Force dzdo re-authentication when relogin

Force dzdo re-authentication when relogin.

When users authenticate with dzdo once, a ticket will be temporarily created per tty. This ticket allows dzdo commands to run without re-authentication in a short period (e.g. 5 minutes), and this ticket will be re-used when user login again.

If this setting is enabled, the tickets will be removed when user logout. Thus users are forced to authenticate again once relogin and call dzdo. Default is false, i.e. dzdo tickets are not cleared when user logout.

This group policy modifies the adclient.dzdo.clear.passwd.timestamp setting in the Centrify DirectControl configuration file.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Dzdo
Value Nameadclient.dzdo.clear.passwd.timestamp
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Set as user default keychain
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Dzdo
Value Nameadclient.dzdo.clear.passwd.timestamp
Value TypeREG_DWORD
Default Value1
True Value1
False Value0
Delete the Password protected 'Login' Keychain after login
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Dzdo
Value Nameadclient.dzdo.clear.passwd.timestamp
Value TypeREG_DWORD
Default Value0
True Value1
False Value0

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)