test

Trusted Solaris Administrator's Procedures

Managing Printing (Tasks)

To Set Up Printing to a Non-Trusted Solaris Server

Users send print jobs to the single-label printer at the same label assigned to the print server.

  1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

  2. Open the Solaris Management Console in the desired scope.

  3. Click Trusted Solaris Management Console, then Computers and Networks. Provide a password when prompted.

  4. Assign a template to the print server with the desired label.

    The template is assigned to the IP address of the unlabeled print server.

    See Chapter 8, Specifying Routing and Security for Remote Computers for how the Security Administrator assigns a single label to an unlabeled computer.

To Launch the Printer Administrator Action

  1. Assume the System Administrator role and go to an ADMIN_LOW workspace.

  2. In the System_Admin folder in the Application Manager, double-click the Printer Administrator action.

  3. Choose files to update local files or choose either NIS, NIS+(xfn) or NIS+ for a naming service.

To Configure an Attached Printer

  1. Connect the printer to a serial or parallel port on a print server using the appropriate cable, as described in the printer's installation guide.

  2. Assume the System Administrator role on the print server, and go to an ADMIN_LOW workspace.

  3. If the printer is connected to a serial port, make sure the correct baud rate is set, using the Serial Port tool from the Solaris Management Console Devices and Hardware manager.

    See the printer documentation for the correct baud rate. See also "Adjusting Printer Port Characteristics" in System Administration Guide, Volume 2.

  4. Bring up the Printer Administrator tool as described in "To Launch the Printer Administrator Action".

  5. Choose New Attached Printer from the Printer menu.

    If needed, follow the procedure "How to Add a New Attached Printer With Solaris Print Manager" in the "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.

    Caution - Caution -

    Do not change the Printer Type and File Contents settings from the default value of PostScript. If you do, printing will not work.

    If the default printer label range of ADMIN_LOW to ADMIN_HIGH is acceptable, you are done.

  6. To restrict the label range for the printer, go to "To Configure a Restricted Label Range for a Printer".

To Configure a Network Printer for Labeled Output

A network printer must be managed by a Trusted Solaris print server in order to print labeled output. A network printer prints only at a single-label assigned to it in a Security Families template.

  1. Pick a printer name to be used as its host name, and assign the printer an IP address.

  2. Set up the printer as described in the printer's documentation.

  3. Assume the System Administrator role on the Trusted Solaris print server, and go to an ADMIN_LOW workspace.

  4. Add an entry for the printer using the Computers tool in the Solaris Management Console.

    The scope of the toolbox that you load determines whether the entry is made in the local hosts file, NIS map or NIS+ table.

    1. Double-click Trusted Solaris Configuration->Computers and Networks->Computers.

    2. Select Action->Add Computer.

    3. On the Add Computer dialog, type the printer name in the Name field, type the printer's IP address in the IP Address field, and click OK.

  5. Create a new unlabeled tamplate assigning it the ADMIN_HIGH label.

    1. Double-click Trusted Solaris Configuration->Computers and Networks->Security Families.

    2. In the Action menu, select Add->Template.

    3. On the New Template dialog->Basic Information tab

      1. Assign a Name.

      2. Select Unlabeled from the Host Type menu and specify the Minimum Label and the Maximum Label as ADMIN_HIGH.

      3. Assign a Label and a Clearance of ADMIN_HIGH, and click OK in the New Template dialog box.

  6. Assign the new template to the host name or IP address of the printer by double-clicking the icon for the new template.

  7. In the Action menu, select Add->Host.

  8. In the New Remote Host Entry dialog, enter the Host Name and IP address, then click OK.

  9. Configure the printer on the Trusted Solaris computer using the LP administration commands.

    Complete the setup of the Network printer on the Trusted Solaris computer by following the procedure "How To Add A Network Printer Using LP Commands" in the "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.

To Configure a Restricted Label Range for a Printer

Do this procedure only if you need to restrict the label range for a printer that is controlled by a Trusted Solaris print server. The default printer label range is ADMIN_LOW to ADMIN_HIGH.

  1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

    See "To Log In and Assume a Role", if needed.

  2. Bring up the Device Allocation Manager.

    Either select the Allocate Device option from the Trusted Path menu or launch the Device Allocation Manager action from the Tools subpanel on the Front Panel.

