![background image](http://html.mh-extra.com/html/hp/jetdirect-640n/jetdirect-640n_administrators-manual_163697127.webp)
Table 5-10
Kerberos Settings page (continued)
Item
Description
Clock Skew
Clock skew is a measure of allowed differences between clocks during transactions.
A Kerberos installation uses clocks that are reasonably synchronized. When the
HP Jetdirect print server checks time stamps of incoming packets from clients, the
clock skew specifies the time interval (in seconds) within which the HP Jetdirect print
server accepts a packet. If the time interval is exceeded, the packet is discarded.
NOTE:
Timing differences between the HP Jetdirect print server and a domain
controller depends on the clock skew configuration on the domain controller.
Time Sync Period
Time interval (in minutes) that the HP Jetdirect print server requests to synchronize
its clock with an SNTP time server.
SNTP Server
FQDN or IP address of an SNTP time server, if required. By default, the SNTP server
is the server used as the KDC.
IKEv1/IKEv2 Phase 1 (Authentication)
Use IKE to create security associations dynamically. Configure SA parameters for authentication and
to securely generate IPsec session keys for encryption and authentication algorithms. Items on this
page are described in the following table.
Table 5-11
IKEv1/IKEv2 Phase 1 (Authentication) page
Item
Description
Negotiation Mode
(Required) IKE provides two modes of negotiation during an exchange for keys and
security services to be used for a Security Association:
Main
Uses identity protection between the hosts. This method is slower but secure.
Aggressive
Uses half the message exchanges. It is faster, but less secure.
Cryptographic Parameters
(Required)
Diffie-Hellman Groups
Allows a secret key and security services to be
securely exchanged between two hosts over an unprotected network. A Diffie-
Hellman group determines the parameters to use during a Diffie-Hellman exchange.
Multiple well-known Diffie-Hellman groups are listed.
IKEv1 supports up to DH-18.
IKEv2 supports up to DH-24.
To change the entries in the list, click
Edit
. Selecting all the groups results in a single
negotiated group.
Encryption
and
Authentication
(Required) Encryption methods and strengths, and the authentication methods to
use.
Selecting all the methods results in a single negotiated method.
Security Association
(Required) Specify the
SA Lifetime
, in seconds (30 to 86400), that the keys
associated with this security association are valid.
IKEv1/IKEv2 Phase 2 / Quick Mode (IPsec Protocols)
Items on this page are described in the following table.
ENWW
HP Jetdirect IPsec/Firewall wizard 117
Summary of Contents for Jetdirect 640n
Page 2: ......
Page 3: ...HP Jetdirect Print Servers Administrator s Guide Firmware V 45 xx nn ...
Page 24: ...14 Chapter 2 HP software solutions summary ENWW ...
Page 114: ...104 Chapter 4 HP Embedded Web Server V 45 xx nn xx ENWW ...
Page 148: ...138 Chapter 7 Troubleshoot the HP Jetdirect print server ENWW ...
Page 202: ...192 Appendix C HP Jetdirect control panel menus V 45 xx nn xx ENWW ...
Page 220: ...210 Appendix D Open source licensing statements ENWW ...
Page 226: ...216 Index ENWW ...
Page 227: ......
Page 228: ... 2012 Hewlett Packard Development Company L P www hp com ...