The renew credentials action can be invoked by:
Additionally, if the Monitor credential expiration option is enabled for all identities or for a specific identity, then those credentials will be automatically renewed whenever possible before they expire.
An identity must be selected before invoking the renew credentials action.
Not all credentials can be renewed. The actual logic of renewing the credentials is up to each credentials provider. In general, NetIDMgr will invoke each credentials provider to renew their respective credentials. For Kerberos v5, if the initial ticket is renewable and not expired, then it will obtain a renewed initial ticket. For Kerberos v4, once a renewed Kerberos v5 initial ticket is obtained, it will try to use a Krb524 translator to obtain a new Kerberos v4 initial ticket.
Attempts to renew renewable credentials are performed at half-life intervals and 15 minutes before expiration automatically, by default. The actual time at which a renewal is performed can be changed in the Notifications configuration panel. Automatic renewals can also be disabled.