Renew credentials automatically

Specifies whether you want user credentials to be automatically reissued when they expire.

If this policy is enabled, Centrify DirectControl Agent keeps a hash of the user's password in memory indefinitely. If this policy is disabled, a user's credentials periodically expire and the user must be re-authenticated by re-entering a valid password.

If this policy is enabled, user credentials are automatically reissued, as needed, as long as the adclient process continues to run even if the computer is disconnected from Active Directory. If you stop or restart adclient, however, the user's password hash is removed from memory. After stopping or restarting adclient, users must be re-authenticated by logging on with a valid user name and password.

By default this policy is disabled.

This group policy modifies the krb5.cache.infinite.renewal setting in the Centrify DirectControl configuration file.

Supported on:

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Namekrb5.cache.infinite.renewal
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Skip items that end with

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Name{number}
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)