Specify Users to Infinitely Renew Kerberos Credentials

Specify a list of users whose Kerberos credentials require infinite renewal even after the users have logged out. Users that you specify must be zone enabled (that is, mapped users are not supported). If this group policy is enabled, user credentials are renewed automatically.

You can use any of the following formats to specify user names:

unixName

userPrincipleName

sAMAccountName

sAMAccountName@domain

For example:

test_user

test_user@example.com

test_user_sam

test_user_sam@example.com

By default, this group policy is disabled.

This group policy modifies the krb5.cache.infinite.renewal.batch.users setting in the agent configuration file.