Chapter 2
2-3
F-2-2
If 'Log on using' is selected, the account and password to be used with SMTP AUTH can be specified individually. In that case, if 'Log on using Secue Password
Authentication' is selected, encoding is carried out by TSL(SSL), using the STARTTTLS command.
<SMTP AUTH related user error codes>
The related new user error codes are #839 and #843. For details, refer to the section on Troubleshooting.
2.1.2 Authentication at RX
0020-7897
The username and the password flow by the plaintext in the reception form by past POP3. And POP3 logs in POP server at a short cycle. Therefore, the password
is easily stolen in POP3.
Enable the password to encrypt and to be attested by using APOP and POP AUTH. APOP is defined by RFC1939, and executed with UNIX system POP server,
and POP AUTH is defined by RFC2449, and executed with the MS Exchange server.In addition, if POP server supports the SSL(TLS) encryption by the STLS
instruction, not only the password but also the entire reception packet can be encrypted.
"POP AUTH Method " exists in Aditional Function >Network Settings >E-mail/I FAX >Authent./Encryption , and it is possible to select it from Standard / APOP
/ POP AUTH .
APOP and POP AUTH are executed respectively when APOP and POP AUTH are selected, and when Standard is specified, the authentication by the username
and the password is executed.
Default: It is Standard.
APOP
APOP authentication procedures are as follows.
(1) As a greeting message when connecting to POP server, the server returns the character strings consisting of the time stamp and the host name to the client. The
client links these character strings with the password character strings, and creates the message digest by MD5 from the linked character strings.
(2) With the APOP command, the client returns the message digest created with the user name to the server.
(3) Message digest is created in the POP server with the same algorism. By comparing this created digest and the digest from the client, if both digests are the same,
the password is considered as the correct one.
Greeting message when connecting to the server includes the time stamp, so analyzing is difficult since the created message digest changes every time.
Different from the POP AUTH described later, there is no protocol to check whether or not the server is supporting APOP from the client, so the user have to decide
whether or not APOP is used and set User mode.
If the server does not support APOP and the user uses APOP, an error occurs. When the error occurs at the APOP authentication, "APOP Authentication Error" is
displayed on the status line for certain time.
Following items are the examples of communication.
S: +OK POP3 server ready <[email protected]>
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: +OK maildrop has 1 message (369 octets)
C: :
When the server connection, the password "tanstaaf" character strings of the user mrose is linked after "<[email protected]>" message. Character
strings of "<[email protected]>tanstaaf" is hashed by MD5, then it becomes "c4c9334bac560ecc979e58001b3e22fb".
For actual settings, set as follows. System Settings > Network Settings > E-mail/I-Fax > Authent./ Encryption > POP AUTH Method >APOP.
POP AUTH
POP AUTH uses the authentication mechanism of SASL(Simple Authentication and Security Layer) provided in RFC2222 and conducts the user authentication by
returning the user name and password information as a response to the server challenge and its data from the server. This is standardized as RFC1734 "POP3 AU-
THentication command". By the CAPA command extended in RFC2449 "POP3 Extension Mechanism", you can know the capability which the server has, and
SASL authentication algorism which the server supports is included in one capability and returned by the SASL tag.
<Authentication mechanism>
In the POP server, multiple authentication mechanisms can be possessed and the authentication mechanism is set according to the security policy which the server
administrator decides. E-mail client application selects the authentication algorism from the specified authentication algorism and performs the authentication at
the transmission. This device supports the following authentication algorism.
CRAM-MD5
Challenge-Response Authentication Mechanism calculated using MD5 algorism with the key based on the HMAC-MD5 (RFC2104).
Note:
Currently, POP AUTH server in the field are mostly made by Microsoft and NTLM authentication is used. CRAM-MD5 is installed, but there is no server which
the operations are checked, so the evaluation has not performed. For this reason, POP AUTH operations with CRAM-MD5 are not supported.
NTLM
Authentication method of Windows NT
User name has to be set in the form of "User name@ NT domain name".
Example:
Windows2000 or former: User name\\CANON (Domain name can be omitted according to the environment.)
Windows 2000: User [email protected] (Domain name can be omitted according to the environment.)
Summary of Contents for Color Universal Send Kit-Q1
Page 1: ...SERVICE MANUAL Color Universal Send Kit Q1 JANUARY 21 2009 ...
Page 2: ......
Page 6: ......
Page 9: ...Chapter 1 Specifications ...
Page 10: ......
Page 12: ......
Page 17: ...Chapter 2 Functions ...
Page 18: ......
Page 20: ......
Page 43: ...Chapter 3 Installation ...
Page 44: ......
Page 46: ......
Page 59: ...Chapter 4 Maintenance ...
Page 60: ......
Page 62: ......
Page 94: ......
Page 95: ...Jan 21 2009 ...
Page 96: ......