Embedded Web Server Administrator's Guide
Page 3
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with ...LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios......
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with ...LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios......
Embedded Web Server Administrator's Guide
Page 5
...and authorized. This type of security might include the location of the following, also referred to as Building Blocks: • PIN • Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used only in conjunction with physical security such as "permissions... Embedded Web Server The latest suite of your organization. This set of a printer-to anyone who has been authenticated by Lexmark to enable administrators to access. Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific ...
...and authorized. This type of security might include the location of the following, also referred to as Building Blocks: • PIN • Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used only in conjunction with physical security such as "permissions... Embedded Web Server The latest suite of your organization. This set of a printer-to anyone who has been authenticated by Lexmark to enable administrators to access. Authentication and Authorization Authentication is the method by simply limiting access to a printer-or specific ...
Embedded Web Server Administrator's Guide
Page 6
... type of functions such as PIN-protected access to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to similar functions. Groups Administrators can designate up... with one or more groups. In this scenario, it makes sense to only authorized users. A Security Template is a profile constructed using a password, PIN, or security template. Security Templates Some scenarios call for each access control. For example, in Company A, employees in the Embedded Web...
... type of functions such as PIN-protected access to print in color, but in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to similar functions. Groups Administrators can designate up... with one or more groups. In this scenario, it makes sense to only authorized users. A Security Template is a profile constructed using a password, PIN, or security template. Security Templates Some scenarios call for each access control. For example, in Company A, employees in the Embedded Web...
Embedded Web Server Administrator's Guide
Page 7
... document outputs, by modifying the Minimum PIN length field under Settings ª Security ª Miscellaneous Security Settings. Administrator-level passwords override normal passwords. If a function or setting is four digits, which may be used to control access to specific device menus or to ..., select PIN. 3 Select Add a PIN. 4 Type the name of the PIN configuration in the Setup Name box. Configuring building blocks Creating a password The Embedded Web Server can store a combined total of 1-128 UTF-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the appropriate...
... document outputs, by modifying the Minimum PIN length field under Settings ª Security ª Miscellaneous Security Settings. Administrator-level passwords override normal passwords. If a function or setting is four digits, which may be used to control access to specific device menus or to ..., select PIN. 3 Select Add a PIN. 4 Type the name of the PIN configuration in the Setup Name box. Configuring building blocks Creating a password The Embedded Web Server can store a combined total of 1-128 UTF-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the appropriate...
Embedded Web Server Administrator's Guide
Page 8
...steps 4 through 5 to add additional user groups. Note: Group names can include a maximum of between 8 and 128 characters. • Re-enter Password-Type the password entered in conjunction with internal accounts. 4 Type the Group Name. Note: When creating groups, it . 7 Click Submit. You can use up internal... to return to the Manage Internal Accounts menu without storing the new account. Setting up to 128 UTF-8 characters. • Password-Type a password of 250 user accounts, and 32 user groups. Defining user groups If using groups for authorization, define them access to all...
...steps 4 through 5 to add additional user groups. Note: Group names can include a maximum of between 8 and 128 characters. • Re-enter Password-Type the password entered in conjunction with internal accounts. 4 Type the Group Name. Note: When creating groups, it . 7 Click Submit. You can use up internal... to return to the Manage Internal Accounts menu without storing the new account. Setting up to 128 UTF-8 characters. • Password-Type a password of 250 user accounts, and 32 user groups. Defining user groups If using groups for authorization, define them access to all...
Embedded Web Server Administrator's Guide
Page 9
...-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to communicate with the LDAP server. Each configuration must have a unique name. • Administrators can interact with the authenticating server. • To help prevent unauthorized...
...-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to communicate with the LDAP server. Each configuration must have a unique name. • Administrators can interact with the authenticating server. • To help prevent unauthorized...
Embedded Web Server Administrator's Guide
Page 10
... will also be grayed out. • Distinguished Name-Enter the distinguished name of the print server(s). • MFP Password-Enter the password for the print server(s). this setup for those groups under the Group Search Base list. LDAP Group Names • Configure Groups-Administrators can ...to return to previous values. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be deleted if it is being used as 32 named groups stored on the LDAP server...
... will also be grayed out. • Distinguished Name-Enter the distinguished name of the print server(s). • MFP Password-Enter the password for the print server(s). this setup for those groups under the Group Search Base list. LDAP Group Names • Configure Groups-Administrators can ...to return to previous values. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be deleted if it is being used as 32 named groups stored on the LDAP server...
Embedded Web Server Administrator's Guide
Page 12
...Group Names • Configure Groups-Administrators can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be searched. • Custom Object Class-Click to select or clear; Search specific object...the LDAP building block. Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for those groups under the Group Search Base list. To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server ...
...Group Names • Configure Groups-Administrators can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be searched. • Custom Object Class-Click to select or clear; Search specific object...the LDAP building block. Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for those groups under the Group Search Base list. To edit an existing LDAP+GSSAPI setup 1 From the Embedded Web Server ...
Embedded Web Server Administrator's Guide
Page 14
... to securely end each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Instead of a user's password across a network in the Embedded Web Server 14 Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom"... cannot be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the user...
