Smartcard Configuration; Response Validation - Lexmark X782e Installation Manual

Pki-enabled mfp pre-installation guide

Hide thumbs Also See for X782e:

User manual (312 pages)

Manual (154 pages)

Setup manual (62 pages)

Table Of Contents

Table of Contents

IP Address or Name: ______________________________________________

2. Kerberos Realm (which is typically the Windows Domain Name). There is usually only

one, but if more than one realm is used, a Kerberos Configuration File will need to be

uploaded to the MFP. See section 7.3, Kerberos Configuration File, for information on

generating this file.

□

One Kerberos Realm: ____________________________________________

□

Multiple Kerberos Realms: Please have configuration file ready at install time.

3. For added security, the Kerberos and LDAP implementations used by the MFP perform

reverse DNS lookups to verify IP Addresses. However, some networks have reverse

DNS lookups disabled so this may need to be disabled. Are reverse DNS lookups

disabled on the network that will be used by the MFP?

4. The KDC used for user authentication can also be set as the Default LDAP Server. This

can allow for greater flexibility in case multiple KDCs are specified so that the LDAP

server does not have to be set to only one of them. Do you want to set the default LDAP

Server to be the KDC used for user authentication?

3.2.2.1 SmartCard Configuration

If SmartCard login is allowed, the PKI Authentication application needs to validate the response

from the Domain Controller. It also must know the information to use from the card to lookup

other data (such as home directory) about the user.

3.2.2.1.1 Response Validation

To validate the response from the Domain Controller is coming from a trusted source, the

application must validate the certificate included in the Domain Controller's response. This

validation can be done in one of four ways:

MFP Certificate

Validation

Version 2.0.0

PKI Pre-Installation Guide

□

Yes

□

Yes

The PKI Authentication Application gets the issuer of the certificate

contained in the Domain Controller's response. In this case, the

certificate of the Certificate Authority (CA) that issued the Domain

Controller's certificate is considered trusted. So if the certificate of the

CA that issued the certificate in the response is found installed on the

MFP, the response is considered trusted and the logon proceeds.

Otherwise, the logon will fail.

□

Page 11

Table of Contents

Smartcard Configuration; Response Validation - Lexmark X782e Installation Manual

3.2.2.1 SmartCard Configuration

3.2.2.1.1 Response Validation

Related Manuals for Lexmark X782e

Related Content for Lexmark X782e

Table of Contents