Force password salt lookup from KDC
Force the Centrify Agent to look up the complete principal name, including the Kerberos realm used as the key salt, from the KDC. Enabling this policy is only required if you remove arcfour-hmac-md5
from the list of encryption types specified for the adclient.krb5.tkt.encryption.types
parameter in agent configuration file and if you change a userPrincipalName
attribute in Active Directory without changing the user’s password.
Enabling this policy may cause “pre-auth required” warning messages to appear in the Active Directory event log.
This group policy modifies the adclient.force.salt.lookup
setting in the agent configuration file.