configure identity-management kerberos snooping aging time

configure identity-management kerberos snooping aging time minutes

Description

Specifies the aging time for Kerberos snooping entries.

Syntax Description

minutes

Specifies the aging time in minutes. The range is 1 to 65535 minutes.

Default

N/A.

Usage Guidelines

Kerberos does not provide any service for un-authentication or logout. Kerberos does provide a ticket lifetime, but that value is encrypted and cannot be detected during snooping.

To enable the aging and removal of snooped Kerberos entries, this timer defines a maximum age for the snooped entry. When a MAC address with a corresponding Kerberos entry in Identity Manager is aged out, the Kerberos snooping timer starts. If the MAC address becomes active before the Kerberos snooping timer expires, the timer is reset and the Kerberos entry remains active. If the MAC address is inactive when the Kerberos snooping timer expires, the Kerberos entry is removed.

Example

The following command configures the aging time for 600 minutes:

* Switch.4 # configure identity-management kerberos snooping aging time 600

History

This command was first available in ExtremeXOS 12.4.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.