adclient.hash.deny

This configuration parameter specifies the list of users you want to prevent from having their password hash stored. By default, the Centrify agent stores a UNIX-style MD5 hash of each user’s password in the cache when the user is authenticated during login. Storing the password hash allows previously authenticated users to log on when the computer is disconnected from the network or Active Directory is unavailable.

Although the default behavior is to store the password hash for all users, you can use this parameter to explicitly list the users whose hashed passwords must not be stored in the cache. If you use this parameter, the users you specify cannot log on when the computer is disconnected from the network or Active Directory is unavailable. All other users are permitted to have their password hash stored and allowed to log on when the computer is disconnected from the network or Active Directory is unavailable.

The parameter value can be one or more user names. If more than one name, the names can be separated by commas or spaces. For example:

adclient.hash.deny: jdoe bsmith

If no user names are specified or the parameter is not defined in the configuration file, the password hash is stored for all users.