Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 15
SmartCard Configuration
View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
PKI Pre-Installation Guide IP Address or Name IP Address or Name IP Address or Name 2. Kerberos Realm (which is typically the Windows Domain Name). There is usually only one, but if more than one realm is used, a Kerberos Configuration File will need to be uploaded to the MFP. See section 7.3, Kerberos Configuration File, for information on generating this file. □ One Kerberos Realm □ Multiple Kerberos Realms: Please have configuration file ready at install time. 3. For added security, the Kerberos and LDAP implementations used by the MFP perform reverse DNS lookups to verify IP Addresses. However, some networks have reverse DNS lookups disabled so this may need to be disabled. Are reverse DNS lookups disabled on the network that will be used by the MFP? □ Yes □ No 4. The KDC used for user authentication can also be set as the Default LDAP Server. This can allow for greater flexibility in case multiple KDCs are specified so that the LDAP server does not have to be set to only one of them. Do you want to set the default LDAP Server to be the KDC used for user authentication? □ Yes □ No 3.2.2.1 SmartCard Configuration If SmartCard login is allowed, the PKI Authentication application needs to validate the response from the Domain Controller. It also must know the information to use from the card to lookup other data (such as home directory) about the user. 3.2.2.1.1 Response Validation To validate the response from the Domain Controller is coming from a trusted source, the application must validate the certificate included in the Domain Controller's response. This validation can be done in one of four ways: MFP Certificate Validation The PKI Authentication Application gets the issuer of the certificate contained in the Domain Controller's response. In this case, the certificate of the Certificate Authority (CA) that issued the Domain Controller's certificate is considered trusted. So if the certificate of the CA that issued the certificate in the response is found installed on the MFP, the response is considered trusted and the logon proceeds. Otherwise, the logon will fail. Version 2.0.0 Page 11