Applies to: All versions of Centrify DirectControl on RedHat Linux.
Problem:
In KDE (Redhat manager), Centrify prompts for credentials all the time as shown below.
[title] Network Authentication
Please enter the password for 'username@DOMAIN'
Password: [..........]
Your credentials have expired
[Cancel] [Renew Ticket]
The command #adflush or #kdestroy followed by #kinit is not helping here. Parameter "krb5.cache.infinite.renewal:true" was added to /etc/centrifydc/centrifydc.conf in order to automatically reissue the user credentials when they expire.
The parameter "krb5.cache.renew.interval = 8" inside the /etc/centrifydc/centrifydc.conf file was changed to 0 so that adclient does not renew the existing Kerberos ticket to keep existing credentials valid.
Centrify DirectControl was restarted too. Still pop-ups occur. Any reason?
Workaround:
This is caused by sessions kept by KDE when the user logs out.
1. Disable the session save with "KDE Control Center -> Components -> Session Manager -> 'check' Restore Previous Session" .
2. Clean up "~HOME/.kde/share/config/ksmserverrc" file by deleting "krb5-auth-dialog" entries.
3. Login with KDE session several times. If one process named krb5-auth-dialog <session> can be found with using ps -ef|grep krb5-auth*, this issue is resolved.
Additional information can be found from following RedHat bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=514067
https://bugzilla.redhat.com/show_bug.cgi?id=344991
(Links provided as a courtesy)