Linux printing does not need a separate authentication step anymore
Department's Linux hosts now use University's central single sign on AD-authentication for printing. This means that a separate authentication step is no longer required when printing. This works if (and only if) your HYAD password is the same as your CS Dept account password.
Some boring technical details
When logging in to a Linux host, the Linux system now obtains two kerberos tickets. One for HYAD kerberos/AD domain and one for department's old CSWIN domain. The AD kerberos ticket looks like this:
$ ls -l /tmp/krb5cc_$(id -u)_AD_* -rw------- 1 jjaakkol grpd 1406 Aug 28 12:38 /tmp/krb5cc_4392_AD_IrdmXj $ klist /tmp/krb5cc_4392_AD_IrdmXj Ticket cache: FILE:/tmp/krb5cc_4392_AD_IrdmXj Default principal: jjaakkol@AD.HELSINKI.FI Valid starting Expires Service principal 28/08/14 12:38:13 28/08/14 22:38:13 krbtgt/AD.HELSINKI.FI@AD.HELSINKI.FI renew until 04/09/14 12:38:13 $
The ticket is obtained by sssd daemon, which is now running on every Cubbli Linux host. The daemon also renews the ticket when necessary. This ticket is now used to authenticate print jobs to HYAD queues automatically.