Specifies the aging time for Kerberos snooping entries.
minutes |
Specifies the aging time in minutes. The range is 1 to 65535 minutes. |
N/A.
Kerberos does not provide any service for un-authentication or logout. Kerberos does provide a ticket lifetime, but that value is encrypted and cannot be detected during snooping.
To enable the aging and removal of snooped Kerberos entries, this timer defines a maximum age for the snooped entry. When a MAC address with a corresponding Kerberos entry in Identity Manager is aged out, the Kerberos snooping timer starts. If the MAC address becomes active before the Kerberos snooping timer expires, the timer is reset and the Kerberos entry remains active. If the MAC address is inactive when the Kerberos snooping timer expires, the Kerberos entry is removed.
The following command configures the aging time for 600 minutes:
* Switch.4 # configure identity-management kerberos snooping aging time 600
This command was first available in ExtremeXOS 12.4.