  3. Click the Device Administration button to display the Device Allocation: Administration dialog box.

  4. Select the name of the new printer.

  5. Click the Configure button to display the Device Allocation: Configuration dialog box, as shown in the following figure.

    Graphic

  6. Change the label range as desired by clicking the Min Label and Max Label buttons and using the label builders that display to select the desired label.

  7. Click the OK button on the Configuration dialog box to save the label changes, click the OK button on the Administration dialog box to close it, and then close the Device Allocation Manager.

To Add Access to a Remote Printer

Note -

If either NIS+ or NIS was specified as the naming service when the print server is configured, this procedure is not needed on any NIS+ or NIS clients in the domain.

  1. On the local computer, access the Printer Administrator.

    See "To Launch the Printer Administrator Action", if needed.

  2. See How to Add Printer Access With Solaris Print Manager in "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.

To Enable Some Users to Print Without Banners and Trailer Pages

Caution - Caution -

If the Always Print Banner check box on the Printer Administrator dialog is checked, banner and trailer pages always print, even if the user has the solaris.print.nobanner authorization and uses the -o nobanner option to lp.

  1. Bring up the Printer Administrator on the print server.

    See "To Launch the Printer Administrator Action", if needed.

  2. Make sure that the Always Print Banner check box is not checked.

    Graphic

  3. Exit the Printer Administrator.

  4. Make sure that the solaris.print.nobanner authorization is in one of the profiles assigned to each user or role that is allowed to print without banner and trailer pages.

    See "To Assign Printing-Related Authorization(s) to an Account", if needed.

  5. Instruct the user or role to submit jobs using the lp command with the option -o nobanner.


    trustworthy% lp -o nobanner staff.mtg.notes

To Assign Printing-Related Authorization(s) to an Account

  1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

  2. Bring up the User Accounts tool.

  3. Make sure that the desired print-related authorization is contained in one of the user's rights profiles.

To Suppress the Printing of Page Labels on All Print Jobs

  1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

  2. Use the Admin Editor action to edit the /usr/lib/lp/postscript/tsol_separator.ps file.

    See "To Edit a Local File", if needed.

  3. Find the following lines:


    %% To eliminate page labels completely, change this line to
%% set the page label to an empty string: /PageLabel () def
/PageLabel Job_SL_Internal def
    Note -

    The value of Job_PageLabel may have been changed at your site.

  4. Replace the value of /PageLabel with an empty parentheses. 


               /PageLabel () def

To Allow Some Users to Print Jobs Without Page Labels

  1. Make sure that the Print Without Label authorization is in one of the profiles assigned to each user or role that is allowed to print jobs without labels at the top and bottom of each page.

    See "To Assign Printing-Related Authorization(s) to an Account", if needed.

  2. Make sure that the user or role submits jobs using lp with the option -o nolabels.


    trustworthy% lp -o nolabels staff.mtg.notes

    Doing this procedure enables an authorized user or role to print jobs without labels when working at any label.

To Set Up Public Print Jobs from an Unlabeled Print Server

Files that are available to the general public may be printed on an unlabeled printer.

  1. In the tnrhdb/tnrhtp entries that define an unlabeled print server, assign to the print server the appropriate label.

    For example, a site may label files that are available to the general public as PUBLIC or UNCLASSIFIED.

  2. Do the following three steps for each user or role allowed to print publicly-readable files without page labels.

    1. Make sure that the public label is in each account's personal label range.

    2. Instruct each user to define the PRINTER variable in the appropriate shell initialization file in the user's publicly-labeled home directory SLD.

      1. Go to the publicly-labeled home directory SLD.

      2. Open the .login or .profile file (as appropriate) for editing.

      3. Define the PRINTER variable to be the name of the printer connected to the unlabeled print server.

        When a printer named nolabels is connected to a single-label print server whose label is PUBLIC, the .login or .profile file in the PUBLIC SLD directory would have the following environment variable defined.


        setenv PRINTER nolabels

      4. Write and quit the file.

    3. Have each affected account log out and log in again to put the changed printer definitions in effect.

    4. Have each affected account create and print jobs that need to be printed without labels from within the publicly-labeled SLD.