1. Manuals
  2. Brands
  3. Lexmark Manuals
  4. All in One Printer
  5. X782E
  6. Installation manual

Lexmark X782e Installation Manual page 36

Pki-enabled mfp pre-installation guide
Hide thumbs Also See for X782e:
Table of Contents

Advertisement

The IP address or fully qualified domain name for the Windows Domain Controller described in
section 3.2.2, item 1 should be used for the kdc and default_domain fields in the [realms] section
of the example below.
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = #####_DOMAIN.NAME.MIL_#####
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 12h
default_etypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc
default_etypes_des = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc
default_tgt_enctypes = arcfour-hmac-md5 DES-CBC-MD5 DES-CBC-CRC
default_tgs_enctypes = arcfour-hmac-md5 DES-CBC-MD5 DES-CBC-CRC
[appdefaults]
[realms]
Each supported Kerberos Realm needs to be listed in this section; repeat all of
the following for each realm.
#####_DOMAIN.NAME.MIL_##### = {
KDCs can be listed in either ip address or fully qualified domain name. More
than one KDC can be listed. If the first KDC cannot be contacted, then the next
KDC is contacted. This process repeats until all KDCs are contacted. Note that
if multiple KDCs are used, certificate chains will need to be present in the MFP
for all KDCs.
kdc = tcp/#####_ip_address_or_name_of_domain_controller_#####
default_domain = #####_same_as_kdc_#####
pkinit_require_eku = false
pkinit_require_krbtgt_otherName = false
Microsoft implemented to "draft" versions of the IETF Kerberos PKINIT
specifications. This resulted in some slight differences between software
supporting the final IETF specification and those supporting the Microsoft
implementations. This configuration flag informs the firmware to use the
Microsoft format for PKINIT protocol commands.
pkinit_win2k = yes
pkinit_win2k_require_binding = no
}
[domain_realm]
Define a mapping between domain names found in the user's certificate and
the Kerberos realm. The lines with "." allow for matching with names before
suffix – i.e. "dc1.mil" matches ".mil" but not "mil". It is acceptable to map
multiple domain names to the same realm.
.mil = #####_DOMAIN.NAME.MIL_#####
Version 2.0.0
PKI Pre-Installation Guide
Page 32

Advertisement

Table of Contents
loading

Related Manuals for Lexmark X782e

Related Products for Lexmark X782e

Table of Contents