  identifier  to  be  used when displaying job information and/or
              status.   The  insertion  of  this  line  is  controlled  by   the   use_identifier
              printcap/configuration variable.

       C      Class String to be used for the class line on the burst page.

       H      Host Name.  Name of the machine where lpr was invoked.

       I      Indent.  The number of characters to indent the output by (in ascii).

       J      Job Name.  String to be used for the job name on the burst page.

       L      Banner user name.  Information for banner page.

       P      Person.   Login  name  of  the  person  who  invoked  lpr.   This is used to verify
              ownership by lprm.

       M      Send mail to the specified user when the current print job completes.

       N      File name.  The original name of a data file which is in the job.

       T      Title.  String to be used as the title  for  pr(1)  when  the  LPR  -p  option  was
              specified.

       U      Unlink.  Job file to remove when printing completed.

       W      Width. The page width (in characters) to used for printing.

       Z      zoptions.  Options passed by lpr -Zzoptions.  These are passed to output filters to
              aid in printing.

       f      Formatted File.  Name of a file to print which is already formatted.

       l      Like ``f'' but passes control characters and does not make page breaks.

       p      Name of a file to print using pr(1) as a filter.

       t      Troff File.  The file contains troff(1) output (cat phototypesetter commands).

       d      DVI File.  The file contains Tex(l) output (DVI format from Stanford).

       g      Graph File.  The file contains data produced by plot(3X).

       c      Cifplot File. The file contains data produced by cifplot.

       v      The file contains a raster image.

       r      The file contains text data with FORTRAN carriage control characters.

       1      Troff Font R. Name of the font file to use instead of the default.  (Obsolete)

       2      Troff Font I. Name of the font file to use instead of the default.  (Obsolete)

       3      Troff Font B. Name of the font file to use instead of the default.  (Obsolete)

       4      Troff Font S. Name of the font file to use instead of the default.  (Obsolete)

       Each job in the spool queue can have an associated job hold file  which  is  used  by  the
       server  process  to control the printing of the job.  The status file contains information
       controlling the job hold status and error status.  The spool server will attempt to  print
       a job a limited number of times before abandoning it or setting an error status in the job
       status file.  The following is a typical job hold file.
              hold        0 priority    0 active      2135 redirect remove      0 error

       A nonzero hold entry will prevent the job from being processed; the lpc hold  and  release
       commands  update  this  field.  The priority field overrides the normal first-in first-out
       printing priority; jobs with non-zero priority fields are printed  first.   The  lpc  topq
       command  updates this field.  If the active field is non-zero, the job is being printed by
       the server with the specified process id.  The redirect field allows individual jobs to be
       forwarded  to  a different printer; the lpc move command updates this field.  Finally, the
       remove and error fields are used to control printing of problem jobs.  The remove field is
       set when a job should be removed; the error field records information that would prevent a
       job from being printed.

JOB SUBMISSION

       The LPR program is used to submit a job to the LPRng system.   The  LPR  program  opens  a
       connection  to  the LPD server and then transfer the job control file and data files.  The
       LPD server checks to see if the remote host and user  has  permissions  to  spool  to  the
       requested  printer,  and  then  checks  to  see if the printer is accepting jobs.  If both
       conditions are met, the job is accepted and the control and data files are placed  in  the
       spool  directory.   The  LPRng software sends the control file first, followed by the data
       files.

       If the LPR program is acting as a filter, it is not necessary  to  temporarily  store  the
       print job on the local machine.  The input data can be sent directly to the LPD server for
       spooling using an implicit job size  of  0  and  sending  data  until  the  connection  is
       terminated  to  the  server.   However,  some  LPD servers do not accept 0 size jobs, even
       though it is specified by the RFC1179, so by default LPR will  create  a  temporary  file.
       The LPR -k (seKure) option specifies this direct transmission mode be used.

JOB TRANSMISSION

       When LPR is to send a job to the server, it must determine the location of the server.  It
       does this by examining the values of the specified printer and host.

       If the printer and host are explicitly specified in the form pr@host then the LPR  program
       will send the job to the specified spool queue pr and to the server running on host.  This
       can be explicitly specified by the PRINTER environment variable or by the LPR -P option.

