LPD(8)                                                                  LPD(8)


       lpd - line printer daemon


       lpd [-Llogfile] [-F] [-V] [-Ddebugopt] [-p port]


       The  lpd  program  is  the printer server program of the LPRng software
       suite.  This software is  an  enhanced  and  modified  version  of  the
       Berkeley LPD software.


       -L logfile
            specifies  an  alternate  file  to  be  used for logging error and
            debugging  messages.   The  syslog(8)  facility  is  used  to  log
            critical messages as well.

       -F   Under  normal  operation,  the  LPD  server will run in background
            mode.  The -F flag forces it to run in forground mode, where it is
            more easily debugged.

       -V   Print program version information.

       -D debugopt
            Debugging is controlled using the -D option. This accepts a comma-
            separated list of debugging settings. These settings take  one  of
            two  forms:  facility=value  ,  or value to set an overall default
            value.  The available facilities can be determined by invoking LPD
            with the -D= parameter.

       -p port
            Bind  to  the  specified  port  rather  than  port 515 specfied by


       Lpd is the line printer daemon (spool queue handler)  and  is  normally
       invoked  at  boot time from the rc(8) file; it can also be started by a
       user.  Note that the lpd server needs only run on systems where  actual
       printing  or  spooling  is  taking  place.   lpr(1)  and  other related
       programs transfer files using network facilities to the lpd .

       When  started,  lpd  reads  a  configuration  file  to   obtain   basic
       operational   parameters   and  then  reads  the  printcap(5)  database
       information to determine the which printers have spool  queues  and  to
       start spool queue server processes.  If running as a background server,
       it will disconnect from its control terminal and run in the background.
       It uses the system calls listen(2) and accept(2) to receive requests to
       print files in the queue, transfer files to the spooling area,  display
       the queue, remove jobs from the queue, or perform a spool queue control
       function.  In each case it creates one  or  more  server  processes  to
       handle the request and the lpd process will listen for more requests.

       Sending  the  server  a  SIGHUP  signal causes the server to reread the
       various configuration  and  inititialization  files.   This  action  is
       similar  to  that  of  the INETD and other servers.  The same action is
       taken when sent  a  reread  command  by  the  lpc(1)  program.   At  an
       interveral  specified by the poll_time configuration variable, lpd will
       check for spool queues with jobs and no printing  activity,  and  start

       LPD access control is done using a rule set and match algorithm similar
       to a packet filter.  Each request  for  printing,  status,  or  control
       operations  is  matched  against  the rule set, and the first ACCEPT or
       REJECT value  determines  if  the  operation  can  be  performed.   The
       following is a typical permissions file:
              # Set default permissions
              DEFAULT ACCEPT
              # Reject any connections from outside our subnet
              REJECT SERVICE=X NOT IP=
              # Only accept Printing (P) and spooling (LPR) from
              # the private network, the  network and fw
              REJECT SERVICE=P,R NOT REMOTEHOST=*.private,,fw.astart.com
              # Do not accept forwarded jobs for printing
              # Allow only the administrators control access
              ACCEPT SERVICE=C,M REMOTEHOST=spooler.astart.com USER=root,papowell
              ACCEPT SERVICE=C,M SERVER REMOTEUSER=root,papowell
              # Allow only the user on the same host who spooled job to remove it
              REJECT SERVICE=M,C

       Permission  checking  is  done  by using a set of keys (or fields) with
       associated values to check for permission.  The SERVICE key has value P
       for  printing (i.e.- unspooling), R for spooling (i.e.- LPR request), C
       and S for printer control and status respectively (i.e.- LPC  request),
       M for removal (i.e.- LPRM request), Q for queue information (i.e.- LPRM
       request), and so forth.  The key indicates the  initial  connection  to
       the  LPD  spooler,  and  can be used to control connections from remote
       systems.  The values of the USER, HOST, and  IP  keys  taken  from  the
       control  file  which is being received or checked for permissions.  The
       REMOTEUSER, REMOTEHOST and REMOTEIP keys are those either sent as  part
       of  a  command,  or  derived from information about the current network
       connection.  Each line of the permissions file is scanned for key names
       and values, and these are matched against the request keys information.
       When all matches on a line are made, then search  terminates  with  the
       specified  action  (ACCEPT/REJECT).   If  no match is found the default
       permission value is used.  The DEFAULT  key  is  used  to  specify  the
       current  default  permission  to  be  used for successful matches or if
       there is no match after scanning the entire permissions database.

       The GROUP entry is used to check that the USER name appears in a  group
       entry    in   the   system   user   group   database.    For   example,
       GROUP=student*,staff* would check to see  if  any  of  the  group  name
       matching student* or staff* have the specified user name in them.  If a
       system has the netgroups capability, a group name  starting  with  a  @
       will  be treated as a netgroup name, and current user name from the job
       file will bechecked to see if it  is  in  the  group.   Similarly,  the
       REMOTEGROUP entry will check a remote user name.  The PORT entry can be
       used to ensure that  a  connection  to  the  server  orignates  from  a
       specified  range  of  ports.  For more details, see the lpd.perm(5) man

       The permissions database is scanned in order of the fixed file  entries
       and  then by invoking the specified filters for each of the permissions
       lists.  It is recommended that the filters be placed at the end of  the
       permissions  lists.   The  user name is one of the parameters passed to
       the filter, and can be used to determine if a user has  permissions  to
       print a file.

