Applies to: Centrify Direct Control 5.2.3 - 5.4.0 on all supported platforms.
Infinite kerberos renewal for batch user/group will fail before re-issuing a new ticket. This causes a period of time where the ticket is expired.
The infinite renewal will always try to renew first. Centrify will only re-issue if the renewal attempt fails. This leaves a period of time where the Kerberos ticket is expired and no longer valid before we re-issue a new ticket.
Upgrade to 2017.1 (5.4.1)
Ensure the user can read the keytab file.
a. The file keytab_123456 needs the following permissions:
b. The directory, in this case, /var/centrifydc/renewal needs to have the following permissions