Setting Authorization Timers

Setting Authorization Timers

Although it is not all-important to configure and apparatus cut-through

proxy authentication, the uauth timer is an important affection to understand

to ensure that your proxy affidavit functions in the intended

manner. The uauth timer controls how frequently users charge to reauthenticate.

When a user is accurate via the cut-through proxy, the

PIX firewall caches acknowledged affidavit for a time aeon determined

by this timer. Once the time aeon expires, the user is appropriate to

reauthenticate by accouterment the username and countersign information

again. The PIX firewall does not alert the user for the authentication

information anon afterwards the uauth timer expires. It prompts the

user for the affidavit advice alone back a affiliation is

attempted afterwards the timer expires.

The uauth timer has two qualifiers that you can configure separately

to ascendancy reauthentication: cessation and absolute. The inactivity

qualifier requires users to reauthenticate afterwards a defined aeon of inactivity;

the complete qualifier requires users to reauthenticate afterwards an

absolute aeon of time. The afterward accepted guidelines should be followed

regarding the agreement of the uauth cessation and absolute

timers:

 Setting both timers to 0 disables affidavit caching and

requires the user to accredit for every connection

attempt.

 Do not set both timers to 0 if acquiescent FTP is actuality used

through the PIX firewall.

 Do not set both timers to 0 if the basic command is used

for Web authentication. (See the area blue-blooded “Virtual HTTP”

for details.)

 To reauthenticate users alone afterwards a aeon of inactivity, set

the cessation timer to the adapted continuance and set the absolute

timer to 0.

 Both timers can be configured, but ensure that the duration

for the complete timer is greater than the continuance for the

inactivity timer; otherwise, the cessation timer will never be

used.

The syntax for ambience the uauth timers is:

timeout uauth [absolute | inactivity]

If the complete or cessation keywords are not used, the absolute

timer is adjusted. To appearance the abeyance values, use the afterward command:

show abeyance uauth