Ticket-Granting Ticket Lifetimes and Service Ticket Lifetimes
The authentication service never grants a principal a service ticket with a lifetime that exceeds the time remaining in the principal's ticket-granting ticket lifetime. For example, if 2 hours remain in the life of a principal's ticket-granting ticket and the principal requests or accepts a default of 4 hours for a service ticket's lifetime, only the 2-hour lifetime is granted.
If the renewable ticket flag (the renewabletkt attribute) is set on for a principal's account, the lifetime of the principal's ticket-granting ticket also affects the renewal of service tickets. No service ticket is renewed with a lifetime that exceeds the remaining lifetime of the principal's ticket-granting ticket. Service tickets are normally renewed for the lifetime that is allocated to the original ticket. If the original time exceeds the lifetime of the ticket-granting ticket, the ticket is renewed only for the time remaining to the ticket-granting ticket.