       If the printer is specified only by a name, then the information in the printcap  database
       is  used.   The  printcap  entry  for  the printer is searched for and the remote host and
       printer information extracted.  The job is sent to the server  running  on  the  specified
       host.

       This action can be modified by the following printcap or configuration tags.

       1. default_host=host
            (Configuration) If there is no printcap entry for the printer, the job is sent to the
            LPD server running on host.

       2. force_localhost
            (Configuration or printcap) If this flag is specified,  then  LPR  and  other  client
            programs  will  send  the job to the server running on the localhost.  This overrides
            the default_host information.

FORWARDING OPERATIONS

       The LPD system can forward jobs from one spool directory to another.  This  is  controlled
       by the following options.

       1.   The forward field in the spool control file has a value rp@rm.  This can be set using
            the LPC forward command.

       2.   The lp (line printer) printcap entry has the form  rp@rm.   There  is  a  rm  (remote
            machine) and optional rp (remote printer) printcap entry.

       The  first  of the above conditions to be met will determine the destination.  If printing
       is enabled, then jobs will be forwarded to the remote destination.  Example:
       # using lp=rp@host
       test:sd=/usr/spool/test
         :lp=test@host
       test:sd=/usr/spool/test
         :lp=test@host%port
       # using :rp:rm:
       test:sd=/usr/spool/test
         :rp=test:rm=host

       3.   The LPD server uses the same algorithm for  sending  jobs  as  the  LPR  program.   A
            connection  is  made  to the remote server and the files are copied to the server.  A
            set of timeouts is used to control error recover and retry operations.  The  printcap
            and  configuration  variables  connect_timeout,  connect_interval, connect_grace, and
            send_try control connecting to the remote host.  A connection  is  attempted  to  the
            remote   server  from  a  random  port  in  the  range  of  ports  specified  by  the
            originate_port variable.  If a connection is  not  completed  within  connect_timeout
            seconds, the connection is aborted, and then after the connect_interval seconds it is
            retried.  The procedure repeated indefinitely for printing, but only once for  status
            or control operations.  A connect_timeout value of 0 indicates no timeout; a value of
            0 specifies  infinite  timeout  After  a  job  has  been  successfully  printed,  the
            connection  is closed and the server waits for connect_grace seconds before trying to
            reconnect.

BOUNCE QUEUES

       Normally job files are forwarded to a printer without modification.  The  lpd_bounce  flag
       makes the queue a bounce queue and allows banners to be generated and data files to passed
       through the appropriate format filter.  The entire output of this process is  then  passed
       to  the  destination  with  the  format  specified  by  the bq_format option (default l or
       binary).  See PRINTING OPERATIONS for details about filters.  For example,  the  following
       printcap entry will filter format f files.
       testbq:sd=/usr/spool/testbq:
         :lpd_bounce
         :bq_format=l
         :lp=final@host
         :if=/usr/lib/filter_for_f
         :mf=/usr/lib/filter_for_m
         :pf=/usr/lib/filter_for_pr

CHANGING FORMAT OF DATAFILES

       Sometimes  only  the  indicated format of the data files needs to be changed.  This can be
       done using the translate_format option.  This  entry  consists  of  pairs  of  lower  case
       characters of the form SdSd...; S is the original and d is the translated format.
       changeformat:
         :sd=/usr/spool/changeformat:
         :translate_format=mfpf
         :lp=final@host

       In  the  example above, the m format is processed by a filter, and then its format type is
       changed to f; the p format is processed similarly.  Note that the lpr -p option  specifies
       that  the  job  will  be processed by the /bin/pr command - the filter must do both the pr
       processing and any necessary format conversions.

LPR FILTER PROCESSING

       The :lpr_bounce: printcap flag will cause LPR to do bounce queue filtering before  sending
       the  job  to  the  remote  queue.  This can have unexpected effects if the filters are not
       available on the local host.

       A typical entry which will cause LPR to do filtering is shown below.
       testbq:lpr_bounce
         :lp=printer@host
         :if=/usr/lib/filter_for_f
         :vf=/usr/lib/filter_for_v
         :mf=/usr/lib/filter_for_m
         :translate_format=mfvf

       This entry will force LPR to run jobs with formats f, m, and v
       through the appropriate filter.
       It will also rename the formats to the f format.

