Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id E14803DEDC; Mon, 22 Aug 2011 20:46:24 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7N0kOkv001780; Mon, 22 Aug 2011 20:46:24 -0400
Received: from mailhub-auth-1.mit.edu (MAILHUB-AUTH-1.MIT.EDU [18.9.21.35]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7N0jh6w001630 for <krb5-bugs-incoming@PCH.mit.edu>; Mon, 22 Aug 2011 20:45:43 -0400
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id p7N0jhuv003567;  Mon, 22 Aug 2011 20:45:43 -0400
Received: from localhost (TYGER.MIT.EDU [18.187.1.183]) (authenticated bits=0) (User authenticated as geofft@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id p7N0jgip015878; Mon, 22 Aug 2011 20:45:42 -0400 (EDT)
Date: Mon, 22 Aug 2011 20:45:42 -0400 (EDT)
From: Geoffrey Thomas <geofft@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: Funny klist output if you try to get credentials right when a ticket expires
Message-ID: <alpine.DEB.2.00.1108222043050.9670@tyger.mit.edu>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Mailman-Approved-At: Mon, 22 Aug 2011 20:46:23 -0400
CC: Alexander W Dehnert <adehnert@MIT.EDU>
X-Beenthere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
X-RT-Original-Encoding: us-ascii
Content-Length: 1304

If you try to get credentials for a service shortly after a ticket 
expires, klist shows that you get several copies of the service ticket in 
your credential cache. (None of them work.)

I run into this fairly often with a 2-hour-lifetime ccache for my root 
instance, when I'm logging into servers right around when the ticket 
expires. I've also heard this happens reasonably often with zephyr/zephyr.

mega-man:~ geofft$ kinit -l1m
Password for geofft@ATHENA.MIT.EDU:
[wait a little more than one minute]
mega-man:~ geofft$ ssh athena.dialup
Password:

mega-man:~ geofft$ klist
Ticket cache: FILE:/tmp/cc
Default principal: geofft@ATHENA.MIT.EDU

Valid starting     Expires            Service principal
08/22/11 20:40:44  08/22/11 20:41:44  krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU
08/22/11 20:42:01  08/22/11 20:41:44  host/buzzword-bingo.mit.edu@ATHENA.MIT.EDU

-- 
Geoffrey Thomas
geofft@mit.edu