Force password salt lookup from KDC

Force the Centrify agent to look up the complete principal name, including the Kerberos realm used as the key salt, from the KDC. Enabling this policy is only required if you remove arcfour-hmac-md5 from the list of encryption types specified for the adclient.krb5.tkt.encryption.types parameter in agent configuration file and if you change a userPrincipalName attribute in Active Directory without changing the user’s password.

Enabling this policy may cause “pre-auth required” warning messages to appear in the Active Directory event log.

This group policy modifies the adclient.force.salt.lookup setting in the agent configuration file.