ROUTING JOBS TO PRINTERS

       When a job is submitted for printing, sometimes it is desirable  to  have  it  dynamically
       rerouted to another spool queue, or multiple copies send to various destination.  This can
       be done by using a routing_filter.

       When a job is accepted by the LPD server, part of the processing includes passing it to  a
       program  specified by the printcap router entry.  This filter is invoked with the original
       control file as STDIN, and the default set of filter options.  The output of  the  routing
       filter  will be a set of directives used by LPD when forwarding the job to another printer
       or in processing the job.  The environment and options flags are set  as  for  a  standard
       filter.  (See "FILTERS" for details.)  Here is a sample printcap entry:
       t2|Test Printer 2
           :sd=/var/spool/LPD/t2
           :lf=log
           :lp=t2@printserver
           :bq=t1@localhost
           :destinations=t1@localhost,t2@localhost
           :router=/usr/local/libexec/filters/router

       The routing filter exit status is used as follows:
                           0  (JSUCC) - normal processing
                           37 (JHOLD) - job is held
                           any other value - job is deleted from queue

       The  router  filter  returns  one or more routing entries with the following format.  Note
       that entry order is not important, but each entry will  end  with  the  'end'  tag.   dest
       <destination queue> copies <number of copies to be made> X<controlfile modifications> end

       Example of router output:
       dest t1@localhost
       copies 2
       CA
       end
       dest t2@localhost
       CZ
       end

       The above routing information will have copies of the job sent to
       the t1 and t2 spool queue servers.  If no valid routing information
       is returned by the router filter the job will be sent to the default
       bounce queue destination.

REFORMATING CONTROL FILES

       Sometimes  it  is  desirable  to  reformat  a  control  file  before  sending  to a remote
       destination.  If the control_filter printcap entry is present, then the  control  file  is
       passed through the filter.  If the filter exits with status JSUCC, then the job is process
       normally; status JABORT causes the job processing to be aborted, status JREMOVE causes the
       job processing to be removed, and any other status is treated as JFAIL.

       After  passing the control file through the control_filter, the LPD server will reread it,
       and transfer only the data files specified in the new control file to the destination.

SPOOL QUEUE NAME OPTION

       The qq printcap entry and the use_queuename configuration entry causes  the  name  of  the
       spool queue to be placed in the job control file.  This value can be used by the filter to
       determine how to process a job.  When combined with the use of the Bounce Queue, this  can
       be used to reformat jobs before sending to another printer spooler system.

PRINTING OPERATIONS

       When  printing  is enabled, the LPD server will create a spool server process to carry out
       printing operations.  For each job in the queue, the spool server process  will  create  a
       subserver  process  to carry out the actual printing operations.  If the subserver process
       fails, the server process will initiate recovery operations.  Job will be attempted to  be
       printed  until  all  are  done or a subserver returns an ABORT indication; the server will
       then terminate operations.

       The server process normally scans the queue once, at initiation; if the spool control file
       is  modified, usually by using the lpc command, the spool queue is rescanned.  The overall
       algorithm for job printing is:
       open the print device;
       send some initialization strings;
       send a banner to the device;
       send the job data files to the device;
       send some termination strings;
       close the print device;

       In order to handle the various device requirements, the subserver  process  in  turn  uses
       'filter' programs specified in the printcap entry to carry out the individual steps.

       OF Filter
            The  'of'  filter  is  used  for  initialization, banner printing and the termination
            strings.  It has the peculiar property of  suspending  itself  when  sent  a  special
            escape string, allowing other filters to be used to print the individual job files.

       Data Filters
            Each  data  file  in  a  job  has  format  specified by a lower case character and an
            associated filter specified in the printcap file.  For example,  the  'g'  format  is
            printed  by the 'gf' filter, and so forth.  By convention, the 'if' filter is used to
            print 'f' (ordinary text) and 'l' (binary) format jobs.

       lp-pipe Filters
            If the printcap device specification has the form |program then the output device  is
            accessed  by  the  specified  program.   This  allows the program to take care of any
            required initialization or communication requirements.

