diff --git a/src/cli/one_helper/oneuser_helper.rb b/src/cli/one_helper/oneuser_helper.rb
index b816995f75..9fe2a15370 100644
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@@ -349,8 +349,21 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
         puts str % ["SECONDARY GROUPS", groups.join(',') ] if groups.size > 1
         puts str % ["PASSWORD",    user['PASSWORD']]
         puts str % ["AUTH_DRIVER", user['AUTH_DRIVER']]
-        puts str % ["LOGIN_TOKEN", user['LOGIN_TOKEN/TOKEN']] if !user['LOGIN_TOKEN/TOKEN'].nil?
-        puts str % ["TOKEN VALIDITY", "not after #{Time.at(user['LOGIN_TOKEN/EXPIRATION_TIME'].to_i)}"] if !user['LOGIN_TOKEN/EXPIRATION_TIME'].nil?
+
+        if !user['LOGIN_TOKEN/TOKEN'].nil?
+            puts str % ["LOGIN_TOKEN", user['LOGIN_TOKEN/TOKEN']]
+
+            etime = user['LOGIN_TOKEN/EXPIRATION_TIME']
+
+            validity_str = case etime
+                when nil  then ""
+                when "-1" then "not expires"
+                else "not after #{Time.at(etime.to_i)}"
+            end
+
+            puts str % ["TOKEN VALIDITY", validity_str ]
+        end
+
         puts str % ["ENABLED",
             OpenNebulaHelper.boolean_to_str(user['ENABLED'])]
 
diff --git a/src/cli/oneuser b/src/cli/oneuser
index 14607e3993..45caef1bf4 100755
--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@@ -121,7 +121,10 @@ cmd=CommandParser::CmdParser.new(ARGV) do
         :name  => "time",
         :large => "--time x",
         :format => Integer,
-        :description => "Token duration in seconds, defaults to 3600 (1 h)"
+        :description => "Token duration in seconds, defaults to 36000 (10 h). "\
+                        "To reset the token set time to 0." \
+                        "To generate a non-expiring token use -1"\
+                        " (not valid for ssh and x509 tokens). "\
     }
 
     DRIVER={
@@ -339,7 +342,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
 
     command :login, login_desc, :username, :options=>login_options do
 
-        options[:time] ||= 3600
+        options[:time] ||= 36000
 
         helper.login(args[0], options)
     end
diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index e73d6da3d4..54fda3b750 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -446,16 +446,25 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
         return;
     }
 
-    if (valid <= 0) //Reset token
+    if (valid == 0) //Reset token
     {
         user->login_token.reset();
 
         token = "";
     }
-    else
+    else if (valid > 0 || valid == -1)
     {
         token = user->login_token.set(token, valid);
     }
+    else
+    {
+        failure_response(XML_RPC_API,
+            request_error("Wrong valid period for token",""), att);
+
+        user->unlock();
+
+        return;
+    }
 
     pool->update(user);
 
diff --git a/src/um/LoginToken.cc b/src/um/LoginToken.cc
index f05cecdd74..8b7e4982da 100644
--- a/src/um/LoginToken.cc
+++ b/src/um/LoginToken.cc
@@ -24,7 +24,8 @@ using namespace std;
 
 bool LoginToken::is_valid(const string& user_token) const
 {
-    return ((user_token == token) && (time(0) < expiration_time));
+    return ((user_token == token) &&
+            ((expiration_time == -1) || (time(0) < expiration_time)));
 }
 
 /* -------------------------------------------------------------------------- */
@@ -32,7 +33,18 @@ bool LoginToken::is_valid(const string& user_token) const
 
 const std::string& LoginToken::set(const std::string& user_token, time_t valid)
 {
-    expiration_time = time(0) + valid;
+    if (valid == -1)
+    {
+        expiration_time = -1;
+    }
+    else if (valid > 0 )
+    {
+        expiration_time = time(0) + valid;
+    }
+    else
+    {
+        expiration_time = 0;
+    }
 
     if (user_token.empty())
     {