Set password cache

Control which users can have a password hash stored in the local cache when they are authenticated at login.

By default, Centrify DirectControl Agent stores a UNIX-style SHA256 hash of each user's password in the cache when the user is authenticated during login. Storing the password hash allows previously authenticated users to log on when the computer is disconnected from the network or Active Directory is unavailable.

You can use these settings to allow or prevent which users will or will not have their password hash stored and how long passwords can remain in the cache.

- Allow password storage
If you set this option and specify a list of users, only those users can log on when the computer is disconnected from the network or Active Directory is unavailable. To list the specific users allowed to have their password hash stored, type the user names separated by commas or spaces.

- Deny password storage
If you set this option and specify a list of users, only those users are prevented from logging on when the computer is disconnected from the network or Active Directory is unavailable. To list the specific users who should not have their password hash stored, type the user names separated by commas or spaces. This setting overrides "Allow password storage" setting.

- Cache life
Specify the number of days a password hash for any user can be stored in the cache before it expires. A value of zero (0) specifies that the password hash should never expire. When enabled, the default value is 7.

This group policy modifies the following settings in the Centrify DirectControl configuration file:

adclient.hash.allow
adclient.hash.deny
adclient.hash.expires


Supported on:
Set banner path

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings
Value Nameadclient.hash.allow
Value TypeREG_SZ
Default Value/etc/issue

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)