       The following is a concise summary of the actual algorithm used to print files.  Note that
       LP stands for the printer device or filter specified by the 'lp' printcap entry; OF stands
       for the 'of' printcap filter; IF is the default 'if' filter; BP  is  the  banner  printing
       filter;  and  ?F  stands  for the filter for data file.  The '??' values stand for entries
       from the printcap file.

       LP = open( 'lp' );  // open device, filter, or network connection
       OF = IF = LP;       // set defaults
       set up accounting according to 'af' entry;
       if( 'of' ) OF = filter( 'of' ) -> LP;// make OF filter
       if 'as' then record start of job accounting information.
       if 'achk' then check for accounting limits.
       if( leader on open 'ld' ) `ld` -> OF// send leader
       if( FF on open 'fo' ) `fo` -> OF    // send leader

       // print a banner
       // first check to see if required
       //   and then to see if not suppressed by printcap
       //   or by user
       do_banner =
           (always banner 'ab'
               || (!suppress banner 'sb' && job has banner ));
       if( ! header last 'hl' && do_banner ){
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;
           }
       }

       // now we suspend the OF filter, use other filters
       if( OF != LP ) suspend OF filter;

       for each data file df in job do
           // send FF between files of job
           if( !first job && ! no FF separator 'sf' ){
               if( OF != LP ) wake up OF filter;
               'ff' -> OF;
               if( OF != LP ) suspend OF filter;
           }

           // get filter for job
           format = jobformat;
           if( jobformat == 'f' or jobformat = 'l' ){
               format = 'f';
           }
           filter = check pc for filter for format;
           ?F = LP; // default - no filter
           if( filter ){
               ?F = filter( filter ) -> LP;
           }

           data file -> ?F;
           // note: if :direct_read: flag set, filter input
           // is directly from the file,  otherwise the
           // file contents are written to the filter input.

           if( ?F != LP ) close( ?F )
       endfor

       // finish printing

       if( OF != LP ) wake up OF filter;
       if( header last 'hl' && do_banner ){
           if( ! no FF separator 'sf' ){
               'ff' -> OF;
           }
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;
           }
       }

       if( ff on close 'fq' ){
           'ff' -> OF;
       }

       if( trailer on close 'tr' ){
           tr -> OF;
       }

       if 'ae' then record end of job accounting information.

       if( OF != LP ) close( OF );
       close( LP );

       When printing or transferring a job to a spool queue fails, it is retried  the  number  of
       times  specified  by  the  rt  (or  send_try  ) printcap variable.  A 0 value specifies an
       infinite  number  or  retries.    When   the   retry   count   is   exceeded,   then   the
       send_failure_action printcap variable determines the action to be taken.  The variable can
       be the values succ , fail , abort , remove , ignore , or hold , which will cause  the  job
       to  be treated as normally completed, retried, aborted, removed, or ignored and retried at
       a later time respectively.  These names correspond to the JSUCC , JFAIL , etc. error codes
       returned  by  filters.  If the variable has the form |/filter , then the filter is run and
       passed the number of attempts on the standard input.  The filter must exits with a  JSUCC,
       JFAIL, etc., error code and the server will take the appropriate action as listed above.

       The print filters normally have their input provided by a process via a pipe.  However, if
       the direct_read printcap flag is set, then the filter input is taken directly from the job
       file.   This is compatible with the vintage BSD method, but loses the ability to track the
       job progress.

       After the job print or transfer attempt, if the job is to  be  removed  and  the  printcap
       variable  save_on_error is true, the job will not be removed from the spool queue but only
       flagged with an error.  The job can then be retried at  a  later  time.   If  the  job  is
       successfully printed it is usually removed from the spool queue.  However, if the printcap
       variable save_when_done is true the job will merely be marked as completed and not removed
       from the queue.

FILTERS

       As  described  in the previous section, filters are created to handle output to devices or
       other filters.  The command line to invoke a filter is generated in the following manner.

       1.   The printcap entry or configuration value defining the filter command is obtained.

       2.   The file to be printed or the banner line/file generated by the banner  printer  will
            be  written  to  STDIN   (file  descriptor  0)  of the filter.  The output device (or
            /dev/null if this is not a printing filter) will be be STDOUT   (file  descriptor  1)
            and  STDERR (file descriptor 2) will be connected to the error logging file.  If this
            is a printing filter, the error log will be determined by the :af: printcap field and
            FD  3  will  be  opened  and set to the either the file, remote host, or input of the
            filter program.