       Key          Match Connect Job   Job    LPQ  LPRM  LPC
                                  Spool Print
       SERVICE      S     'X'     'R'   'P'    'Q'  'M'   'C,S'
       USER         S     -       JUSR  JUSR   JUSR JUSR  JUSR
       HOST         S     RH      JH    JH     JH   JH    JH
       GROUP        S     -       JUSR  JUSR   JUSR JUSR  JUSR
       IP           IP    RIP     JIP   JIP    RIP  JIP   JIP
       PORT         N     PORT    PORT  -      PORT PORT  PORT
       REMOTEUSER   S     -       JUSR  JUSR   JUSR CUSR  CUSR
       REMOTEHOST   S     RH      RH    JH     RH   RH    RH
       REMOTEIP     IP    RIP     RIP   JIP    RIP  RIP   RIP
       CONTROLLINE  S     -       CL    CL     CL   CL    CL
       PRINTER      S     -       PR    PR     PR   PR    PR
       FORWARD      V     -       SA    -      -    SA    SA SA
       SAMEHOST     V     -       SA    -      SA   SA    SA
       SAMEUSER     V     -       -     -      SU   SU    SU
       SERVER       V     -       SV    -      SV   SV    SV
       AUTH         V     -       AU    -      AU   AU    AU
       AUTHTYPE     S     -       AU    -      AU   AU    AU
       AUTHUSER     S     -       AU    -      AU   AU    AU
       FWDUSER      S     -       AU    -      AU   AU    AU

          JH = HOST          host in control file
          RH = REMOTEHOST    connecting host name
          JUSR = USER        user in control file
          CUSR = REMOTEUSER  user from control request
          JIP= IP            IP address of host in control file
          RIP= REMOTEIP      IP address of requesting host
          PORT=              connecting host origination port
          CONTROLLINE=       pattern match of control line in control file
          FW= IP of source of request = IP of host in control file
          SA= IP of source of request = IP of host in control file
          SU= user from request = user in control file
          SA= IP of source of request = IP of server host
          SV= matches if remote host is the server
          AU= authentication information
          IFIP= IP address of remote end of connection

       Match: S = string with wild card, IP = IPaddress[/netmask],
          N = low[-high] number range, V = exact value match
       SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
           'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
           'C' - lpc spool control request; 'S' - lpc spool status request
       NOTE: when printing (P action), the remote and job check values
          (i.e. - RUSR, JUSR) are identical.

       The special key letter=patterns searches the control file line starting
       with the (upper case) letter, and is usually  used  with  printing  and
       spooling  checks.   For  example,  C=A*,B*  would  check that the class
       information (i.e.- line in the control file  starting  with  C)  had  a
       value starting with A or B.


       There  is  a  subtle  problem  with  names  and  IP addresses which are
       obtained for 'multi-homed hosts', i.e. - those with  multiple  ethernet
       interfaces,   and  for  IPV6  (IP Version 6),  in which a host can have
       multiple addresses,  and for the normal host  which  can  have  both  a
       short  name and a fully qualified domain name.  In addition, a host can
       have  multiple  IP  addresses,  depending  on  the  complexity  of  its

       The  IFIP  (interface  IP) field can be used to check the IP address of
       the origination  of  the  request,   as  reported  by  the  information
       returned  by  the accept() system call.  Note that this information may
       be IPV4 or IPV6 information,   depending  on  the  origination  of  the
       system.   This  information  is  used  by gethostbyaddr() to obtain the
       orginating host fully qualified  domain  name  (FQDN)  and  set  of  IP
       addresses.   Note that this FQDN will be for the originating interface,
       and may not be the cannonical host name.  Some systems  which  use  the
       Domain  Name  Server (DNS) system may add the cannonical system name as
       an alias.

       When performing an IP address match,  the entire list of  IP  addresses
       for  a  system  will  now  be  checked.   If one of these matches, then
       success is reported.  Similarly,  the entire list  of  host  names  and
       aliases  will  be checked.  If one of these matches,  then success will
       be reported.

       In addition,  when checking for printing, if the name  lookup  for  the
       host  reported in the control file fails,  then we assume that the host
       is unknown and all match checks for names or IP  addresses  will  fail.
       You  can determine if a host has an entry by using the following check,
       which will reject all requests from a remotehost which does not have  a
       DNS entry.


       Individual  printer operations are controlled by values in the printcap
       database.  See printcap(5) for details of the format and content of the
       various entries.  The following are typical printer entries for a local
       and remote printer.

              # main or shared printcap file - usually /etc/printcap
              # remote postscript printer
              # give access to (remote) hosts
                 :cm=Test Printer 1

              # local printcap file
              # specification for local printer on nearside
              # /usr/spool/LPD/t1/printcap file -

       Printcap information can be distributed by individual files  or  shared
       using  NSF, YP, or other methods; see lpd.conf(5) for the exact details
       of  the  location  of  printcap  files  and  programs,  given  by   the
       printcap_path  and  lpd_printcap_path  configuration  information.  The
       usual printcap configuration  is  to  have  a  main  (shared)  printcap
       database  which  is  used  by  all  hosts.  The printcap information is
       usually extremely simple, consisting only of the printer name and  host
       (i.e. - fullpage printer entry).

       On  hosts which have printers attached or which are to provide spooling
       queue directories, more extensive printcap information is  needed.   In
       the  shared  database,  oh  (options  for  specified  host  only) field
       restricts use of this entry to the  specified  host.   This  entry  can
       contain  host  specific  information, such as the location of the spool
       queue and/or actual device to be used for output.

       In the above example, the main printcap  file,  usually  /etc/printcap,
       has  entries  for all printers.  Note that these entries do not specify
       the spool directories (sd and cd fields), but this could  be  provided.
       On  a  host  with  a  printer  specific  information can be provided in
       serveral ways.  The simplest is to simply put an  additional  entry  in
       the  shared  printcap  file,  with the oh field set to the support host
       name.  An alternative would be to specify the spool directories (sd and
       cd  fields)  in the shared information, and to put the printer specific
       information in a printcap file.

       In addition to the oh flag, the server flag indicates that  this  entry
       is  for  a  the  LPD  server  only.   This  can be used to simplify the
       management of client and server entries.

       The printcap information is obtained in the following  order.   If  the
       lpd_printcap_path  configuration  value is nonblank then the lpd server
       will proccess only this information otherwise it uses the printcap_path
       information.  All client programs use the contents of the configuration
       printcap_path variable to get a list of locations  of  printcap  files.
       Each of these entries in the path lists are processed, and the printcap
       information is extracted.  Entries which have oh fields are  only  used
       by  the  specified  host.   The  files  and information is processed in
       linear order, later entries overriding preceeding ones.