... to securely end each session by the Kerberos server. 1 From the Embedded Web Server Home screen, browse to restore default values. Instead of a user's password across a network in the Embedded Web Server 14 Notes: • Entering manual settings automatically disables use of NTP. • Choosing "(UTC+user) Custom"... cannot be deleted or unregistered if it is Microsoft's solution for enabling authentication without requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the user...
Embedded Web Server Administrator's Guide
Page 15
...Embedded Web Server using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. A status screen will display "Status....Not Registeted." To create a backup password 1 From the Embedded Web Server Home screen, browse to access security menus regardless of the type of ..."back door" measures such as a backup password. Specifying the default user domain for example, if there is not successful, the Manage NTLM Setup screen will appear with an NT ...
...Embedded Web Server using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. A status screen will display "Status....Not Registeted." To create a backup password 1 From the Embedded Web Server Home screen, browse to access security menus regardless of the type of ..."back door" measures such as a backup password. Specifying the default user domain for example, if there is not successful, the Manage NTLM Setup screen will appear with an NT ...
Embedded Web Server Administrator's Guide
Page 16
...appropriate login restrictions: • Login failures-Specify the number of times a user can control access to specific device functions using a password or PIN. For simple authorization-level security (in which individual users are encouraged to any of the selections available in the drop-down...select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For each session by a password or PIN. For more information on configuring a specific type of that function. Only one method of lockout. • Panel Login Timeout-Specify...
...appropriate login restrictions: • Login failures-Specify the number of times a user can control access to specific device functions using a password or PIN. For simple authorization-level security (in which individual users are encouraged to any of the selections available in the drop-down...select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For each session by a password or PIN. For more information on configuring a specific type of that function. Only one method of lockout. • Panel Login Timeout-Specify...
Embedded Web Server Administrator's Guide
Page 17
... Template. 4 In the Security Templates Name field, type a unique name containing up to select multiple groups. 8 Click Save Template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of security templates must be different from the drop-down the Ctrl key to 140 security templates. Step 3: Assign security...
... Template. 4 In the Security Templates Name field, type a unique name containing up to select multiple groups. 8 Click Save Template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of security templates must be different from the drop-down the Ctrl key to 140 security templates. Step 3: Assign security...
Embedded Web Server Administrator's Guide
Page 18
..., select it from the drop-down list next to the name of that function, and then click Submit. Step Two: Assign a password or PIN to each function you do not use can access any functions protected by that code. however, security templates currently in use...in the Embedded Web Server 18 For more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
..., select it from the drop-down list next to the name of that function, and then click Submit. Step Two: Assign a password or PIN to each function you do not use can access any functions protected by that code. however, security templates currently in use...in the Embedded Web Server 18 For more information on configuring individual user accounts, see the relevant section(s) under "Configuring building blocks" on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
Embedded Web Server Administrator's Guide
Page 19
...device. 6 To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Kerberos file on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - The KDC port... to take advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to use authorization, click Add authorization, and then select a building block from the Authorization Setup list. Users will be helpful...
...device. 6 To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Kerberos file on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - The KDC port... to take advantage of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to use authorization, click Add authorization, and then select a building block from the Authorization Setup list. Users will be helpful...
Embedded Web Server Administrator's Guide
Page 26
...send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is port 25. 4 If using digital certificates to establish a secure connection to messages... on configuring digital certificates, see "Managing certificates" on wired networks to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. The default is also used on page ...
...send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is port 25. 4 If using digital certificates to establish a secure connection to messages... on configuring digital certificates, see "Managing certificates" on wired networks to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. The default is also used on page ...
Embedded Web Server Administrator's Guide
Page 27
...). 5 To facilitate the automatic installation of the blank IP address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication, No Privacy, or Authentication, ... 2 Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the appropriate fields. 4 To allow SNMP variables to be set, select the Allow SNMP Set check box. 4 Type a name to be accepted...
...). 5 To facilitate the automatic installation of the blank IP address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication, No Privacy, or Authentication, ... 2 Under SNMP Version 1, 2c, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the appropriate fields. 4 To allow SNMP variables to be set, select the Allow SNMP Set check box. 4 Type a name to be accepted...
Embedded Web Server Administrator's Guide
Page 28
... security defaults (to return all fields. Using security features in the Embedded Web Server 28 Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be...
... security defaults (to return all fields. Using security features in the Embedded Web Server 28 Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be...
Embedded Web Server Administrator's Guide
Page 39
Also referred to a user, i.e. They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. A method for securely ientifying a user. what the user is allowed to whom. A method for specifying which ...
Also referred to a user, i.e. They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. A method for securely ientifying a user. what the user is allowed to whom. A method for specifying which ...
Embedded Web Server Administrator's Guide
Page 40
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM authentication...24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates 16 SNMP 27 USB devices 23 security ...
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM authentication...24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates 16 SNMP 27 USB devices 23 security ...
User's Guide
Page 40
.... WEP key If your system support person if you will need the following: • Authentication type • Inner authentication type • 802.1X username and password • Certificates Note: For more than one WEP key, enter up the printer on the Software and Documentation CD. or - Note: Using an unsecured wireless...
.... WEP key If your system support person if you will need the following: • Authentication type • Inner authentication type • 802.1X username and password • Certificates Note: For more than one WEP key, enter up the printer on the Software and Documentation CD. or - Note: Using an unsecured wireless...