A Kudu client can open a connection to kudu-master or kudu-tserver and keep that connection open indefinitely by issuing some method at least once every --rpc_default_keepalive_time_ms interval (e.g., call Ping() method). This means there isn't a limit on how long an client can have access to cluster once it's authenticated, unless kudu-master and kudu-tserver processes are restarted. When fine-grained authorization if enforced, this issue is really benign because such lingering clients are unable to call any methods that require authz token to be provided.
It would be nice to address this by providing an option to terminate connections which were established long time ago. Both the interval of the maximum connection lifetime and whether to terminate over-the-TTL connections should be controlled by flags.