adclient.hash.allow

This configuration parameter specifies the list of users you want to allow to have their password hash stored. By default, the Delinea Agent stores a UNIX-style SHA256 hash of each user’s password in the cache when the user is authenticated during login. Storing the password hash allows previously authenticated users to log on when the computer is disconnected from the network or Active Directory is unavailable.

Although the default behavior is to store the password hash for all users, you can use this parameter to explicitly list the users whose hashed passwords are stored in the cache. If you use this parameter, only the users you specify can log on when the computer is disconnected from the network or Active Directory is unavailable.

The parameter value can be one or more user names. If more than one name, the names can be separated by commas or spaces. For example:

adclient.hash.allow: jdoe bsmith

If no user names are specified or the parameter is not defined in the configuration file, the password hash is stored for all users.