HP 635n HP Jetdirect Print Server Administrator's Guide (Firmware V.36) - Page 119
IKEv1 Phase 1 (Authentication
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 119 highlights
Table 5-10 Kerberos Settings page (continued) Item Description Encryption Type Specifies the encryption type supported by the HP Jetdirect print server. Key Version Number Specify the key version number for the encryption keys associated with the principal and password. Clock Skew A Kerberos installation uses clocks that are reasonably synchronized. Clock skew is a measure of allowed differences between clocks during transactions. When the HP Jetdirect print server checks time stamps of incoming packets from clients, the clock skew specifies the time interval (in seconds) within which the HP Jetdirect print server will accept a packet. If the time interval is exceeded, the packet will be discarded. NOTE: Timing differences between the HP Jetdirect print server and a domain controller depends on the clock skew configuration on the domain controller. Time Sync Period SNTP Server This parameter specifies the time interval (in minutes) that the HP Jetdirect print server requests to synchronize its clock with a Simple Network Time Protocol (SNTP) time server. If required, specify the Fully Qualified Domain Name (FQDN) or IP address of a Simple Network Time Protocol (SNTP) time server. By default, the SNTP server is the server used as the Key Distribution Center (KDC). IKEv1 Phase 1 (Authentication) Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to configure SA parameters for authentication and to securely generate IPsec session keys for encryption and authentication algorithms. Items on this page are described below. Table 5-11 IKE Phase 1 (Authentication) page Item Description Negotiation Mode (Required) IKE provides two modes of negotiation during an exchange for keys and security services to be used for a Security Association: Main: This mode features identity protection between the hosts and is slower but secure. Aggressive: This mode uses half the message exchanges. It is faster, but less secure than Main mode. Cryptographic Parameters Diffie-Hellman Groups (Required) A Diffie-Hellman exchange allows a secret key and security services to be securely exchanged between two hosts over an unprotected network. A Diffie-Hellman group determines the parameters to use during a DiffieHellman exchange. Multiple well-known Diffie-Hellman groups that will be used are listed. To change the entries in the list, click Edit. Selecting all the groups will result in a single negotiated group. Encryption and Authentication (Required) Select the encryption methods and strengths, and the authentication methods to be used. Selecting all the methods will result in a single negotiated method. Security Association SA Lifetime: (Required) Specify the lifetime, in seconds, that the keys associated with this Security Association will be valid. ENWW HP Jetdirect IPsec/Firewall Wizard 109