Maximum Ticket Lifetime
The maximum ticket lifetime (maxtktlife attribute) is the maximum amount of time in hours that a ticket issued to a principal is valid. When a client requests a ticket to a server, the lifetime that is granted to the ticket takes into account the maximum ticket lifetime that is set for both the server and the client. The lifetime that is granted will not exceed the shorter of the server's and client's maximum ticket lifetime.
You define maximum ticket lifetime with the dcecp maxtktlife attribute in the following form:
maxtktlife hours
where hours is a number that indicates the number of hours that a ticket issued to a principal is valid.
The shorter you make the maximum ticket lifetime, the greater the security of the system. However, extremely frequent renewal can cause processing overhead. The maximum ticket lifetime that you set needs to take into consideration system performance and the level of security that you require.
Note that you can set this time for individual accounts by using the account modify command.