Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 19

Using Kerberos

You can use this login method by itself or in conjunction with the LDAP+GSSAPI login method.

Notes:

•

Only one Kerberos configuration file can be saved on the printer memory. This configuration file can

apply to multiple realms and Kerberos Domain Controllers.

•

Uploading another configuration file or updating the Kerberos settings overwrites the saved

configuration file.

•

If you want to delete a Kerberos file, then delete first the LDAP+GSSAPI login method that is using the

file.

•

Administrators must anticipate the different types of authentication requests the Kerberos server might

receive, and configure the configuration file to handle the requests.

•

Kerberos relies on an external server for authentication. If the server is down, then users are not able to

access the printer using LDAP.

•

To help prevent unauthorized access, log out from the printer after each session.

Creating a Kerberos login method

1

From the Embedded Web Server, click

Settings

>

Security

>

Login Methods

.

2

From the Network Accounts section, click

Add Login Method

>

Kerberos

.

3

Do one of the following:

Create a simple Kerberos configuration file

From the Generate Simple Kerberos File section, configure the following:

•

KDC Address

—Type the IP address or host name of the KDC IP.

•

KDC Port

—Enter the port number used by the Kerberos server.

•

Realm

—Type the realm used by the Kerberos server. The realm must be typed in uppercase.

Import a Kerberos configuration file

In the Import Kerberos File field, browse to the krb5.conf file.

4

If necessary, from the Miscellaneous Settings section, configure the following settings:

•

Character Encoding

—Select the character encoding used for the configuration file.

•

Disable Reverse IP Lookups

5

Click

Save and Verify

.

Setting the date and time

When using Kerberos authentication, make sure that the time difference between the printer and the domain

controller does not exceed five minutes. You can manually update the date and time settings or use the Network

Time Protocol (NTP) to sync the time with the domain controller automatically.

1

From the Embedded Web Server, click

Settings

>

Device

>

Preferences

>

Date and Time

.

Managing login methods

19

Section	Page
Contents	2
Change history	4
Overview	5
Supported printers	5
Supported web browsers	7
Securing network connections	8
Accessing the Embedded Web Server	8
Configuring TCP/IP port access settings	8
Configuring IP Security settings	8
Configuring 802.1x authentication	9
Setting the restricted server list	10
Managing devices remotely	11
Using HTTPS for printer management	11
Setting up SNMP	11
Configuring SNMP versions 1 or 2c settings	11
Configuring SNMP version 3 settings	11
Configuring SNMP traps	12
Configuring security audit log settings	12
Updating firmware	13
Managing login methods	14
Restricting public access to functions, applications, printer management, and security options	14
Using local accounts	14
Creating local accounts	14
Editing and deleting local accounts	14
Creating local account groups	15
Editing or deleting local account groups	15
Using LDAP or LDAP+GSSAPI	16
Creating an LDAP or LDAP+GSSAPI login method	16
Editing or deleting LDAP or LDAP+GSSAPI login methods	18
Using Kerberos	19
Creating a Kerberos login method	19
Setting the date and time	19
Using Active Directory	20
Creating an Active Directory login method	20
Editing or deleting an Active Directory login method	21
Creating LDAP, LDAP+GSSAPI, or Active Directory groups	22
Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups	23
Understanding access controls	23
Managing certificates	26
Configuring printer certificate defaults	26
Creating a printer certificate	26
Installing certificates manually	27
Installing certificates automatically	27
Viewing, downloading, and deleting a certificate	27
Managing other access functions	28
Scheduling access to USB devices	28
Setting login restrictions	28
Configuring confidential printing	28
Enabling solutions LDAP settings	29
Showing secured applications or functions on the home screen	29
Enabling print permission	29
Enabling the security reset jumper	30
Securing data	31
Erasing printer memory	31
Erasing printer hard disk memory	31
Configuring printer hard disk encryption	31
Restoring factory default settings	31
Statement of Volatility	32
Troubleshooting	33
User is locked out	33
Update the allowed number of login failures and lockout time	33
Reset or replace the smart card	33
User is logged out automatically	33
Increase the Screen Timeout value	33
User cannot access applications or functions	33
Make sure that the user is assigned to a group that has access to the applications and functions	33
KDC and MFP clocks are out of sync	33
Make sure that the date and time settings on the printer are correct	33
Domain controller certificate is not installed	34
Make sure that the correct certificate is installed on the printer	34
KDC is not responding within the required time	34
Make sure that the IP address or host name of the KDC is correct	34
Make sure that the KDC is available in the configuration file	34
Make sure that the server and firewall settings are configured to allow communication between the pr ...	34
LDAP lookups fail	34
Make sure that the server and firewall settings are configured to allow communication between the pr ...	34
If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings	34
If the LDAP server requires SSL, then enable SSL for LDAP lookups	34
Narrow the LDAP search base to the lowest possible scope that includes all necessary users	34
Make sure that all LDAP attributes that are being searched for are correct	34
Notices	35
Edition notice	35
GOVERNMENT END USERS	35
Trademarks	35
GifEncoder	36
ZXing 1.7	36
Apache License Version 2.0, January 2004	36

Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 19

Using Kerberos, Creating a Kerberos login method, Setting the date and time

Page 19 highlights