Specify whether adclient deletes credentials from the Kerberos cache if they are the specified number of days old.
If this group policy is Enabled, the credentials will be cleared for all users whether or not they are logged on, have active processes running, or are specified in the following group policy lists:
- Specify groups to infinitely renew Kerberos credentials
- Specify users to infinitely renew Kerberos credentials
You can configure this group policy by enabling it and setting the value to the age of the credential cache to be cleared, in days.
The default value for the group policy is 0 days, which means that this group policy does not clear any credential caches.
This group policy modifies the
krb5.cache.clean.force.max setting in the agent configuration file.