Specify maximum Kerberos credential cache lifetime

Specify maximum lifetime of TGT in days before adclient removes its Kerberos credential cache from the system forcibly.

When TGT in the credential cache reaches its maximum lifetime, the cache will be removed regardless if the owner is still logged in, or has running processes, or the user is specified in krb5.cache.clean.exclusion, krb5.cache.infinite.renewal.batch.users or krb5.cache.infinite.renewal.batch.groups list.

This group policy modifies the krb5.cache.clean.force.max setting in the Centrify DirectControl configuration file. The default value is 0, which means never.

Supported on:
Skip items whose name is

Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Kerberos
Value Name{number}
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)