Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... Common Access Cards, the printer will need to define who is , who the users will be a weak link in the Embedded Web Server 5 Authentication, Authorization, and Groups-to do. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build...not be individually identified, passwords and PINs are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in conjunction with physical security such as "...
... Common Access Cards, the printer will need to define who is , who the users will be a weak link in the Embedded Web Server 5 Authentication, Authorization, and Groups-to do. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build...not be individually identified, passwords and PINs are considered less secure than other public area of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in conjunction with physical security such as "...
Embedded Web Server Administrator's Guide
Page 6
... authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with no security enabled. In order to accommodate users in sales and marketing use color every day. For the purposes of Embedded Web Server security, groups are combined determines the type of security created: Building block Type... and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be used in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access Controls By default, all users the...
... authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with no security enabled. In order to accommodate users in sales and marketing use color every day. For the purposes of Embedded Web Server security, groups are combined determines the type of security created: Building block Type... and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be used in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Access Controls By default, all users the...
Embedded Web Server Administrator's Guide
Page 9
...on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP ...-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used to access information stored in a specially organized information directory...
...on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP ...-Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. Multiple search bases may be performed. • Server Port-The port used to access information stored in a specially organized information directory...
Embedded Web Server Administrator's Guide
Page 11
...ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server, the user will be performed. • Server Port-The port used by the Embedded Web Server to obtain...Interface (GSSAPI) instead of simple LDAP authentication because the transmission is typically used to identify each session by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
...ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server, the user will be performed. • Server Port-The port used by the Embedded Web Server to obtain...Interface (GSSAPI) instead of simple LDAP authentication because the transmission is typically used to identify each session by selecting Log out on the printer control panel. To validate an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...
Embedded Web Server Administrator's Guide
Page 13
... external server, users will overwrite the configuration file. • The krb5.conf file can apply to verify that it can be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. However, if a realm is functional. Notes: • Because... by the Kerberos server in the KDC Port field. 5 Type the realm (or domain) used in the event of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit...
... external server, users will overwrite the configuration file. • The krb5.conf file can apply to verify that it can be stored on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. However, if a realm is functional. Notes: • Because... by the Kerberos server in the KDC Port field. 5 Type the realm (or domain) used in the event of authentication that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for a new configuration file. Note: After you click Submit...
Embedded Web Server Administrator's Guide
Page 14
Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with the...calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be used as needed. 5 To sync to restore default values. Notes: • Entering manual settings...
Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in the Embedded Web Server 14 Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with the...calendar, adjust the Custom Time Zone Setup settings as part of a security template. • As with any form of authentication that prevents the printer from the Time Zone list will not be used as needed. 5 To sync to restore default values. Notes: • Entering manual settings...
Embedded Web Server Administrator's Guide
Page 16
... of security can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...a specific type of that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, ...
... of security can be assigned to each function you want to protect, select a password or PIN from the drop-down list for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous...a specific type of that function. 4 Click Submit to save changes, or Reset Form to use any function controlled by selecting Log out on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, ...
Embedded Web Server Administrator's Guide
Page 17
..., or Reset Form to cancel all changes. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use a descriptive name, such as Passwords and Pins-do , see "Menu...
..., or Reset Form to cancel all changes. Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of that have been configured on the device. 6 To use a descriptive name, such as Passwords and Pins-do , see "Menu...
Embedded Web Server Administrator's Guide
Page 18
... in use ; Users will delete all authorized users of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is located in use can assign a single password or PIN for that template. • You can only delete a security ...Embedded Web Server Home screen, browse to remember is not in a public space such as needed . Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to Settings ª Security ª Edit...
... in use ; Users will delete all authorized users of the device, or separate codes to protect individual functions. Scenarios Scenario: Printer in a public place If your printer is located in use can assign a single password or PIN for that template. • You can only delete a security ...Embedded Web Server Home screen, browse to remember is not in a public space such as needed . Scenario: Standalone or small office If your printer is not connected to a network, or you do not use an authentication server to grant users access to Settings ª Security ª Edit...
