I have been reading about Mac OS X 10.5 Leopard Server and non-Server lately, and I was surprised to realize how many different authentication & authorization systems are running each with its own timer.

  1. Access to the "console" (keyboard/video/mouse): Ends when you log out or the locking screen saver kicks in.
  2. Authentication for administrative actions in Carbon/Cocoa programs (such as modifying system directories in the Finder): 5 minutes (I believe).
  3. Apple Keychain: Doesn't lock automatically unless you configure it in Keychain Access.
  4. ssh-agent (now linked to the Apple keychain): Clears when you reboot or when the Apple keychain locks.
  5. Kerberos V (both client-server and client-client): Apparently TGTs expire after 10 hours by default.
  6. sudo: 5 minutes by default.