Some student labs are set up so everyone logs in using a generic username and password. For example, username: student, password: student. This is common in Apple Mac labs, where enabling multi-user authentication is complex and can often prevent selected applications from running correctly.

The Line Printer Daemon print protocol, often used in UNIX environments, is a non-authenticated system. The username associated with the print jobs is passed through to the print queue, however the name is not verified and can easily be forged. An extra level of authentication is required.

CUPS, the modern print system often used on Linux, Apple Mac and some Unix systems, is often implemented in a non-authenticated fashion. Although CUPS can support authentication, technical considerations such as the inability to interface with Active Directory domain authentication often prevent its use.

Mac OS X server use the CUPS print system. Current Apple implementations prevent administrators from enabling CUPS authentication. This is not usually a problem in an environment where logins can be controlled at individual workstation level. It does however pose a problem if users have local admin access - for example, individual owned laptops. PaperCut NG popup authentication provides a way to work around the non-authentication issue.

More information, including a discussion of platform specific issues is available in Chapter 29, Print Authentication.

Popup authentication is often required on Mac networks supporting a mix of lab systems authenticated via a directory service and unauthenticated laptop systems. Advanced administrators may wish to review the section called “Eliminating PopUp Authentication via Mac Login Hook” to streamline login on the secured lab systems.

PaperCut comes with an iPad / iOS app that provides popup authentication and other functionality. For more information see Chapter 24, PaperCut & iPad / iPhone Printing (iOS).

In 2012 one major university user of PaperCut NG in the USA were using Popup Authentication to support authentication on print jobs issued via the LPR protocol (for Unix desktop systems). This setup had been in place successfully for 5 years with no reported problems. The site's networking team (independent of the server team responsible for PaperCut NG's management) decided to make a few network infrastructure changes and enabled NAT for some subnets. Thhis caused a subtle set of authentication issues that took a number of days to detect and diagnose. During this time some jobs were incorrectly attributed.

The following notes explain how to enable popup authentication when a user logs in under a generic user account - for example, student.

The following notes explain how to enable popup authentication when a user attempts to print to a non-authenticated printer such as one hosted via an LPR/LPD queue or a CUPS print queue:

When running in popup authentication mode, the client makes available a number of additional options including:

The Logout option is available on Windows via either the right-click option on the task try icon, or when running on Mac or Linux, via a right-click popup menu (Option Click) access via the icon on the balance window.

The Login as... option is made available if the client starts as an unauthenticated user. This option allows users to authenticate or quickly switch user identity.

The login box displayed to the user offers the choice of how long their authentication details should remain active. An administrator can control the options presented to the user by modifying the following system configuration keys. These configuration keys are edited under Options → Actions → Config editor (Advanced)

Please see the section called “Using the Config Editor” to find out how to change config keys.