       When processing jobs or performing spool queue specific  requests,  the
       LPD server will check to see if there is a printcap file in the control
       directory for the spool queue  and  the  contents  will  be  processed.
       Since  only  the LPD server has access to the spool and control queues,
       this information is processed only by the server.

       In addition  to  files,  printcap  information  can  be  obtained  from
       programs  or  filters.   For  example,  the  printcap_path  of the form
       /etc/printcap:|/usr/lib/getpr   will   use   the   contents   of    the
       /etc/printcap  file,  and  then  use  the /usr/lib/getpr program to get
       information  about  a  specific  printer.   When  information  about  a
       particular  spool queue is needed and one or more filters are specified
       as the source of printcap information, then the filter will be  started
       and  the  printer  name written on its standard input.  The filter must
       provide a printcap entry for the  requested  printer  on  its  standard

       The  filter  can  be  used  to  interface  to  databases or nonstandard
       information sources which do not produce  printcap  information  in  an
       acceptible form.


       Each  spool  queue  has  a  spool  directory  (sd) and optional control
       directory (cd)  where job  and  control  information  is  kept.   Under
       normal  operation  the spool and control directories are identical, but
       if the spool directory  is  NFS  exported  for  use  by  other  printer
       spoolers  which  write  files directly into the spool queue, then it is
       recommended that the control directory be a separate directory and  not
       NFS mounted.  The following files are used for printer operations.  Per
       job entries are marked with an asterisk (*).

       File Name           Dir     Purpose
       printer             CD      lock file and server process PID
       unspooler.printer   CD      subserver process PID
       control.printer     CD      queue control information
       *hfAnnn             SD      job hold file
       *cfAnnnHOST         SD      job control file
       *dfAnnnHOST         SD      job data file
       *bfAnnn.*           SD      tempory files

       The nnn in the file names stands for the job number.  RFC1179  requires
       this  to  be  a  3  digit number, but the longnumber printcap flag or a
       nonzero longnumber configuration variable will enable 6 digit  numbers.

       The  lock  file  is  used  to  prevent  multiple job queue servers from
       becoming active simultaneously, and to store  the  server  process  id.
       The  lock  file name is the name as the printer name; all other control
       files have the printer name appended as indicated above.

       The printer spool control file  contains  information  controlling  the
       queue  operations.   It consists of a series of lines with keywords and
       values  to  control  printing,  spooling,  and  automatic  job  holding
       operations.   The  following  is  an example of a typical spool control

              spooling_disabled 0
              printing_disabled 1
              holdall 0
              redirect p1@host2
              debug 10,log=/tmp/log
              class A

       The spooling_disabled and printing_disabled  entries  control  spooling
       and  printing;  the  lpc enable, disable, start, and stop command alter
       these values.  The holdall entry will prevent jobs from being processed
       until  released  with  the lpc hold or release comands; the lpc holdall
       and noholdall commands alter these values.

       The redirect entry causes  the  lpd  server  to  forward  jobs  to  the
       specified  remote  printer; the lpc redirect command alters this field.
       The class field controls the class of jobs being printed.  By  default,
       the  class  value  is  a  pattern that matches the class entry in a job
       file; however a entry of the form letter=patterns will print jobs whose
       control  file  line  starting  with letter matches one of the patterns.
       The debug line provides a set of debugging  parameters  for  diagnostic
       information for the particular spool queue.

       Each  print  job consists of a control file and one or more data files.
       Lines in the control file file specify the job data files or parameters
       for the job and the general format of the file is specified by RFC1179.
       Each line consists of a flag character and a parameter; upper case  and
       digit  characters  specify  options  and lower case letters specify the
       printing format and names of data files.  The following is  a  list  of
       the control file flag characters.

       A      Identifier  A  job  identifier  to  be  used when displaying job
              information and/or  status.   The  insertion  of  this  line  is
              controlled    by   the   use_identifier   printcap/configuration

       C      Class String to be used for the class line on the burst page.

       H      Host Name.  Name of the machine where lpr was invoked.

       I      Indent.  The number of characters to indent the  output  by  (in

       J      Job Name.  String to be used for the job name on the burst page.

       L      Banner user name.  Information for banner page.

       P      Person.  Login name of the person who invoked lpr.  This is used
              to verify ownership by lprm.

       M      Send  mail  to  the  specified  user  when the current print job

       N      File name.  The original name of a data file  which  is  in  the

       T      Title.  String to be used as the title for pr(1) when the LPR -p
              option was specified.

       U      Unlink.  Job file to remove when printing completed.

       W      Width. The page width (in characters) to used for printing.

       Z      zoptions. Options passed by lpr -Zzoptions.  These are passed to
              output filters to aid in printing.

       f      Formatted  File.   Name  of  a  file  to  print which is already

       l      Like ``f'' but passes control characters and does not make  page

       p      Name of a file to print using pr(1) as a filter.

       t      Troff   File.    The   file   contains   troff(1)   output  (cat
              phototypesetter commands).

       d      DVI File.  The file contains  Tex(l)  output  (DVI  format  from

       g      Graph File.  The file contains data produced by plot(3X).

       c      Cifplot File. The file contains data produced by cifplot.

       v      The file contains a raster image.

       r      The  file  contains  text  data  with  FORTRAN  carriage control

       1      Troff Font R. Name of the  font  file  to  use  instead  of  the
              default.  (Obsolete)

       2      Troff  Font  I.  Name  of  the  font  file to use instead of the
              default.  (Obsolete)

       3      Troff Font B. Name of the  font  file  to  use  instead  of  the
              default.  (Obsolete)

       4      Troff  Font  S.  Name  of  the  font  file to use instead of the
              default.  (Obsolete)

       Each job in the spool queue can have an associated job hold file  which
       is  used by the server process to control the printing of the job.  The
       status file contains information controlling the job  hold  status  and
       error  status.   The spool server will attempt to print a job a limited
       number of times before abandoning it or setting an error status in  the
       job status file.  The following is a typical job hold file.
              hold         0  priority     0  active      2135 redirect remove
              0 error

       A nonzero hold entry will prevent the job from being processed; the lpc
       hold  and  release  commands  update  this  field.   The priority field
       overrides the normal first-in first-out printing  priority;  jobs  with
       non-zero  priority  fields  are  printed  first.   The lpc topq command
       updates this field.  If the active field is non-zero, the job is  being
       printed  by  the  server  with  the specified process id.  The redirect
       field allows individual jobs to be forwarded to  a  different  printer;
       the lpc move command updates this field.  Finally, the remove and error
       fields are used to control printing of problem jobs.  The remove  field
       is  set  when  a  job  should  be  removed;  the  error  field  records
       information that would prevent a job from being printed.


