| Note: Make sure that the network connection between the printer and the authenticating server is configured properly. For more information, contact your system administrator. |
From the Embedded Web Server, navigate to the configuration page for the application:
Apps > Smart Card Authentication Client > Configure
From the Smart Card Setup section, in the Kerberos Information menu, select either of the following:
Use device Kerberos setup file—A Kerberos configuration file must be installed on the printer manually. Do the following:
From the Embedded Web Server, click Settings > Security > Login Methods.
From the Network Accounts section, click Add Login Method > Kerberos.
From the Import Kerberos File section, browse to the appropriate krb5.conf file.
If your network does not use reverse DNS lookup, then from the Miscellaneous Settings section, select Disable Reverse IP Lookups.
Click Save and Verify.
Use simple Kerberos setup—A Kerberos file is created on the printer automatically. Specify the following:
Realm—The realm must be typed in uppercase.
Domain Controller—Use commas to separate multiple values. The domain controllers are validated in the order listed.
Domain—The domain that must be mapped to the Kerberos realm specified in the Realm field. Use commas to separate multiple domains.
| Note: The domain is case sensitive. |
Timeout—Enter a value from 3 to 30 seconds.
In the Domain Controller Validation menu, select the method for validating the domain controller certificate.
| Note: Before configuring this setting, make sure that the appropriate certificates are installed on the printer. For more information, see Installing certificates manually. |
Use device certificate validation—The CA certificate that is installed on the printer is used.
Use device chain validation—The entire certificate chain that is installed on the printer is used.
Use OCSP validation—The OCSP server is used. The entire certificate chain must be installed on the printer. From the Online Certificate Status Protocol (OCSP) section, configure the following:
Responder URL—The IP address or host name of the OCSP responder or repeater, and the port number used. Use commas to separate multiple values.
For example, , where is the IP address or host name, and is the port number.
Responder Certificate—The X.509 certificate is used.
Responder Timeout—Enter a value from 5 to 30 seconds.
Allow Unknown Status—Users can log in even if the status of one or more certificates is unknown.
Click Apply.