Quanah Gibson-Mount via RT writes: > Sam Hartman via RT wrote: >> I strongly suspect that the context is ending when it expires and that >> SASL needs to do a better job of catching this error and reporting a >> connection problem. > Just to be clear, the problem happens when the ticket cache is > refreshed. I.e., the tickets for the existing SASL/GSSAPI connection > hadn't actually yet expired, just the ticket cache was refreshed with > new tickets. I can understand why the SASL/GSSAPI context would be > closed out on *expiration* but I think a refresh shouldn't have this > effect. ;) This makes me wonder what in GSS-API is looking at the ticket cache. I would have thought that once the GSS-API context was established and authentication was finished, there wouldn't be further need to look at the Kerberos ticket cache, but apparently that's not correct? -- Russ Allbery (rra@stanford.edu)