aam authentication relay kerberos instance

Kerberos Authentication Relay

This object configures an authentication-relay profile for Kerberos authentication.

instance Specification

Type Collection
Object Key(s) name
Collection Name instance-list
Collection URI /axapi/v3/aam/authentication/relay/kerberos/instance/
Element Name instance
Element URI /axapi/v3/aam/authentication/relay/kerberos/instance/{name}
Element Attributes instance_attributes
Statistics Data URI /axapi/v3/aam/authentication/relay/kerberos/instance/{name}/stats
Schema instance schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/aam/authentication/relay/kerberos/instance/

instance Attributes

Create List

POST

/axapi/v3/aam/authentication/relay/kerberos/instance/

instance Attributes

Get Object

GET

/axapi/v3/aam/authentication/relay/kerberos/instance/{name}

instance Attributes

Get List

GET

/axapi/v3/aam/authentication/relay/kerberos/instance/

instance-list

Modify Object

POST

/axapi/v3/aam/authentication/relay/kerberos/instance/{name}

instance Attributes

Replace Object

PUT

/axapi/v3/aam/authentication/relay/kerberos/instance/{name}

instance Attributes

Replace List

PUT

/axapi/v3/aam/authentication/relay/kerberos/instance/

instance-list

Delete Object

DELETE

/axapi/v3/aam/authentication/relay/kerberos/instance/{name}

instance Attributes

Get Stats

GET

/axapi/v3/aam/authentication/relay/kerberos/instance/{name}/stats

stats data

instance-list

instance-list is JSON List of instance Attributes

instance-list : [

instance Attributes

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

kerberos-account

Description: Specify the account name of a chosen KDC. Choose a KDC only when ACOS needs to communicate with the KDC. For every connection , you only need to select a KDC once.

Type: string

Format: string-rlx

kerberos-kdc

Description: Configure the host name or IP address of the KDC. This is a necessary component of constructing the Kerberos relay.

Type: string

Mutual Exclusion: kerberos-kdc and kerberos-kdc-service-group are mutually exclusive

kerberos-kdc-service-group

Description: Should the user want to assign multiple KDCs to the relay, this can be used to designate a service group to include multiple KDCs previously configured and assign them to the authentication relay. Priority to a KDC from the service group is selected based on a load balancing algorithm, and the authentication relay is identical to the single KDC scenario.

Type: string

Format: string-rlx

Mutual Exclusion: kerberos-kdc-service-group and kerberos-kdc are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

kerberos-realm

Description: Specify the name of the Kerberos realm secured by the AAA servers.

Type: string

name

Description: This command allows you to specify a Kerberos admin account name required to log onto the KDC.

Type: string

Required: Yes

password

Description: Specify the password required for logging onto the KDC.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port

Description: Specify the protocol port number on which the KDC listens for requests. There are no default authentication-relay profiles, but when you create one it has the default port listed below.

Type: number

Range: 1-65535

Default: 88

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

secret-string

Description: The kerberos client password

Type: string

Format: password

timeout

Description: Specify the maximum number of seconds ACOS waits for Kerberos server to respond to a request. If a request times out, ACOS aborts that request. There are no default authentication-relay profiles, but when you create one the timeout default is listed below.

Type: number

Range: 1-255

Default: 10

uuid

Description: uuid of the object

Type: string

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘request-send’: Request Send; ‘response-receive’: Response Receive; ‘current-requests-of-user’: Current Pending Requests of User; ‘tickets’: Tickets;

Type: string

Supported Values: all, request-send, response-receive, current-requests-of-user, tickets

stats data

Counter Size Description
current-requests-of-user 8 Current Pending Requests of User
response-receive 8 Response Receive
request-send 8 Request Send
tickets 8 Tickets