Specify groups to infinitely renew Kerberos credentials

Specify list of groups whose user members' Kerberos credentials require infinite renewal even after users have logged out.

The specified groups must be Active Directory groups (no need to be zone enabled). Group names should be in format e.g. "[email protected]".

All zone enabled users who are members of the groups specified, including members of any nested groups and the users whose primary group is set to one of the groups specified, will have their Kerberos credentials renewed (or reissued) automatically.

This group policy modifies the krb5.cache.infinite.renewal.batch.groups setting in the Centrify DirectControl configuration file.

Supported on:

Skip items whose name is

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Name{number}
Value TypeREG_DWORD
Default Value

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)