Kerberos Settings, 9Kerberos | HP ew2500 802.11b/g Print Server

Table 5-9Kerberos page

Item	Description

Manually Specify	Manually configure the print server for Kerberos authentication. Click Next to display
Configuration	the Kerberos Settings page.

Import Configuration Files	Configure the print server for Kerberos authentication by importing configuration files.
	● conf File Enter or browse to the krb5.conf file. In the libdefaults section,
	include the default_realm andclockskew tag entries. In the realms section,
	include the kdc tag entry.
	● keytab File Enter or browse to a Kerberos keytab file. Use the Ktpass.exe
	command-line tool (the version prior to Windows Server 2008 Support Pack 1) to
	generate the keytab file. Use the principal name type KRB5_NT_PRINCIPAL, and
	the encryption type DES-CBC-MD5.
	● Time Sync Period Specify the time interval (in minutes) that the HP Jetdirect
	print server requests to synchronize its clock with a simple network time protocol
	(SNTP) time server.
	● SNTP Server Specify the FQDN or IP address of an SNTP time server, if
	required. By default, the SNTP server is the server used as the key distribution
	center (KDC).
	Click Next to return to the Identity Authentication page, and confirm that
	Kerberos status indicates that it is Configured.

Use the wizard to manually configure Kerberos account settings on the print server.

1.Use the Kerberos Settings page to provide Kerberos account and configuration settings.

2.Click Next to return to the Identity Authentication page, and confirm that Kerberos status indicates Configured.

Item	Description

KDC Server	FQDN of the domain controller used as the Kerberos KDC.
	The FQDN consists of the device's host name and domain name. For example,
	kdc01.support.hp.com is a fully qualified domain name, where kdc01 is the host
	name and support.hp.com is the domain name.

Principal Realm	Kerberos principal realm in the form principal@REALM.
	A unique principal name is associated with each Kerberos account. For the HP Jetdirect
	print server active directory account, the principal is the user name for the print server.
	A Kerberos realm is similar in concept to a Windows domain and contains all the
	users, computers and services within a Kerberos installation. The realm is case-
	sensitive, and is typically the DNS domain name specified in all uppercase characters.
	For example, if the domain name is hp.com, the realm is HP.COM.

Password	Password for the HP Jetdirect account configured on active directory.

Encryption Type	Encryption type supported by the HP Jetdirect print server.

116	Chapter 5 IPsec/Firewall configuration (V.40.xx)