PaperCut calls the AD API on the local Windows system, and the PaperCut software does not collect passwords over the network to any remote server, as this is handled by AD itself. Q How does PaperCut authenticate with Active Directory?Ĭommunication between the PaperCut server and Active Directory (AD) is provided and secured by the Windows operating system. In addition, PaperCut also encrypts all user’s Personal Identification Numbers used to secure card numbers. This use of a secure one-way hash ensures that users’ passwords are kept private even if someone has access to the PaperCut database. Internal user passwords are stored in the PaperCut database as a one-way hash in line with security best practice - a BCrypt sum factored from a combination of username + password + a salt. This account is kept separate from the directory user accounts ensuring that administrator level login is still possible even during a directory outage. The built-in admin password is stored in a one-way salted hashed format in the server.properties file. The only exceptions to this rule are the built-in admin user account and PaperCut internal accounts. Caching or storing passwords is regarded as a security risk. PaperCut does not store any user passwords and instead interrogates the directory service in real-time. User authentication is performed by the operating system - usually via a directory service such as Active Directory or LDAP. Our article, Secure your PaperCut NG/MF server, collects all our best advice for security-conscious customers about locking down your PaperCut application server. Q What about advice on securing our PaperCut server? Take a look at: PaperCut Security white paper Q Does PaperCut have a print security best practice checklist?Ībsolutely! We have pooled our knowledge and created a comprehensive Print Security whitepaper that will help you not only make the most of PaperCut’s security features but also help you secure your entire print infrastructure.
0 kommentar(er)
