Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 15

SmartCard Configuration

Get Lexmark X782e PDF manuals and user guides View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

PKI Pre-Installation Guide IP Address or Name IP Address or Name IP Address or Name 2. Kerberos Realm (which is typically the Windows Domain Name). There is usually only one, but if more than one realm is used, a Kerberos Configuration File will need to be uploaded to the MFP. See section 7.3, Kerberos Configuration File, for information on generating this file. □ One Kerberos Realm □ Multiple Kerberos Realms: Please have configuration file ready at install time. 3. For added security, the Kerberos and LDAP implementations used by the MFP perform reverse DNS lookups to verify IP Addresses. However, some networks have reverse DNS lookups disabled so this may need to be disabled. Are reverse DNS lookups disabled on the network that will be used by the MFP? □ Yes □ No 4. The KDC used for user authentication can also be set as the Default LDAP Server. This can allow for greater flexibility in case multiple KDCs are specified so that the LDAP server does not have to be set to only one of them. Do you want to set the default LDAP Server to be the KDC used for user authentication? □ Yes □ No 3.2.2.1 SmartCard Configuration If SmartCard login is allowed, the PKI Authentication application needs to validate the response from the Domain Controller. It also must know the information to use from the card to lookup other data (such as home directory) about the user. 3.2.2.1.1 Response Validation To validate the response from the Domain Controller is coming from a trusted source, the application must validate the certificate included in the Domain Controller's response. This validation can be done in one of four ways: MFP Certificate Validation The PKI Authentication Application gets the issuer of the certificate contained in the Domain Controller's response. In this case, the certificate of the Certificate Authority (CA) that issued the Domain Controller's certificate is considered trusted. So if the certificate of the CA that issued the certificate in the response is found installed on the MFP, the response is considered trusted and the logon proceeds. Otherwise, the logon will fail. Version 2.0.0 Page 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
PKI Pre-Installation Guide
Version 2.0.0
Page 11
IP Address or Name:
______________________________________________
IP Address or Name:
______________________________________________
IP Address or Name:
______________________________________________
2.
Kerberos Realm (which is typically the Windows Domain Name).
There is usually only
one, but if more than one realm is used, a Kerberos Configuration File will need to be
uploaded to the MFP.
See section 7.3,
Kerberos Configuration File
, for information on
generating this file.
One Kerberos Realm:
____________________________________________
Multiple Kerberos Realms:
Please have configuration file ready at install time.
3.
For added security, the Kerberos and LDAP implementations used by the MFP perform
reverse DNS lookups to verify IP Addresses.
However, some networks have reverse
DNS lookups disabled so this may need to be disabled.
Are reverse DNS lookups
disabled on the network that will be used by the MFP?
Yes
No
4.
The KDC used for user authentication can also be set as the Default LDAP Server.
This
can allow for greater flexibility in case multiple KDCs are specified so that the LDAP
server does not have to be set to only one of them.
Do you want to set the default LDAP
Server to be the KDC used for user authentication?
Yes
No
3.2.2.1
SmartCard Configuration
If SmartCard login is allowed, the PKI Authentication application needs to validate the response
from the Domain Controller.
It also must know the information to use from the card to lookup
other data (such as home directory) about the user.
3.2.2.1.1
Response Validation
To validate the response from the Domain Controller is coming from a trusted source, the
application must validate the certificate included in the Domain Controller’s response.
This
validation can be done in one of four ways:
MFP Certificate
Validation
The PKI Authentication Application gets the issuer of the certificate
contained in the Domain Controller’s response.
In this case, the
certificate of the Certificate Authority (CA) that issued the Domain
Controller’s certificate is considered trusted.
So if the certificate of the
CA that issued the certificate in the response is found installed on the
MFP, the response is considered trusted and the logon proceeds.
Otherwise, the logon will fail.