       3.   Filter specifications starting with ROOT will be run as root (EUID = 0).  This can be
            a  serious  security  loophole  and should only be used as a last resort for specific
            problems.

       4.   The options for the filter command line  will  be  replaced  by  appropriate  values.
            Option specifications have the form $[0| ][-]X.  The default option expansion has the
            form $X -> -X'value'; the form $0X or $(space)X adds a space after the -X, i.e.-  $0X
            -> -X 'value'; the form $-X suppresses the -X, i.e. - $-X -> value.  The options will
            be expanded as follows:

            Key  Value
            a    Accounting file (printcap 'af' entry)
            b    Job size, i.e.- total data file size, in bytes
            c    if binary (format 'l') expands to -c
            d    Control directory
            e    job data file
            f    original print file name (control file N field)
            h    Control file hostname
            i    Control file indent (I) field
            j    job number from control file name
            k    Control file name
            l    printcap Page length (pl) value
            m    printcap Cost factor (co) value
            n    Control file user logname (P) field
            p    Remote Printer name for forwarded jobs
            r    Remote Host name for forwarded jobs
            s    printer Status file (ps) value
            t    current time in simple format
            w    printcap Page width (pw) value
            x    printcap x dimension (px) value
            y    printcap y dimension (py) value
            F    data file format character
            P    Printer name
            S    printcap Comment tag (cm) value
            Upper Case   control file line starting with letter
            Digit control file line starting with digit

       5.   The  options  specified  by   the   filter_options   (for   none   OF   filters)   or
            of_filter_options  (for  the  OF  filter)  will  be  appended to the command line and
            expanded.  To suppress adding options, you can use  the  form  '-$  filter',  i.e.  -
            of=-$/bin/cat.   If  the 'bkf' (backwards compatible filter options) printcap flag is
            set, the of filter is given the options specified by bk_of_filter_options  and  other
            filters  those  by  bk_filter_options.   The following shows the various combinations
            possible, and typical values for the options.

            Options
            filter_options    $C $F $H $J $L $P $Q $R $Z $a $c $d $e $f $h $i \
                              $j $k $l $n $s $w $x $y $-a
            bk_filter_options $P $w $l $x $y $F $c $L $i $J $C $0n $0h $-a
            bk_of_filter_options $w $l $x $y

       6.   A printing filter which executes correctly and completely should
            exit with a 0 error status.
            A nonzero error status will be interpreted as follows:
            JFAIL    32   failed - retry later
            JABORT   33   aborted - do not try again, but keep job
            JREMOVE  34   failed - remove job

       The JFAIL will cause the job to be retried at a later time.  A limit can be placed on  the
       number  of  retries  using the :rt: or :send_try: printcap entry.  A retry value of 0 will
       cause infinite retries.  The JABORT indicates serious problems  and  will  cause  printing
       operations  on  the  job  to  stop  until restarted by operator intervention.  The JREMOVE
       status indicates problems, and the job should be removed from the spool queue.

       The environment variables for filters are highly restricted, due to  the  possibility  for
       abuse by users.  The following variables are set:

       USER and LOGNAME
            user name or daemon name.

       LOGDIR
            home directory of user or daemon.

       PATH from the filter_path configuration variable.

       LD_LIBRARY_PATH
            from the filter_ld_path configuration variable.

       SHELL
            set to /bin/sh

       IFS  set to blank and tab.

       TZ   the TZ environment variable.

       SPOOL_DIR
            the spool directory for the printer

       CONTROL_DIR
            the control directory for the printer

       PRINTCAP_ENTRY
            the printcap entry for the printer

       CONTROL
            the control file for the print job

       pass_env environment variables
            Values of environment variables listed in the pass_env configuration variable.

ACCOUNTING

       The  LPRng  software  provides  several methods of performing accounting.  The printcap af
       (accounting field), as and ae (accounting start and  end),  and  achk  (accounting  check)
       provide  a basic set of facilities.  The af field specifies a file, filter, or TCP network
       connection to an accounting server.  If af has the form  |filter  or  |-$  filter  then  a
       filter  will  be  started  and all accounting information will be sent to the filter.  The
       first form passes the filter the command line  options  specified  by  the  filter_options
       configuration  variable  and  the  second  suppresses  option passing.  If af has the form
       host%port then a TCP connection will be opened to the  port  on  the  specified  host  and
       accounting information sent there.  All other forms will be treated as a pathname relative
       to the queue spool directory.

