Xerox® Security Guide for Light Production Mono Class Products
2) LDAP authentication
3) SMB authentication
Description of each authentication function follows.
Kerberos authentication can avoid password interception and replay attack by using Kerberos protocol.
The authentication steps using Kerberos are:
a. A user enters the User ID and password from the Local User Interface on the product. The product
encrypts the entered User ID and time stamp into authentication identifier using the password, and
sends the authentication identifier to the Kerberos server.
b. The Kerberos server decrypts the authentication identifier using the stored user password, to
authenticate and obtain the included time stamp. Then, the server checks the validity of the time
stamp. When the time stamp is correct, the Kerberos server creates a Session Key and encrypts it
using the user password.
c. The Kerberos server sends back the Initial Ticket that includes the encrypted Session Key to the
product.
d. The product decrypts the Session Key included in the Initial Ticket that the product received, using the
entered password. When the decryption completes in success, the user is authenticated.
In SMB authentication, through the negotiation with SMB authentication server, the appropriate
authentication method is determined by examining from the highest level (i.e. NVLMv2). User selects
pre-registered SMB domain name, and executes authentication by entering User ID and password.
SMB Authentication
Method
This is supported by Windows OS of WinNT-SP4 and later. By
challenge/response, authentication is executed without sending password
directly to network. The authentication level is higher than NTLMv1
authentication.
This is supported by Windows OS of WinNT and later. By
challenge/response, authentication is executed without sending password
directly to network.
This is the authentication method adopted on LAN Manager. This is
supported by Windows OS of Win95 and later. By challenge/response,
authentication is executed without sending password directly to network.
This is more vulnerable than NVLMv1 authentication.
This is an authentication using plain text.
To Next Page
Loading...
Need help?
General