Maximum Ticket Renewable Time
Note: Renewable ticket functionality is not currently used by DCE RPC when refreshing service tickets. However, it is supported by the DCE Security Server and is useful for Kerberos V5 applications that use the DCE Security Server as a KDC.
The maximum ticket renewable time (maxtktrenew attribute) that you set determines the maximum amount of time in hours before a principal's ticket-granting ticket expires and the time the principal must log in again to reauthenticate and obtain another ticket-granting ticket. The shorter you make the maximum ticket renewable time, the greater the security of the system. However, since users must log in again to renew their ticket-granting ticket, the time needs to take into consideration user convenience and the level of security that your cell requires.
You define maximum ticket renewable time with the dcecp maxtktrenew attribute in the following form:
maxtktrenew hours
where hours is a number that indicates the number of hours before a principal's ticket-granting ticket expires.
Note that you can set this time for individual accounts by using the account modify command.