Ok, here is part of the answer.  It's SuSE specific:

"Additionally, the following command must be used (as the user root) to enter 
a CUPS-specific password for the user root in /etc/cups/passwd.md5:
lppasswd -g sys -a root"

SuSE doesn't run CUPS as root, and uses digest.md5 authorization for CUPS 
administration.

I found this by searching for bug reports on CUPS on the SuSE site, sorry now 
I didn't tag the URL.