426
Keychain commands
accept-lifetime utc
Use accept-lifetime utc to set the receiving lifetime for a key of a keychain in absolute time mode.
Use undo accept-lifetime to restore the default.
Syntax
accept-lifetime utc start-time start-date { duration { duration-value | infinite } | to end-time
end-date }
undo accept-lifetime
Default
The receiving lifetime is not configured for a key of a keychain.
Views
Key view
Predefined user roles
network-admin
Parameters
start-time: Specifies the start time in the HH:MM:SS format. The value range for this argument is
0:0:0 to 23:59:59.
start-date: Specifies the start date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for
YYYY is 2000 to 2035.
duration duration-value: Specifies the lifetime of the key, in the range of 1 to 2147483646 seconds.
duration infinite: Specifies that the key never expires after it becomes valid.
to: Specifies the end time and date.
end-time: Specifies the end time in the HH:MM:SS format. The value range for this argument is 0:0:0
to 23:59:59.
end-date: Specifies the end date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for
YYYY is 2000 to 2035.
Usage guidelines
A key becomes a valid accept key when the following requirements are met:
• A key string has been configured.
• An authentication algorithm has been specified.
• The system time is within the specified receiving lifetime.
If an application receives a packet that carries a key ID, and the key is valid, the application uses the
key to authenticate the packet. If the key is not valid, packet authentication fails.
If the received packet does not carry a key ID, the application uses all valid keys in the keychain to
authenticate the packet. If the packet does not pass any authentication, packet authentication fails.
An application can use multiple valid keys to authenticate packets received from a peer.
Examples
# Set the receiving lifetime for key 1 of the keychain abc in absolute time mode.
<Sysname> system-view
To Next Page
Loading...
Need help?
General
