Cisco ASA Series Cli Configuration Manual page 1858

Understanding How KCD Works
Command
Step 1
webvpn
Step 2
show aaa kerberos
Step 3
show aaa kerberos [username user | host ip |
hostname]
•
user—Used to view the Kerberos tickets of a specific
user
•
hostname—Used to view the Kerberos tickets issued for
a specific host
Example:
ASA# show aaa kerberos
Default Principal
Service Principal
asa@example.COM
18:33:00
kcduser@example.COM06/29/10 17:33:00
17:33:00
kcduser@example.COM06/29/10 17:33:00
17:33:00
ASA# show aaa kerberos username kcduser
Default Principal
Service Principal
kcduser@example.COM06/29/10 17:33:00
17:33:00
kcduser@example.COM06/29/10 17:33:00
17:33:00
ASA# show aaa kerberos host owa.example.com
Default Principal
Service Principal
kcduser@example.COM06/29/1006/30/10 17:33:00
http/owa.example.com@example.COM
ASA# show aaa kerberos username kcduser
Default Principal
Service Principal
kcduser@example.COM06/29/10 17:33:00
17:33:00
kcduser@example.COM06/29/10 17:33:00
17:33:00
ASA# show aaa kerberos host owa.example.com
Default Principal
Service Principal
kcduser@example.COM06/29/10
17:33:00
Cisco ASA Series CLI Configuration Guide
1-50
Valid Starting
06/29/10 18:33:00 06/30/10
krbtgt/example.COM@example.COM
06/30/10
asa$/example.COM@example.COM
06/30/10
http/owa.example.com@example.COM
Valid Starting Expires
06/30/10
asa$/example.COM@example.COM
06/30/10
http/owa.example.com@example.COM
Valid Starting Expires
Valid Starting Expires
06/30/10
asa$/example.COM@example.COM
06/30/10
http/owa.example.com@example.COM
Valid Starting Expires
06/30/10
http/owa.example.com@example.COM
Function
Switches to webvpn configuration mode.
Displays all Kerberos tickets cached on the ASA.
Shows sample output returned from this command.
Expires
Chapter 1 Configuring Clientless SSL VPN