>>>>> "Greg" == Greg Hudson via RT <rt-comment@krbdev.mit.edu> writes:

    Greg> For client-driven cross-realm scenarios, I believe we should
    Greg> cache the TGTs we ask for, but not alternate TGTs.  If we
    Greg> cache alternate TGTs, we could have the same kind of scenario
    Greg> where we repeatedly cache an alternate TGT because the overall
    Greg> TGS operation fails.

Agreed.