Specify maximum Kerberos credential cache lifetime

Specify whether adclient deletes credentials from the Kerberos cache if they are the specified number of days old.

If this group policy is Enabled, the credentials will be cleared for all users whether or not they are logged on, have active processes running, or are specified in the following group policy lists:

You can configure this group policy by enabling it and setting the value to the age of the credential cache to be cleared, in days.

The default value for the group policy is 0 days, which means that this group policy does not clear any credential caches.

This group policy modifies the krb5.cache.clean.force.max setting in the agent configuration file.