This configuration parameter specifies a list of UNIX users for whom you don't want adclient to automatically renew their Kerberos credential caches. This parameter is useful in situations where you need to directly manage certain users' Kerberos caches.

Specify each user by the user’s UNIX name. Separate the names in the list using a comma.

For example, to specify that adclient doesn't renew these three users' Kerberos credential caches:

krb5.cache.renew.exclusion: admin,paula,jeffrey

Alternatively, you can using the file: keyword to specify a separate file that contains UNIX user names.

For example:

krb5.cache.renew.exclusion: file:/etc/centrifydc/renew.exclude

You can put a UNIX user name in each single line, and be sure to run the adreload command after modifying the file to have the changes take effect.

The default value for this parameter is empty.