       The LPR program is used to submit a job to the LPRng system.   The  LPR
       program  opens a connection to the LPD server and then transfer the job
       control file and data files.  The LPD  server  checks  to  see  if  the
       remote host and user has permissions to spool to the requested printer,
       and then checks to see if the  printer  is  accepting  jobs.   If  both
       conditions  are met, the job is accepted and the control and data files
       are placed int the spool  directory.   The  LPRng  software  sends  the
       control file first, followed by the data files.

       If  the  LPR  program  is  acting  as  a filter, it is not necessary to
       temporarily store the print job on the local machine.  The  input  data
       can  be  sent directly to the LPD server for spooling using an implicit
       job size of 0 and sending data until the connection  is  terminated  to
       the  server.  However, some LPD servers do not accept 0 size jobs, even
       though it is specified by the RFC1179, so by default LPR will create  a
       temporary  file.   The  LPR  -k  (seKure)  option specifies this direct
       transmission mode be used.


       When LPR is to send a job to the server, it must determine the location
       of  the  server.  It does this by examining the values of the specified
       printer and host.

       If the printer and host are explicitly specified in  the  form  pr@host
       then  the LPR program will send the job to the specified spool queue pr
       and to the server running on host.  This can be explicitly specified by
       the PRINTER environment variable or by the LPR -P option.

       If the printer is specified only by a name, then the information in the
       printcap database is used.  The  printcap  entry  for  the  printer  is
       searched  for  and  the  remote host and printer information extracted.
       The job is sent to the server running on the specified host.

       This action can be modified by the following printcap or  configuration

       1. default_host=host
            (Configuration) If there is no printcap entry for the printer, the
            job is sent to the LPD server running on host.

       2. force_localhost
            (Configuration or printcap) If this flag is specified,   then  LPR
            and  other client programs will send the job to the server running
            on the localhost.  This overrides the default_host information.


       The LPD system can forward jobs from one spool  directory  to  another.
       This is controlled by the following options.

       1.   The  forward  field  in  the spool control file has a value rp@rm.
            This can be set using the LPC forward command.

       2.   The lp (line printer) printcap entry has the form rp@rm.  There is
            a  rm  (remote  machine) and optional rp (remote printer) printcap

       The first of  the  above  conditions  to  be  met  will  determine  the
       destination.   If  printing  is enabled, then jobs will be forwarded to
       the remote destination.  Example:
       # using lp=rp@host
       # using :rp:rm:

       3.   The LPD server uses the same algorithm for sending jobs as the LPR
            program.   A connection is made to the remote server and the files
            are copied to the server.  A set of timeouts is  used  to  control
            error   recover   and   retry   operations.    The   printcap  and
            configuration   variables    connect_timeout,    connect_interval,
            connect_grace, and send_try control connecting to the remote host.
            A connection is attempted to the remote server from a random  port
            in  the  range  of ports specified by the originate_port variable.
            If a connection is not completed within  connect_timeout  seconds,
            the  connection  is  aborted,  and then after the connect_interval
            seconds it is retried.  The procedure  repeated  indefinately  for
            printing,  but  only  once  for  status  or control operations.  A
            connect_timeout value of 0 indicates no  timeout;  a  value  of  0
            specifies  infinite  timeout  After  a  job  has been successfully
            printed, the  connection  is  closed  and  the  server  waits  for
            connect_grace seconds before trying to reconnect.


       Normally  job  files  are  forwarded to a printer without modification.
       The flag makes the queue a  bounce  queue  and  allows  banners  to  be
       generated  and  data  files  to  passed  through the appropriate format
       filter.  The entire output of  this  process  is  then  passed  to  the
       destination  with the format specified by the bq_format option (default
       l or binary).  See PRINTING OPERATIONS for details about filters.   For
       example, the following printcap entry will filter format f files.


       Sometimes  only  the  indicated  format  of  the data files needs to be
       changed.  This can be done using  the  translate_format  option.   This
       entry consists of pairs of lower case characters of the form SdSd...; S
       is the original and d is the translated format.

       In the example above, the m format is processed by a filter,  and  then
       its  format  type is changed to f; the p format is processed similarly.
       Note that the lpr -p option specifies that the job will be processed by
       the /bin/pr command - the filter must do both the pr processing and any
       necessary format conversions.


       The :lpr_bounce: printcap flag  will  cause  LPR  to  do  bounce  queue
       filtering  before  sending  the job to the remote queue.  This can have
       unexpected effects if the filters are not available on the local  host.

       A typical entry which will cause LPR to do filtering is shown below.

       This entry will force LPR to run jobs with formats f, m, and v
       through the appropriate filter.
       It will also rename the formats to the f format.


       When a job is submitted for printing, sometimes it is desirable to have
       it dynamically rerouted to another spool queue, or multiple copies send
       to various destination.  This can be done by using a routing_filter.

