Xerox M123/M128 manual Remote Authentication Setup, Page 8 of

Remote Authentication Setup

The M123/M128 device performs user authentication using Kerberos for windows and Kerberos for Solaris. When enabled, user access to scanning features (excluding scan to mailbox) will be prevented for un-authorized users. Access to the scanning features will be enabled once the user is authenticated by Kerberos.

However, since the username/password provided to utilize the scanning features (i.e. Scan to SMB, Scam to FTP, e-mail, Network Scanning) IS NOT the same username / password used to authenticate with the Kerberos server, tracking each user when accessing the networking features of the device will not be possible.

The following procedure describes how Kerberos works with different scanning functions.

Scan to E-Mail:

•The user selects <Scan to email>

•A login/password popup is displayed requiring the user to provide a username and password to the Kerberos server.

•The user enters the login and password.

•The device passes the login and password to the Kerberos server and if a match is found the user is successfully authenticated.

•“From:” field of the e-mail is automatically populated with the device login name and e-mail address created at the time of the device configuration.

•If SMTP server requires authentication, the device will use the SMTP username/password created at the configuration of the device to send an email to the server.

Scan to FTP/SMB:

•The user selects <Scan to FTP/SMB>

•A login/password popup will be displayed to authenticate users with the Kerberos server.

•The user enters the login and password.

•The login and password is passed on to the Kerberos server and if a match is found the user is successfully authenticated.

•The user needs to enter a valid login and password for the FTP/SMB server. This may or may not be the user’s Kerberos login/password, rather it is a login/password that is accepted by the FTP/SMB server.