       If af specifies a file, then the accounting information is appended to an  existing  file;
       the accounting file will not be created.

       When  af  specifies  a  filter  or network connection and the achk flag is set, then after
       writing the initial accounting information (see as printcap field below) the  server  will
       wait  for  a reply of the form ACCEPT from the filter or server.  If not received, the job
       will not be printed.

       The as (accounting start) and ae (accounting end)  fields  can  specify  a  string  to  be
       printed  or  a  filter.   Options  in  the string will be expanded as for filters, and the
       strings printed to either  the  accounting  information  destination.   If  the  as  field
       specifies a filter, then the print server will wait for the filter to exit before printing
       the job.  If the exit status is 0 (successful), the  job  will  be  printed.   A  non-zero
       JREMOVE  status  will remove the job, while any other status will terminate queue printing
       operations.  After printing the job, the ae filter will be started  and  the  server  will
       wait for it to complete before printing the next job.

       The  as  and ae filters will have STDOUT set to the printing device and or filter, and the
       STDERR set to the error log file for the print queue, and file descriptor  3  set  to  the
       destination specified by the af field.

       As  a  convenience, all format filters for printing will be started with file descriptor 3
       set to the destination (file or filter) specified by the printcap af field.   This  allows
       special filters which can query devices for page counts to pass their information directly
       to an accounting program.  The descriptor will READ/WRITE, allowing filters to  query  the
       accounting program and/or update the information directly.

LOGGING INFORMATION

       In  order  to  provide  a  centralized  method  to  track  job status and information, the
       printcap/configuration variable logger_destination enable the send  of  status  and  other
       information to a remote destination.  The logger_destination value has the form
              host[%port][,protocol]
          Examples:
              taco%451,UDP
              dickory%2001,TCP
       where  host  is the host name or IP address, port is an optional port number, and protocol
       is  an  optional  protocol  type  such  as  UDP  or  TCP.   The  configuration   variables
       default_logger_port  and  default_logger_protocol can be used to override the default port
       number (2001) and protocol (UDP) to be used if none is specified.  Logging information has
       the format below.
              IDENTIFIER jobid [PRINTER name] at timestamp \
                 STATUS | TRACE | FILTER_STATUS PID nnn
              [ status information]

       The  status  information format consists of an identifier line, followed by a specifier of
       the status type.  The logging information entry is terminated by  a  line  with  a  single
       period on it.  Lines with a starting period have the period duplicated.

AUTHENTICATION

       Rather  than  building authentication facilties into LPRng, an interface to authentication
       programs is defined, and will be used as follows.  The printcap and configuration  entries
       auth,     auth_client_filter,    auth_forward,    auth_forward_id,    auth_forward_filter,
       auth_receive_filter, and auth_server_id entries control authentication.   The  auth  value
       specifies  the  type  of  authentication  to  be used for client to server authentication.
       Typical values would be kerberos, md5, etc.  If the authentication type is  not  built-in,
       the  client programs use the auth_client_filter program to perform authentication.  When a
       server gets and an authentication request, it will use the auth_receive_filter program  to
       perform  authentication.  The auth_server_id is the remote server id used when a client is
       sending jobs to the server or when the server is originating a  request.   When  a  server
       forwards  a  request,  it  uses auth_forward value to determine if authentication is to be
       done, and the auth_forward_id as the destination server id.