       When  a  job  is  accepted  by  the  LPD server, part of the processing
       includes passing it to a  program  specified  by  the  printcap  router
       entry.  This filter is invoked with the original control file as STDIN,
       and the default set of filter  options.   The  output  of  the  routing
       filter  will be a set of directives used by LPD when forwarding the job
       to another printer or in  processing  the  job.   The  environment  and
       options  flags  are  set  as for a standard filter.  (See "FILTERS" for
       details.)  Here is a sample printcap entry:
       t2|Test Printer 2

       The routing filter exit status is used as follows:
                           0  (JSUCC) - normal processing
                           37 (JHOLD) - job is held
                           any other value - job is deleted from queue

       The router  filter  returns  one  or  more  routing  entries  with  the
       following  format.   Note  that  entry order is not important, but each
       entry will end with the 'end' tag.   dest  <destination  queue>  copies
       <number of copies to be made> X<controlfile modifications> end

       Example of router output:
       dest t1@localhost
       copies 2
       dest t2@localhost

       The above routing information will have copies of the job sent to
       the t1 and t2 spool queue servers.  If no valid routing information
       is returned by the router filter the job will be sent to the default
       bounce queue destination.


       Sometimes  it is desirable to reformat a control file before sending to
       a remote destination.  If the control_filter printcap entry is present,
       then  the  control  file  is  passed through the filter.  If the filter
       exits with status JSUCC, then  the  job  is  process  normally;  status
       JABORT  causes  the job processing to be aborted, status JREMOVE causes
       the job processing to be removed, and any other status  is  treated  as

       After  passing  the  control  file  through the control_filter, the LPD
       server will reread it, and transfer only the data  files  specified  in
       the new control file to the destination.


       The  qq printcap entry and the use_queuename configuration entry causes
       the name of the spool queue to be placed in the job control file.  This
       value  can  be  used  by  the filter to determine how to process a job.
       When combined with the use of the Bounce Queue, this  can  be  used  to
       reformat jobs before sending to another printer spooler system.


       When  printing  is  enabled,  the LPD server will create a spool server
       process to carry out printing operations.  For each job in  the  queue,
       the  spool  server process will create a subserver process to carry out
       the actual printing operations.  If the subserver  process  fails,  the
       server   process  will  initiate  recovery  operations.   Job  will  be
       attempted to be printed until all are done or a  subserver  returns  an
       ABORT indication; the server will then terminate operations.

       The server process normally scans the queue once, at initiation; if the
       spool control file is modified, usually by using the lpc  command,  the
       spool queue is rescanned.  The overall algorithm for job printing is:
       open the print device;
       send some initialization strings;
       send a banner to the device;
       send the job data files to the device;
       send some termination strings;
       close the print device;

       In  order  to  handle  the  various  device requirements, the subserver
       process in turn uses 'filter' programs specified in the printcap  entry
       to carry out the individual steps.

       OF Filter
            The  'of'  filter  is used for initialization, banner printing and
            the  termination  strings.   It  has  the  peculiar  property   of
            suspending  itself  when  sent  a  special escape string, allowing
            other filters to be used to print the individual job files.

       Data Filters
            Each data file in a job has  format  specified  by  a  lower  case
            character and an associated filter specified in the printcap file.
            For example, the 'g' format is printed by the 'gf' filter, and  so
            forth.   By  convention,  the  'if'  filter  is  used to print 'f'
            (ordinary text) and 'l' (binary) format jobs.

       lp-pipe Filters
            If the printcap device specification has the  form  |program  then
            the  output  device  is  accessed  by the specified program.  This
            allows the program to take care of any required initialization  or
            communication requirements.

       The  following  is  a  concise  summary of the actual algorithm used to
       print files.  Note that LP stands for  the  printer  device  or  filter
       specified  by  the 'lp' printcap entry; OF stands for the 'of' printcap
       filter; IF is the default  'if'  filter;  BP  is  the  banner  printing
       filter;  and  ?F  stands for the filter for data file.  The '??' values
       stand for entries from the printcap file.

       LP = open( 'lp' );  // open device, filter, or network connection
       OF = IF = LP;       // set defaults
       set up accounting according to 'af' entry;
       if( 'of' ) OF = filter( 'of' ) -> LP;// make OF filter
       if 'as' then record start of job accounting information.
       if 'achk' then check for accounting limits.
       if( leader on open 'ld' ) `ld` -> OF// send leader
       if( FF on open 'fo' ) `fo` -> OF    // send leader

       // print a banner
       // first check to see if required
       //   and then to see if not suppressed by printcap
       //   or by user
       do_banner =
           (always banner 'ab'
               || (!suppress banner 'sb' && job has banner ));
       if( ! header last 'hl' && do_banner ){
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;

       // now we suspend the OF filter, use other filters
       if( OF != LP ) suspend OF filter;

       for each data file df in job do
           // send FF between files of job
           if( !first job && ! no FF separator 'sf' ){
               if( OF != LP ) wake up OF filter;
               'ff' -> OF;
               if( OF != LP ) suspend OF filter;

           // get filter for job
           format = jobformat;
           if( jobformat == 'f' or jobformat = 'l' ){
               format = 'f';
           filter = check pc for filter for format;
           ?F = LP; // default - no filter
           if( filter ){
               ?F = filter( filter ) -> LP;

           data file -> ?F;
           // note: if :direct_read: flag set, filter input
           // is directly from the file,  otherwise the
           // file contents are written to the filter input.

           if( ?F != LP ) close( ?F )

       // finish printing

       if( OF != LP ) wake up OF filter;
       if( header last 'hl' && do_banner ){
           if( ! no FF separator 'sf' ){
               'ff' -> OF;
           if( banner program 'bp' ){
               fork and exec bp to generate banner, but into temp file.
               cat temp file -> OF;
           } else {
               short banner info -> OF;

       if( ff on close 'fq' ){
           'ff' -> OF;

       if( trailer on close 'tr' ){
           tr -> OF;

       if 'ae' then record end of job accounting information.

       if( OF != LP ) close( OF );
       close( LP );

       When printing or transferring a job to  a  spool  queue  fails,  it  is
       retried the number of times specified by the rt (or send_try ) printcap
       variable.  A 0 value specifies an infinite number or retries.  When the
       retry count is exceeded, then the send_failure_action printcap variable
       determines the action to be taken.  The variable can be the values succ
       ,  fail  , abort , remove , ignore , or hold , which will cause the job
       to be treated as normally  completed,  retried,  aborted,  removed,  or
       ignored  and  retried  at  a  later  time  respectively.   These  names
       correspond to the JSUCC , JFAIL , etc. error codes returned by filters.
       If  the  variable  has  the  form |/filter , then the filter is run and
       passed the number of attempts on the standard input.  The  filter  must
       exits  with  a  JSUCC, JFAIL, etc., error code and the server will take
       the appropriate action as listed above.

