configure identity-management kerberos snooping aging time
Description
Specifies the aging time for Kerberos snooping entries.
Syntax Description
minutes |
Specifies the aging time in minutes. The range is 1 to 65535 minutes. |
Default
N/A.
Usage Guidelines
Kerberos does not provide any service for un-authentication or logout. Kerberos does provide a ticket lifetime, but that value is encrypted and cannot be detected during snooping.
To enable the aging and removal of snooped Kerberos entries, this timer defines a maximum age for the snooped entry. When a MAC address with a corresponding Kerberos entry in Identity Manager is aged out, the Kerberos snooping timer starts. If the MAC address becomes active before the Kerberos snooping timer expires, the timer is reset and the Kerberos entry remains active. If the MAC address is inactive when the Kerberos snooping timer expires, the Kerberos entry is removed.
Example
The following command configures the aging time for 600 minutes:
* Switch.4 # configure identity-management kerberos snooping aging time 600
History
This command was first available in ExtremeXOS 12.4.
Platform Availability
This command is available on all platforms.