How to force an AD user to re-authenticate for every dzdo operation
Applies to:
All versions of Centrify DirectControl on all supported platforms
Question:
Is there a way to require an AD user to re-authenticate for every operation which dzdo is used?
Answer:
There dzdo.timestamp_timeout parameter in /etc/centrifydc/centrifydc.conf will specify how many minutes between operations which dzdo does not need to re-authenticate.Changing the value of dzdo.timestamp_timeout to 0 will result in AD users being prompted for re-authentication for every dzdo operation.
Default: #dzdo.timestamp_timeout: 5
Change: dzdo.timestamp_timeout: 0
Parameter can also be applied with the following group policy: Controlled by group policy under the settings "Computer Configuration" -> "Centrify Settings" -> "DirectControl Settings" -> "Dzdo Settings" -> "Set dzdo authentication timeout interval"
For additional information on the use of these parameters, please refer to our official 'Configuration and Tuning Refrence Guide' which can be found via: https://www.centrify.com/support/documentation/server-suite/#2016-planning