       The print filters normally have their input provided by a process via a
       pipe.   However,  if  the  direct_read  printcap  flag is set, then the
       filter input is taken directly from the job file.  This  is  compatible
       with  the  vintage  BSD  method, but loses the ability to track the job

       After the job print or transfer attempt, if the job is  to  be  removed
       and  the  printcap  variable save_on_error is true, the job will not be
       removed from the spool queue but only flagged with an error.   The  job
       can  then  be  retried  at  a  later  time.  If the job is successfully
       printed it is usually removed from the spool queue.   However,  if  the
       printcap  variable save_when_done is true the job will merely be marked
       as completed and not removed from the queue.


       As described in the previous section, filters  are  created  to  handle
       output  to  devices  or  other  filters.   The command line to invoke a
       filter is generated in the following manner.

       1.   The printcap entry or  configuration  value  defining  the  filter
            command is obtained.

       2.   The  file  to  be printed or the banner line/file generated by the
            banner printer will be written to STDIN  (file  descriptor  0)  of
            the  filter.   The  output  device  (or /dev/null if this is not a
            printing filter) will be be STDOUT  (file descriptor 1) and STDERR
            (file  descriptor  2) will be connected to the error logging file.
            If this is a printing filter, the error log will be determined  by
            the  :af:  printcap  field  and FD 3 will be opened and set to the
            either the file, remote host, or input of the filter program.

       3.   Filter specifications starting with ROOT will be run as root (EUID
            =  0).  This can be a serious security loophole and should only be
            used as a last resort for specific problems.

       4.   The options for the  filter  command  line  will  be  replaced  by
            appropriate  values.   Option  specifications  have  the form $[0|
            ][-][']X.  The  default  option  expansion  has  the  form  $X  ->
            -X'value';  the  form  $0X or $(space)X adds a space after the -X,
            i.e.- $0X -> -X 'value'; the form $-X suppresses the  -X,  i.e.  -
            $-X -> 'value'; and the form $'X' suppresses the quotes around the
            value.  Note that the 0,-, and ' can  be  combined.  For  example,
            $-'X -> value.  The options will be exanded as follows:

            Key  Value
            a    Accounting file (printcap 'af' entry)
            b    Job size, i.e.- total data file size, in bytes
            c    if binary (format 'l') expands to -c
            d    Control directory
            e    job data file
            f    original print file name (control file N field)
            h    Control file hostname
            i    Control file indent (I) field
            j    job number from control file name
            k    Control file name
            l    printcap Page length (pl) value
            m    printcap Cost factor (co) value
            n    Control file user logname (P) field
            p    Remote Printer name for forwarded jobs
            r    Remote Host name for forwarded jobs
            s    printer Status file (ps) value
            t    current time in simple format
            w    printcap Page width (pw) value
            x    printcap x dimension (px) value
            y    printcap y dimension (py) value
            F    data file format character
            P    Printer name
            S    printcap Comment tag (cm) value
            Upper Case   control file line starting with letter
            Digit control file line starting with digit

       5.   The  options specified by the filter_options (for none OF filters)
            or of_filter_options (for the OF filter) will be appended  to  the
            command  line  and  expanded.  To suppress adding options, you can
            use the form '-$ filter', i.e.  -  of=-$/bin/cat.   If  the  'bkf'
            (backwards compatible filter options) printcap flag is set, the of
            filter is given the options specified by bk_of_filter_options  and
            other filters those by bk_filter_options.  The following shows the
            various combinations possible, and typical values for the options.

            filter_options    $C $F $H $J $L $P $Q $R $Z $a $c $d $e $f $h $i \
                              $j $k $l $n $s $w $x $y $-a
            bk_filter_options $P $w $l $x $y $F $c $L $i $J $C $0n $0h $-a
            bk_of_filter_options $w $l $x $y

       6.   A printing filter which executes correctly and completely should
            exit with a 0 error status.
            A nonzero error status will be interpreted as follows:
            JFAIL    32   failed - retry later
            JABORT   33   aborted - do not try again, but keep job
            JREMOVE  34   failed - remove job

       The  JFAIL  will  cause the job to be retried at a later time.  A limit
       can be placed on the number of retries using  the  :rt:  or  :send_try:
       printcap  entry.   A retry value of 0 will cause infinite retries.  The
       JABORT indicates serious problems and will cause printing operations on
       the  job to stop until restarted by operator intervention.  The JREMOVE
       status indicates problems, and the job should be removed from the spool

       The environment variables for filters are highly restricted, due to the
       possibility for abuse by users.  The following variables are set:

       USER and LOGNAME
            user name or daemon name.

            home directory of user or daemon.

       PATH from the filter_path configuration variable.

            from the filter_ld_path configuration variable.

            set to /bin/sh

       IFS  set to blank and tab.

       TZ   the TZ environment variable.

            the spool directory for the printer

            the control directory for the printer

            the printcap entry for the printer

            the control file for the print job

       pass_env environment variables
            Values  of  environment   variables   listed   in   the   pass_env
            configuration variable.


       The  LPRng  software provides several methods of performing accounting.
       The printcap af (accounting field), as and  ae  (accounting  start  and
       end),  and  achk  (accounting check) provide a basic set of facilities.
       The af field specifies a file, filter, or TCP network connection to  an
       accounting  server.   If  af  has the form |filter or |-$ filter then a
       filter will be started and all accounting information will be  sent  to
       the  filter.  The first form passes the filter the command line options
       specified by the filter_options configuration variable and  the  second
       suppresses  option  passing.   If  af has the form host%port then a TCP
       connection will be opened  to  the  port  on  the  specified  host  and
       accounting  information sent there.  All other forms will be treated as
       a pathname relative to the queue spool directory.

