Kerberos Caching Option

The default ticket lifetime is 600 minutes (10 hours) in the SSO > Kerberos configuration. The online help shows the following for the "Ticket Lifetime" settings.

Displays, in minutes (for example, 600 minutes would equate to 10 hours), the lifetime of Kerberos tickets obtained for the user. The value represents the maximum ticket lifetime, and the actual lifetime may be less by up to 1 hour. This is because user's ticket lifetime is the same as TGT lifetime. The TGT is a Kerberos Ticket Granting Ticket obtained for the delegation account specified in this configuration. The new TGT is fetched every time when current the TGT for that account is older than one hour. The new TGT can be fetched only when an SSO request is processed. The minimum lifetime that can be specified is 10 minutes. There is no maximum; however, most AD domains have this set to 10 hours (600 minutes), and you should not set the ticket lifetime in SSO configuration above what is specified in AD. The default value is 600 minutes.

I hope this helps!

Seth