Client To Server Authentication

       1.  The client will open a connection to the server and sends a command with the following
           format.   The REQ_SECURE field in the command corresponds to the one-byte command type
           used by the LPR protocol.
              Commands:
                  \REQ_SECUREprinter C user\n
              Print job transfers:
                  \REQ_SECUREprinter C user controfilename\n

       2.  On reception of this command,  the server will send a one byte success code as  below.
           An  error  code  may  be followed by additional error information.  The values used by
           LPRng include:
              ACK_SUCCESS     0   success, no error
              ACK_STOP_Q      1   failed; no spooling to the remote queue
              ACK_RETRY       2   failed; retry later
              ACK_FAIL        3   failed; job rejected, no retry

       3.  If there is an error the connection will be terminated.  The server will then start an
           authentication  process,  and provide the following open file descriptors for it.  The
           authenticator process will run as the UID of the server (i.e.- usually daemon).
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for information for server
              2     W       error log
              3     R       pipe or file descriptor
                            for responses to client

           The command line arguments will have the form:
              program -S -Pprinter -nuser -Rserver_user -Ttempfile

           The printer and user information will be obtained from the command line  sent  to  the
           server.   The  authenticator can create additional temporary or working files with the
           pathnames tempfile.ext;  these should be deleted after the authentication process  has
           been completed.

       4.  After receiving \ACK_SUCCESS, the client starts an authenticator process, and provides
           the following open file descriptors for it.  The authenticator process  will  run  UID
           user.
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for responses to client
              2     W       error log

           The command line arguments will have the form:
              program -C -Pprinter -nuser -Rserver_user -Ttempfile

       5.  The  authenticator can create additional temporary or working files with the pathnames
           tempfile.ext;  these will  be  deleted  after  the  authentication  process  has  been
           completed.  The client authenticator will be running as the client user.

       6.  After  exchanging  authentication  information, the client authenticator will transfer
           the contents of the temporary file to the server authenticator, using FD 0.   It  will
           then wait for reply status on FD 0.   If the transfer step fails, or there is no reply
           status of the correct format,   the  client  authenticator  will  print  any  received
           information on FD 1, error information on FD 2, and then exit with error code JFAIL.

       7.  After receiving the files on FD 0,  the server authenticator will perform the required
           authentication procedures and leave the results in tempfile.  The server authenticator
           will write the following to FD 1,  for use by the server:
              authentication_info\n

           If  the  transfer  step  or authentication fails,  then the server will write an error
           message to  FD  2  and  exit  with  error  code  JFAIL.   The  server  will  use  this
           authentication  information  to  determine if the remote user has permission to access
           the system.

       8.  The server authentication process will read input from FD 3 until and end of file, and
           then  proceed to transfer the input to the client authenticator.  If the data transfer
           fails,  then the process will exit with error code JFAIL, otherwise it will exit  with
           error code JSUCC.

       9.  The  client  authenticator  will  read  the  status  information from FD 0,  and after
           performing authentication will write it to FD 1.  If data transfer  or  authentication
           fails,  the authenticator will write an error message to FD 2 and exit with error code
           JFAIL, otherwise it will exit with error code JSUCC.

Server to Server Authentication

       The Server to Server authentication procedure is used by one server  to  forward  jobs  or
       commands  to  another  server.   It should be noted that this forwarding operation puts an
       implicit trust in the  security  of  the  client  to  server  to  server  chain.   In  the
       description  below,  src  and  dst  are  the  userid of the source and destination servers
       respectively.

       1.  The originating host takes the part of the client, and will transfer a job acting like
           the  client.   The initial information transfer from the originating (src) server will
           have the format:
              Commands:
                  \REQ_SECUREprinter F user\n
              Print job transfers:
                  \REQ_SECUREprinter F user controfilename\n

           After receiving a 0 acknowledgment byte, the src server will invoke its  authenticator
           with  the  arguments  below.   The  forward_user value will default to the server_user
           value if not explicitly provided.
              program -C -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

       2.  On the destination server the authenticator is invoked with the arguments:
              program -S -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

           The authentication is performed to determine that the transfer  was  between  the  two
           servers,  rather than the user to server.

KERBEROS AUTHENTICATION

       As  a  convenience,  Kerberos  5  authentication  has  been built into the LPD clients and
       servers.   If  you  are  not  familiar  with  Kerberos,  then  you  should  obtain   other
       documentation   and/or   assistance   before   attempting  to  use  this.   The  following
       facilities/configuration values are used to support Kerberos.

