configure identity-management kerberos snooping server

configure identity-management kerberos snooping add server ip_address
configure identity-management kerberos snooping delete server [ip_address |all]

Description

Adds or deletes a Kerberos server to the Kerberos server list.

Syntax Description

ip_address

Specifies a Kerberos server IP address to add or delete.

all

Specifies that all Kerberos server list entries are to be deleted.

Default

No servers are in the Kerberos server list.

Usage Guidelines

When no servers are configured in the Kerberos server list, the Kerberos snooping feature processes responses from all Kerberos servers, which can expose the system to simulated logins. To avoid this exposure, you can configure a list of up to 20 valid Kerberos servers. When the Kerberos server list contains one or more entries, the switch only processes responses from the Kerberos servers in the list.

Example

The following command adds the Kerberos server at IP address 10.10.10.1 to the Kerberos server list:

* Switch.4 # configure identity-management kerberos snooping add server 10.10.10.1

History

This command was first available in ExtremeXOS 12.4.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.