       If af specifies a file, then the accounting information is appended  to
       an existing file; the accounting file will not be created.

       When  af  specifies a filter or network connection and the achk flag is
       set, then after writing the  initial  accounting  information  (see  as
       printcap  field  below)  the  server  will wait for a reply of the form
       ACCEPT from the filter or server.  If not received, the job will not be

       The  as (accounting start) and ae (accounting end) fields can specify a
       string to be printed or a  filter.   Options  in  the  string  will  be
       expanded  as  for  filters,  and  the  strings  printed  to  either the
       accounting information  destination.   If  the  as  field  specifies  a
       filter,  then  the print server will wait for the filter to exit before
       printing the job.  If the exit status is 0 (successful), the  job  will
       be  printed.   A non-zero JREMOVE status will remove the job, while any
       other status will terminate queue printing operations.  After  printing
       the  job, the ae filter will be started and the server will wait for it
       to complete before printing the next job.

       The as and ae filters will have STDOUT set to the printing  device  and
       or  filter,  and  the  STDERR  set  to the error log file for the print
       queue, and fild descriptor 3 set to the destination specified by the af

       As  a convenience, all format filters for printing will be started with
       file descriptor 3 set to the destination (file or filter) specified  by
       the  printcap  af  field.   This allows special filters which can query
       devices for page counts  to  pass  their  information  directly  to  an
       accounting  program.   The descriptor will READ/WRITE, allowing filters
       to query the accounting program and/or update the information directly.


       In  order  to  provide  a  centrallized  method to track job status and
       information,  the  printcap/configurtion  variable   logger_destination
       enable   the   send  of  status  and  other  information  to  a  remote
       destination.  The logger_destination value has the form
       where host is the host name or IP address, port  is  an  optional  port
       number,  and  protocol is an optional protocol type such as UDP or TCP.
       The      configuration      variables      default_logger_port      and
       default_logger_protocol can be used to override the default port number
       (2001) and protocol (UDP) to be used if  none  is  specified.   Logging
       information has the format below.
              IDENTIFIER jobid [PRINTER name] at timestamp \
                 STATUS | TRACE | FILTER_STATUS PID nnn
              [ status information]

       The  status information format consists of an identifier line, followed
       by a specifier of the status type.  The logging  information  entry  is
       terminated by a line with a single period on it.  Lines with a starting
       period have the period duplicated.


       Rather than building authentication facilties into LPRng, an  interface
       to  authentication  programs  is  defined, and will be used as follows.
       The  printcap  and  configuration  entries  auth,   auth_client_filter,
       auth_forward,           auth_forward_id,           auth_forward_filter,
       auth_receive_filter, and auth_server_id entries control authentication.
       The  auth  value  specifies  the  type of authentication to be used for
       client  to  server  authentication.   Typical  values  would  be   pgp,
       kerberos,  etc.  If the authentication type is not built-in, the client
       programs use the auth_client_filter program to perform  authentication.
       When  a  server  gets  and  an  authentication request, it will use the
       auth_receive_filter   program   to   perform    authentication.     The
       auth_server_id  is  the  remote server id used when a client is sending
       jobs to the server or when the server is originating a request.  When a
       server  forwards  a request, it uses auth_forward value to determine if
       authentication  is  to  be  done,  and  the  auth_forward_id   as   the
       destination server id.

Client To Server Authentication

       1.  The client will open a connection to the server and sends a command
           with the following format.  The REQ_SECURE  field  in  the  command
           corresponds  to the one-byte command type used by the LPR protocol.
                  \REQ_SECUREprinter C user\n
              Print job transfers:
                  \REQ_SECUREprinter C user controfilename\n

       2.  On reception of this command,  the server  will  send  a  one  byte
           success code as below.  An error code may be followed by additional
           error information.  The values used by LPRng include:
              ACK_SUCCESS     0   success, no error
              ACK_STOP_Q      1   failed; no spooling to the remote queue
              ACK_RETRY       2   failed; retry later
              ACK_FAIL        3   failed; job rejected, no retry

       3.  If there is an error the connection will be terminated.  The server
           will   then  start  an  authentication  process,  and  provide  the
           following open file descriptors for it.  The authenticator  process
           will run as the UID of the server (i.e.- usually daemon).
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for information for server
              2     W       error log
              3     R       pipe or file descriptor
                            for responses to client

           The command line arguments will have the form:
              program -S -Pprinter -nuser -Rserver_user -Ttempfile

           The  printer and user information will be obtained from the command
           line sent to the server.  The authenticator can  create  additional
           temporary  or working files with the pathnames tempfile.ext;  these
           should  be  deleted  after  the  authentication  process  has  been

       4.  After  receiving  \ACK_SUCCESS,  the client starts an authenticator
           process, and provides the following open file descriptors  for  it.
           The authenticator process will run UID user.
              FD    Options Purpose
              0     R/W     socket connection to remote host (R/W)
              1     W       pipe or file descriptor
                            for responses to client
              2     W       error log

           The command line arguments will have the form:
              program -C -Pprinter -nuser -Rserver_user -Ttempfile

       5.  The  authenticator can create additional temporary or working files
           with the pathnames tempfile.ext;  these will be deleted  after  the
           authentication    process   has   been   completed.    The   client
           authenticator will be running as the client user.

       6.  After   exchanging   authentication   information,    the    client
           authenticator  will  transfer the contents of the temporary file to
           the server authenticator, using FD 0.  It will then wait for  reply
           status  on FD 0.   If the transfer step fails, or there is no reply
           status of the correct format,  the client authenticator will  print
           any  recieved  information  on FD 1, error information on FD 2, and
           then exit with error code JFAIL.

