Managing Authentication And Authorization Methods; Understanding The Basics - Lexmark C54x Administrator's Manual

Managing authentication and authorization methods

Managing authentication and authorization
methods

Understanding the basics

Securing a printer through the Embedded Web Server involves combining one or more components to define who is
allowed to use the printer, and which functions those users are allowed to access. Available components include
Authentication, Authorization, and Groups.
Create a plan that identifies who the users will be and what they will need to do before configuring printer security.
Items to consider might include:
•
The location of the printer and whether authorized persons have access to that area
•
Sensitive documents that will be sent to or stored on the printer
•
Information security policies of your organization
Authentication and authorization
Authentication is the method by which a system securely identifies a user.
Authorization specifies which functions are available to a user who has been authenticated by the system. This set of
authorized functions is also referred to as "permissions."
There are two levels of security that are supported based on the product definition. Simple security only supports
internal device authentication and authorization methods. More advanced security permits internal and external
authentication and authorization as well as additional restriction capability for management, function, and solution
access. Advanced security is supported for those devices that permit the installation of additional solutions to the
device.
Simple security uses Panel PIN Protect to restrict user access to the printer control panel and Web Page Password
Protect to restrict administrator access to the device. For more information, see
control restriction" on page 9
page 8.
Advanced‑security devices support the following:
•
PIN and password restrictions in addition to the other authentication and authorization specified
•
Multiple local authentication functions that support PIN, password, and user name‑password combinations
•
Standard network authentication through LDAP, LDAP+GSSAPI, Kerberos, and Active Directory
Authorization can be specified individually or by groups (either local or network). Devices that support advanced-level
security are capable of running installed solutions, which permits usage of card readers to provide advanced two-factor
authentication.
and "Creating a Web page password and applying access control restrictions" on
"Creating a PIN and applying access
5