krb5.cache.clean.exclusion

This configuration parameter specifies a list of users whose credentials in the Kerberos cache will not be deleted during a periodic Kerberos cache clean-out of unlogged-in users.

Each user is specified by the user’s UNIX name. Separate the names in the list using a comma.

For example, to specify that three users be excluded from periodic credential clean-up:

krb5.cache.clean.exclusion: admin,paula,jeffrey

This parameter is useful in a batch processing environment where a logged-out user may leave behind running processes that require Kerberos credentials. It allows some users’ credentials to remain for processes while cleaning out all other users’ credentials.

The default value for this parameter is empty.