       7.  After receiving the files on FD 0,  the server  authenticator  will
           perform  the  required  authentication  procedures  and  leave  the
           results in  tempfile.   The  server  authentictor  will  write  the
           following to FD 1,  for use by the server:

           If the transfer step or authentication fails,  then the server will
           write an error message to FD 2 and exit with error code JFAIL.  The
           server will use this authentication information to determine if the
           remote user has permission to access the system.

       8.  The server authentication process will read input from FD  3  until
           and  end  of  file,  and  then proceed to transfer the input to the
           client authenticator.   If  the  data  transfer  fails,   then  the
           process  will  exit  with  error code JFAIL, otherwise it will exit
           with error code JSUCC.

       9.  The client authenticator will read the status information  from  FD
           0,   and after performing authentication will write it to FD 1.  If
           data transfer or  authentication  fails,   the  authenticator  will
           write  an  error  message  to  FD 2 and exit with error code JFAIL,
           otherwise it will exit with error code JSUCC.

Server to Server Authentication

       The Server to Server authentication procedure is used by one server  to
       forward  jobs  or  commands to another server.  It should be noted that
       this forwarding operation puts an implicit trust in the security of the
       client  to  server  to server chain.  In the description below, src and
       dst are the userid of the source and destination servers  respectively.

       1.  The  originating  host  takes  the  part  of  the  client, and will
           transfer a job acting like the  client.   The  initial  information
           transfer from the originating (src) server will have the format:
                  \REQ_SECUREprinter F user\n
              Print job transfers:
                  \REQ_SECUREprinter F user controfilename\n

           After receiving a 0 acknowlegement byte, the src server will invoke
           its authenticator with the arguments below.  The forward_user value
           will default to the server_user value if not explicitly provided.
              program -C -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

       2.  On  the  destintation  server the authenticator is invoked with the
              program -S -Pprinter -nserver_user \
                  -Rforward_user -Ttempfile

           The authentication is performed to determine that the transfer  was
           between the two servers,  rather than the user to server.


       As a convenience, Kerberos 5 authentication has been built into the LPD
       clients and servers.  If you are not familiar with Kerberos,  then  you
       should  obtain  other documentation and/or assistance before attempting
       to use this.  The following facilities/configuration values are used to
       support Kerberos.

       A  Kerberos  principal  is the name used for authentication purposes by
       Kerberos.  For example, user principals have the form  user@REALM;  for
       example,  papowell@ASTART.COM.   Services  and/or servers have the form
       service/host@REALM; for example, the lpd server on dickory  would  have
       the form:

       User  to  server  authenticaiton  process will use the user's principal
       name, and generate a service name for the server.  The name  generation
       is controlled by the following configuration and/or printcap values.

              The  name  of  the  service  to be used to identify the service.
              This is usually "lpr".

              The location  of  the  server  keytab  file.   The  keytab  file
              corresponds  to  the  user  password,  and  must be considered a
              security risk.  It should be owned by the LPD server  user,  and
              readable/writable only by the server.

              The  lifetime  of  the authentication ticket used by the server.
              This usually defaults to 10 hours.

              The renewal time of the ticket.

       In addition to the default values, an explicit server principal can  be
       specified in the printcap file using the kerberos_server_principal This
       allows cross domain authentication to be done.

       When setting up Kerberos authentication, you  will  need  to  establish
       principals  for  each  server, and to distribute and install the keytab
       files on each server.


       The following permissions tags are available to check on authentication
              AUTH=[NONE,USER,FWD]    - authentication
                  AUTH=NONE   - no authentication
                  AUTH=USER   - authentication from a client
                  AUTH=FWD    - forwarded authentication from a lpd server

       1.  The  AUTH  tag  can be used to determine the type of authentication
           being  done.   The  AUTHTYPE  tag  can  be  used   to   match   the
           authentication type being used or requested by the client or remote
           server.   The  authentication  process  returns  an  authentication
           identifier  for  the  user;  this information can be matched by the
           AUTHUSER tag.

       2.  For a command sent from  a  client  or  forwarded  from  a  server,
           AUTHUSER  matches  the auth_user_id provided for the user when sent
           to a server.  (This  information  will  be  forwared  by  a  remote
           server).    For   a   forwarded  command,  FWDUSER  refers  to  the
           authentication information for the server doing the forwarding.

       3.  For example,  to reject non-authenticated operations, the following
           line could be put in the permissions file.
              REJECT AUTH=NONE

       4.  To  reject  server  forwarded authentication as well, we use REJECT
           AUTH=NONE,FWD.  If a remote server  with  name  serverhost  has  id
           information  FFEDBEEFDEAF,   then  the  following  will accept only
           forwarded jobs from this server.
              REJECT AUTH=FWD


       The files used by LPRng are set by values in the printer  configuration
       file.  The following are a commonly used set of default values.
       /etc/lpd.conf                                LPRng configuration file
       /etc/printcap                                printer description file
       /etc/lpd.perms                               printer permissions
       /var/spool/printer*                          spool directories
       /var/spool/printer*/printcap                 printer specific printcap information
       /var/spool/printer*/printer                  lock file for queue control
       /var/spool/printer*/control.printer          queue control
       /var/spool/printer*/active.printer           active job
       /var/spool/printer*/log.printer              log file


       lpd.conf(5),  lpc(8), checkpc(8), lpr(1), lpq(1), lprm(1), printcap(5),
       lpd.perms(5), pr(1).


       Most of the diagnostics are self explanatory.
       If you are puzzled over the exact cause of failure,
       set the debugging level on (-D5) and run again.
       The debugging information will
       help you to pinpoint the exact cause of failure.


       LPRng is a enhanced printer spooler system with  functionality  similar
       to   the   Berkeley   LPR   software.    The   LPRng  mailing  list  is
       lprng@lprng.com; subscribe by sending mail  to  lprng-request@lprng.com
       with  the  word  subscribe in the body.  The software is available from


       Patrick Powell <papowell@lprng.com>.

LPRng                             LPRng-3.8.9                           LPD(8)

Man(1) output converted with man2html