Lexmark MX718 Embedded Web Server--Security: Administrator s Guide - Page 19
Configuring Kerberos 5 for use with LDAP+GSSAPI, Notes, Delete List, Settings, Security
View all Lexmark MX718 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Managing authentication and authorization methods 19 Notes: • Click Delete List to delete all LDAP+GSSAPI setups in the list. • An LDAP+GSSAPI building block cannot be deleted if it is being used as part of a security template. Configuring Kerberos 5 for use with LDAP+GSSAPI Note: This feature is available only in advanced‑security devices. Kerberos 5 can be used by itself for user authentication, but it is most often used with the LDAP+GSSAPI building block. While only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that file can apply to multiple realms and Kerberos Domain Controllers (KDCs). An administrator must anticipate the different types of authentication requests that the Kerberos server might receive, and configure the krb5.conf file to handle these requests. Notes: • Because only one krb5.conf file is used, uploading or resubmitting a simple Kerberos file overwrites the configuration file. • The krb5.conf file can specify a default realm. But if a realm is not specified in the configuration file, then the first realm specified is used as the default realm for authentication. • Some types of authentication relies on an external server. If an outage prevents the printer from communicating with the server, then users are able to access protected device functions. • To help prevent unauthorized access, log out from the printer after each session. Creating a simple Kerberos configuration file 1 From the Embedded Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click Kerberos 5. 3 Type the KDC (Key Distribution Center) address or host name in the KDC Address field. 4 Enter the number of the port (between 1 and 65535) used by the Kerberos server in the KDC Port field. The default port number is 88. 5 Type the realm (or domain) used by the Kerberos server in the Realm field. 6 Click Submit to save the information as a krb5.conf file on the selected device, or Reset Form to reset the fields and start again. Uploading a Kerberos configuration file 1 From the Embedded Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click Kerberos 5. 3 Click Browse, and then select the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device. The Embedded Web Server automatically tests the krb5.conf file to verify that it is functional. Notes: • To reset the field and search for a new configuration file, click Reset Form. • To remove the Kerberos configuration file from the selected device, click Delete File.