Github user dyozie commented on a diff in the pull request:
https://github.com/apache/incubator-hawq-docs/pull/131#discussion_r143875135
--- Diff: markdown/clientaccess/kerberos.html.md.erb ---
@@ -515,6 +516,53 @@ Valid starting Expires Service principal
After generating a ticket, you can connect to a HAWQ database as a
kerberos-authenticated user using `psql` or other client programs.
+### <a id="change_ticket"></a>Changing the Ticket Renewal Interval
+
+The lifetime of the Kerberos ticket may need to be changed. The ticket
lifetime is the minimum of the following values:
+
+* `max_life` in `kdc.conf` on the KDC servers.
+* `ticket_lifetime` in `krb5.conf` on the client
+* maxlife for the user principal
+* maxlife for the service principal in krbtgt\[REALM\]
+* maxlife for the AFS service principal "afs/[realm_in_lower_case]"
+* the requested lifetime in the ticket request
+
+**Note:** The kdc.conf file supplements krb5.conf for programs using KDC.
The kdc.conf file contains defaults used when issuing Kerberos tickets, as well
as KDC configuration information.
+
+On starting HAWQ, the Resource Manager initializes the kerberos ticket to
expire after 12 hours. On KDC servers, this interval can be even longer. (Your
specific configuration may differ from these standards, so set the ticket to
renew before your system ticket lifetime.) Reset the
`server_ticket_renew_interval` to renew prior to the default value and restart
the cluster to have the new value take effect.
+
+You will perform different procedures if you use Ambari for cluster
management or manage your cluster from the command line.
+
+ 1. If you manage your cluster using Ambari:
+
+ 1. Login to the Ambari UI from a supported web browser.
+
+ 2. Navigate to the **HAWQ** service, **Configs > Advanced** tab and
expand the **Custom hawq-site** drop down.
+
+ 3. Set the value of `server_ticket_renew_interval` to renew prior
to the default interval. For example set `server_ticket_renew_interval` to
18000000. This will renew the ticket every five hours.
+
+ 4. **Save** this configuration change and then select the now
orange **Restart > Restart All Affected** menu button to restart your HAWQ
cluster.
+
+ 5. Exit the Ambari UI.
+
+ 2. If you manage your cluster from the command line:
+
+ 1. On all KDC servers, open the KDC configuration file
`/etc/krb5kdc/kdc.conf` and change `max_life` to a value less than the renewal
interval.
--- End diff --
Verify with dev that this is something we want to document for all.
---
