Manualshelf

HP Embedded Digital Sending - Configuring Embedded Kerberos Authentication

ManualsBrandsHP ManualsSoftwareHP MFP Digital Sending Software 4.0
14151617181920212223
16 configure
Troubleshooting
The following section covers three troubleshooting issues: Reverse DNS, Time
Synchronization, and Kerberos Realm Syntax.
Reverse DNS must be configured
Kerberos authentication uses reverse DNS in the authentication process. Reverse DNS
helps prevent Man In The Middleattacks, and adds an added level of security to
the Kerberos process. Kerberos authentication fails and will not operate in a network
environment that does not have reverse DNS enabled.
You can verify that reverse DNS is operational using the Nslookup command.
Nslookup (Name Server Look Up) is a standard tool available in most Windows,
Unix, and Linux environments. You can perform this operation in Windows with the
following steps:
Start > Run > cmd > Nslookup IP Address of the Kerberos Domain Controller
An example of a proper forward and reverse DNS lookup:
C:\>nslookup server1.technical.marketing.com
Server: server1.technical.marketing.com
Address: 10.0.0.1
Name: server1.technical.marketing.com
Address: 10.0.0.1
An example of an in-correct forward and reverse DNS lookup:
C:\>nslookup server1.technical.marketing.com
Server: server1.technical.marketing.com
Address: 10.0.0.1
Name: server1.technical.futuremarketing.com
Address: 10.0.0.1
Time Synchronization
Embedded Kerberos Authentication uses session tickets in the authentication process.
The session tickets are time stamped by both the Kerberos Domain Controller (KDC)
and the MFP.
It is essential that this time synchronization remain within five minutes of each other.
This can be accomplished by setting identical time on both the KDC and the MFP.