Dell B3465dnf Mono Embedded Web Server -- Security Administrators Guide - Page 17

Configuring Kerberos 5 for use with LDAP+GSSAPI, To edit an existing LDAP+GSSAPI setup

Get Dell B3465dnf Mono PDF manuals and user guides View all Dell B3465dnf Mono manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Using security features in the Embedded Web Server 17 To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click LDAP+GSSAPI. 3 Select a setup from the list. 4 Make any needed changes in the LDAP Configuration dialog. 5 Click Modify to save the changes, or Cancel to return to previous values. To delete an existing LDAP+GSSAPI setup 1 From the Embedded Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click LDAP+GSSAPI. 3 Select a setup from the list. 4 Click Delete Entry to remove the profile, or Cancel to return to previous values. Notes: • Click Delete List to delete all LDAP+GSSAPI setups in the list. • An LDAP+GSSAPI building block cannot be deleted if it is being used as part of a security template. Configuring Kerberos 5 for use with LDAP+GSSAPI Note: This is available only in select printer models. Though it can be used by itself for user authentication, Kerberos 5 is most often used in conjunction with the LDAP +GSSAPI building block. While only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that krb5.conf file can apply to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must anticipate the different types of authentication requests the Kerberos server might receive, and configure the krb5.conf file to handle all such requests. Notes: • Because only one krb5.conf file is used, uploading or resubmitting a simple Kerberos file will overwrite the configuration file. • The krb5.conf file can specify a default realm. However, if a realm is not specified in the configuration file, then the first realm specified will be used as the default realm for authentication. • As with any form of authentication that relies on an external server, users will not be able to access protected device functions if an outage prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click Kerberos 5. 3 Type the KDC (Key Distribution Center) address or host name in the KDC Address field. 4 Enter the number of the port (between 1 and 88) used by the Kerberos server in the KDC Port field.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
To edit an existing LDAP+GSSAPI setup
1
From the Embedded Web Server, click
Settings
>
Security
>
Security Setup
.
2
Under Advanced Security Setup, click
LDAP+GSSAPI
.
3
Select a setup from the list.
4
Make any needed changes in the LDAP Configuration dialog.
5
Click
Modify
to save the changes, or
Cancel
to return to previous values.
To delete an existing LDAP+GSSAPI setup
1
From the Embedded Web Server, click
Settings
>
Security
>
Security Setup
.
2
Under Advanced Security Setup, click
LDAP+GSSAPI
.
3
Select a setup from the list.
4
Click
Delete Entry
to remove the profile, or
Cancel
to return to previous values.
Notes:
Click
Delete List
to delete all LDAP+GSSAPI setups in the list.
An LDAP+GSSAPI building block cannot be deleted if it is being used as part of a security template.
Configuring Kerberos 5 for use with LDAP+GSSAPI
Note:
This is available only in select printer models.
Though it can be used by itself for user authentication, Kerberos 5 is most often used in conjunction with the LDAP
+GSSAPI building block. While only one Kerberos configuration file (krb5.conf) can be stored on a supported device,
that krb5.conf file can apply to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must
anticipate the different types of authentication requests the Kerberos server might receive, and configure the krb5.conf
file to handle all such requests.
Notes:
Because only one krb5.conf file is used, uploading or resubmitting a simple Kerberos file will overwrite the
configuration file.
The krb5.conf file can specify a default realm. However, if a realm is not specified in the configuration file, then
the first realm specified will be used as the default realm for authentication.
As with any form of authentication that relies on an external server, users will not be able to access protected
device functions if an outage prevents the printer from communicating with the authenticating server.
To help prevent unauthorized access, users are encouraged to securely end each session by selecting
Log out
on
the printer control panel.
Creating a simple Kerberos configuration file
1
From the Embedded Web Server, click
Settings
>
Security
>
Security Setup
.
2
Under Advanced Security Setup, click
Kerberos 5
.
3
Type the KDC (Key Distribution Center) address or host name in the KDC Address field.
4
Enter the number of the port (between 1 and 88) used by the Kerberos server in the KDC Port field.
Using security features in the Embedded Web Server
17