krb5.cache.infinite.renewal.batch.users

This configuration parameter specifies a list of users whose Kerberos credentials require infinite renewal even after the users have logged out.

Requirements to use this parameter:

• The users must be zone enabled (that is, mapped users are not supported).

• The users must log into the desired system once using the Account Password.

You can use any of the following formats to specify user names:

unixName
userPrincipleName
SamAccountName
SamAccountName@domain

For example:

krb5.cache.infinite.renewal.batch.users: test_user, test_user@example.com, test_user_sam, test_user_sam@example.com

By default, this parameter does not list any users.

You can also use group policy to set this parameter.