Allow PAM to create user Kerberos credential cache

Specify whether user Kerberos credential cache is created in PAM.

If enabled, a user Kerberos credential cache will be created by adclient. The Kerberos credential cache could be file based or KCM in-memory mode, depending on setting krb5.cache.type.

If disabled, no user Kerberos credential cache will be created by adclient.

The default value is true when it is not configured.

Note that, when set to disabled, no user Kerberos credential cache is created and any attempt to do SSO operation is expected to fail.

This group policy modifies the pam.auth.create.krb5.cache setting in the Centrify DirectControl configuration file.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Namepam.auth.create.krb5.cache
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Skip items whose name contains

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Name{number}
Value TypeREG_DWORD
Default Value

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)