Force Centrify DirectControl Agent to look up the complete principal name, including the Kerberos realm used as the key salt, from the KDC.
Enabling this policy is only required if you remove arcfour-hmac-md5 from the list of encryption types specified for the adclient.krb5.tkt.encryption.types parameter in the Centrify DirectControl configuration file and if you change a userPrincipalName attribute in Active Directory without changing the user's password.
Enabling this policy may cause "pre-auth required" warning messages to appear in the Active Directory event log.
This group policy modifies the adclient.force.salt.lookup setting in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Adclient |
Value Name | adclient.force.salt.lookup |
Value Type | REG_SZ |
Enabled Value | true |
Disabled Value | false |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Adclient |
Value Name | {number} |
Value Type | REG_DWORD |
Default Value |