       A Kerberos principal is the name  used  for  authentication  purposes  by  Kerberos.   For
       example,  user  principals  have  the  form  user@REALM; for example, papowell@ASTART.COM.
       Services and/or servers have the form service/host@REALM; for example, the lpd  server  on
       dickory would have the form:
            lpr/astart2.astart.com@ASTART.COM

       User  to  server authentication process will use the user's principal name, and generate a
       service name for  the  server.   The  name  generation  is  controlled  by  the  following
       configuration and/or printcap values.

       service
              The name of the service to be used to identify the service.  This is usually "lpr".

       kerberos_keytab
              The  location  of  the server keytab file.  The keytab file corresponds to the user
              password, and must be considered a security risk.  It should be owned  by  the  LPD
              server user, and readable/writable only by the server.

       kerberos_life
              The  lifetime  of  the  authentication  ticket  used  by  the server.  This usually
              defaults to 10 hours.

       kerberos_renew
              The renewal time of the ticket.

       In addition to the default values, an explicit server principal can be  specified  in  the
       printcap  file using the kerberos_server_principal This allows cross domain authentication
       to be done.

       When setting up Kerberos authentication, you will need to establish  principals  for  each
       server, and to distribute and install the keytab files on each server.

AUTHENTICATION PERMISSIONS

       The following permissions tags are available to check on authentication procedures.
              AUTH=[NONE,USER,FWD]    - authentication
                  AUTH=NONE   - no authentication
                  AUTH=USER   - authentication from a client
                  AUTH=FWD    - forwarded authentication from a lpd server
              AUTHTYPE=globmatch
              AUTHUSER=globmatch
              FWDUSER=globmatch

       1.  The  AUTH  tag  can  be  used to determine the type of authentication being done.  The
           AUTHTYPE tag can be used to match the authentication type being used or  requested  by
           the  client  or  remote  server.  The authentication process returns an authentication
           identifier for the user; this information can be matched by the AUTHUSER tag.

       2.  For a command sent from a client or forwarded from  a  server,  AUTHUSER  matches  the
           auth_user_id  provided  for the user when sent to a server.  (This information will be
           forwarded by a remote server).   For  a  forwarded  command,  FWDUSER  refers  to  the
           authentication information for the server doing the forwarding.

       3.  For  example,  to reject non-authenticated operations, the following line could be put
           in the permissions file.
              REJECT AUTH=NONE

       4.  To reject server forwarded authentication as well, we use REJECT AUTH=NONE,FWD.  If  a
           remote  server  with  name  serverhost  has  id  information  FFEDBEEFDEAF,   then the
           following will accept only forwarded jobs from this server.
              ACCEPT FWDUSER=FFEDBEEFDEAF REMOTEHOST=serverhost
              REJECT AUTH=FWD

ENVIRONMENT

       The lpd action can also be manipulated by using environment variables.

       LPR_TMP

   Authentication
       MD5KEYFILE
              Used for md5 signated file transmission

FILES

       The files used by LPRng are  set  by  values  in  the  printer  configuration  file.   The
       following are a commonly used set of default values.
       /etc/lprng/lpd.conf                          LPRng configuration file
       ${HOME}/.printcap                            user printer description file
       /etc/printcap                                printer description file
       /etc/lprng/lpd.perms                         permissions
       /var/run/lprng/lpd                           lock file for queue control
       /var/spool/lpd                               spool directories
       /var/spool/lpd/QUEUE/control                 queue control
       /var/spool/lpd/QUEUE/log                     trace or debug log file
       /var/spool/lpd/QUEUE/acct                    accounting file
       /var/spool/lpd/QUEUE/status                  status file

SEE ALSO

       lpd.conf(5),  lpc(8),  checkpc(8),  lpr(1),  lpq(1),  lprm(1),  printcap(5), lpd.perms(5),
       pr(1).

AUTHOR

       Patrick Powell <papowell@lprng.com>.

DIAGNOSTICS

       Most of the diagnostics are self explanatory.  If you are puzzled over the exact cause  of
       failure,  set  the debugging level on (-D5) and run again.  The debugging information will
       help you to pinpoint the exact cause of failure.

HISTORY

       LPRng is a enhanced printer spooler system with functionality similar to the Berkeley  LPR
       software.    The   LPRng  developer  mailing  list  is  lprng-devel@lists.sourceforge.net;
       subscribe by visiting https://lists.sourceforge.net/lists/listinfo/lprng-devel or  sending
       mail to lprng-request@lists.sourceforge.net with the word subscribe in the body.
       The software is available via http://lprng.sourceforge.net