krb5.cache.infinite.renewal

This configuration parameter specifies whether you want user credentials to be automatically reissued when they expire. The parameter value can be set to true or false. If you set this parameter to true, the agent keeps a hash of the user’s password in memory indefinitely. If you set this parameter to false, a user’s credentials periodically expire and the user must be re-authenticated by re-entering a valid password.

If you set this parameter to true, user credentials are automatically reissued, as needed, as long as the adclient process continues to run even if the computer is disconnected from Active Directory. If you stop or restart adclient, however, the user’s password hash is removed from memory. After stopping or restarting adclient, users must be re-authenticated by logging on with a valid user name and password.

The default parameter value is false. For example:

krb5.cache.infinite.renewal: false