This configuration parameter specifies the type of Kerberos credential cache that the agent (adclient) creates when an Active Directory user logs in. The parameter value can be set to FILE or KCM.
Note: The use of in-memory credential caches such as KCM is not supported on Mac OS X computers. In Mac OS X environments, credential caches are file-based, and setting this parameter has no effect.
If you set this parameter to FILE, the agent creates a file-based credential cache for each Active Directory user in /tmp when the user logs in. A file-based credential cache persists until the file is deleted.
If you set this parameter to KCM, the agent creates an in-memory credential cache for each Active Directory user when the user logs in. The Centrify-KCM service, run as root, manages in-memory credential caches. When the agent, adclient, starts up, if the parameter is set to KCM, adclient starts the KCM service. If you change the parameter from FILE to KCM while adclient is running, adclient starts the KCM service the next time it is forced to reload configuration parameters, for example, if you run the adreload command or if a user opens a new session.
Setting this parameter affects new users only — not users who have already logged in. For example, if you change from a file-based, to an in-memory credential cache, the agent will continue to use the file-based credential cache for any user who was logged in at the time of the change. If a logged in user opens a new session, or a new user logs in, the agent will use an in-memory cache for them.
An in-memory credential cache ends as soon as the Centrify-KCM service is stopped.
In most cases, you set this configuration parameter using group policy. You can, however, set it manually in the configuration file if you are not using group policy or want to temporarily override group policy.
The default parameter value is FILE, which specifies a file-based credential cache. To specify an in-memory credential cache, set the value to KCM. For example: