Xerox® Security Guide for Light Production Mono Class Products
The following modes are supported as the authentication methods in LDAP authentication. Since
authentication on LDAP server is executed through Simple Bind using plain text, there is a risk of
interception of User ID and password on network when LDAP protocol (port 389) is used. When LDAP
server supports LDAPS protocol that uses secure channel using TLS, interception of User ID and
password on network can be avoided by using LDAPS.
LDAP Authentication
Mode
Operation
Direct Login
Executes authentication (ldap_bind) on LDAP server using User ID and
password entered by user on local UI.
Search & Login
Searches user’s Login ID from LDAP server using the User ID entered by
user on local UI as a specific attribute (such as ID number), and executes
authentication (ldap_bind)
on LDAP server using the searched user’s
Login ID and entered password.
In Secure Access Authentication, since a secure channel communication using Secure Access
Authentication server and TLS is performed, interception of User ID and password on network can be
avoided. Communication between Secure Access card reader and Secure Access Authentication server
is encrypted by the supplier’s unique code (e.g. Equitrac Corporation).
Sequence of authentication performed by inserting card to Secure Access card reader is as follows:
1. The information on the card inserted to Secure Access card reader is read and notified to the Secure
Access authentication server. Then, the request for password confirmation is notified to the product
from the Secure Access authentication server. When the User ID is entered from the local UI, the User
ID is notified to the Secure Access authentication server from the product, and the request for
password confirmation is notified to the product from the Secure Access authentication server.
2. The product sends the entered password to the Secure Access Authentication server, and the Secure
Access Authentication server sends back the validation result to the product.
To access various features on the product from the remote, authentication is required as follows:
Feature
Operation
Mailbox
To access the Mailbox from the Scanner Driver / CentreWare Internet Services,
Mailbox number and password are required.
CentreWare
Internet Services
With “Authentication on the product (with password)” selected, the User ID and
password are required even to access the product from the browser.
Print Auditron
With the Print Auditron enabled, the User ID and password are required to be
set on the Printer Driver.
