Hi Kent010341,
Every ticket has a lifetime, which is determined by the policies of the Kerberos realm that generates the ticket.
Kerberos authentication are:
- Mutual authentication . The client can validate the identity of the server principal, and the server can validate the client. Throughout this documentation, the two entities are called the "client" and the "server" even though secure network connections can be made between servers.
- Secure authentication tickets . Only encrypted tickets are used, and passwords are never included in the ticket.
- Integrated authentication . Once a user is logged on, he does not need to log on again to access any service that supports Kerberos athentication as long as the client ticket has not expired. Every ticket has a lifetime, which is determined by the policies of the Kerberos realm that generates the ticket.
Please refer to this blog: FAQs Around Kerberos and SQL Server
When a TGT expires Windows automatically tries to renew it which is limited by Maximum lifetime for user ticket renewal.
Best regards,
Seeya
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".