diff --git a/core/trino-main/src/main/java/io/trino/server/security/KerberosAuthenticator.java b/core/trino-main/src/main/java/io/trino/server/security/KerberosAuthenticator.java
index 3c34e71e4b08..a21731210abb 100644
--- a/core/trino-main/src/main/java/io/trino/server/security/KerberosAuthenticator.java
+++ b/core/trino-main/src/main/java/io/trino/server/security/KerberosAuthenticator.java
@@ -87,12 +87,18 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name)
                         options.put("debug", "true");
                     }
                     if (config.getKeytab() != null) {
+                        options.put("storeKey", "true");
+                        options.put("useKeyTab", "true");
                         options.put("keyTab", config.getKeytab().getAbsolutePath());
                     }
+
+                    if (config.getKeyCache() != null) {
+                        options.put("useTicketCache", "true");
+                        options.put("renewTGT", "true");
+                        options.put("ticketCache", config.getKeyCache().getAbsolutePath());
+                    }
                     options.put("isInitiator", "false");
-                    options.put("useKeyTab", "true");
                     options.put("principal", servicePrincipal);
-                    options.put("storeKey", "true");
 
                     return new AppConfigurationEntry[] {new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options)};
                 }
diff --git a/core/trino-main/src/main/java/io/trino/server/security/KerberosConfig.java b/core/trino-main/src/main/java/io/trino/server/security/KerberosConfig.java
index 1ccb0f942127..b9bdcafcddda 100644
--- a/core/trino-main/src/main/java/io/trino/server/security/KerberosConfig.java
+++ b/core/trino-main/src/main/java/io/trino/server/security/KerberosConfig.java
@@ -27,10 +27,12 @@
 public class KerberosConfig
 {
     public static final String HTTP_SERVER_AUTHENTICATION_KRB5_KEYTAB = "http-server.authentication.krb5.keytab";
+    public static final String HTTP_SERVER_AUTHENTICATION_KRB5_KEYCACHE = "http-server.authentication.krb5.keycache";
 
     private File kerberosConfig;
     private String serviceName;
     private File keytab;
+    private File keyCache;
     private String principalHostname;
     private KerberosNameType nameType = HOSTBASED_SERVICE;
     private Optional<String> userMappingPattern = Optional.empty();
@@ -79,6 +81,19 @@ public KerberosConfig setKeytab(File keytab)
         return this;
     }
 
+    @FileExists
+    public File getKeyCache()
+    {
+        return keyCache;
+    }
+
+    @Config("http-server.authentication.krb5.keycache")
+    public KerberosConfig setKeyCache(File keyCache)
+    {
+        this.keyCache = keyCache;
+        return this;
+    }
+
     public String getPrincipalHostname()
     {
         return principalHostname;