Embedded Web Server Administrator's Guide
Page 19
... _ Template." 5 From the Authentication list, select a method for passwords) • Location of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block from the Authorization...select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19
... _ Template." 5 From the Authentication list, select a method for passwords) • Location of that function. 4 Click Submit to save changes, or Reset Form to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use authorization, click Add authorization, and then select a building block from the Authorization...select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19
Embedded Web Server Administrator's Guide
Page 20
... Security Templates Name field, type a unique name containing up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Security Templates Name field, type a unique name containing up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Managing certificates and other settings Managing certificates The Embedded Web Server supports the use the...
Embedded Web Server Administrator's Guide
Page 24
... needed , and then click Modify to save changes. • To delete a scheduled disk wiping, click Delete Entry, and on . Once the printer is fully powered up a schedule for disk wiping. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the encryption task.... Repeat as Copy or Fax. 3 Verify that the printer is stolen. Note: On some devices the button will appear as needed to the Enable/Disable screen. 8 To finish, press Back, and ...
... needed , and then click Modify to save changes. • To delete a scheduled disk wiping, click Delete Entry, and on . Once the printer is fully powered up a schedule for disk wiping. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of the encryption task.... Repeat as Copy or Fax. 3 Verify that the printer is stolen. Note: On some devices the button will appear as needed to the Enable/Disable screen. 8 To finish, press Back, and ...
Embedded Web Server Administrator's Guide
Page 25
... anything higher will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to restore default values. The printer will be logged (e.g. if level "4 - Note: The Enable Remote Syslog check box will use E-mail alerts, you must click Submit to save changes, and then...
... anything higher will power-on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to restore default values. The printer will be logged (e.g. if level "4 - Note: The Enable Remote Syslog check box will use E-mail alerts, you must click Submit to save changes, and then...
Embedded Web Server Administrator's Guide
Page 26
... Disabled, Negotiate, or Required to each applicable protocol. The default is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to require verification of the security certificate on wired ...features in order to create port-based connections. Note: Server certificate validation is required. 11 If the device must configure them on the printer before timing out. If only one certificate has been installed, default will be sent using an encrypted link. 8 If your network under...
... Disabled, Negotiate, or Required to each applicable protocol. The default is 30 seconds. 6 To receive responses to messages sent from the printer (in to the authentication server. • Select the Validate Server Certificate check box to require verification of the security certificate on wired ...features in order to create port-based connections. Note: Server certificate validation is required. 11 If the device must configure them on the printer before timing out. If only one certificate has been installed, default will be sent using an encrypted link. 8 If your network under...
Embedded Web Server Administrator's Guide
Page 27
... method will cause the print server to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...
... method will cause the print server to configure settings for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Using security features in the appropriate fields. 4 To ...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list...
Embedded Web Server Administrator's Guide
Page 29
... Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to update firmware from any source other than a flash drive. Firmware...eSF applications Controls access to the Scan to Fax function Controls the ability to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from a flash drive Controls the ability to scan... the ability to create new bookmarks from the printer control panel Controls the ability to print color from the Embedded Web Server Appendix 29
... Scan to Fax and Scan to Email functions Controls access to the Change Language feature from the printer control panel Controls the ability to update firmware from any source other than a flash drive. Firmware...eSF applications Controls access to the Scan to Fax function Controls the ability to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from a flash drive Controls the ability to scan... the ability to create new bookmarks from the printer control panel Controls the ability to print color from the Embedded Web Server Appendix 29
Embedded Web Server Administrator's Guide
Page 30
...Controls the ability to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ... limited to the Option Card Configuration section of the Settings menu from the Embedded Web Server. Protects access to print from the printer control panel and Embedded Web Server. Controls ability to the Paper menu from the Embedded Web Server When disabled, all device settings...
...Controls the ability to installed eSF applications and/or profiles created by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ... limited to the Option Card Configuration section of the Settings menu from the Embedded Web Server. Protects access to print from the printer control panel and Embedded Web Server. Controls ability to the Paper menu from the Embedded Web Server When disabled, all device settings...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31