What happens when the kerberos ticket expires?

Question

I am using kerberos/spnego authentication with spring security to authenticate users from Active directory services, client is windows 7. I have a concern with the kerberos ticket renewal process. I understand the ticket is valid for 10 hrs, what will happen when a user launches and application which uses kerboros ticket and the ticket present on his machine has expired, will the browser automatically request a new ticket to the AD server or the authentication fail?

Answer 1

No, he won't be able to request a service ticket anyway. It is highly likely that Windows will prompt for your password again. You cannot request new service tickets with an expired TGT.