Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: kinit can create duplicate ccache in collection with default principal X-RT-Original-Encoding: iso-8859-1 Content-Length: 1022 When the default cache type is collection-enabled, kinit is supposed to look for an existing cache matching the principal for which it will acquire tickets. This happens when an explicit principal is given, but not when the default principal is used. For example, in the sequence: KRB5CCNAME=DIR:/path/to/empty/directory export KRB5CCNAME kinit kinit someotherprincipal kdestroy kinit After kdestroy is run, the collection's primary selection is uninitialized, and it contains a cache with tickets for $USER. "kinit $USER" would search the collection and find that cache to put credentials in. But because no explicit principal name was specified, krb5_cc_cache_match() is not used, and a second cache for $USER is initialized. The code is currently structured to choose the output ccache first and the principal name second, because the principal name can be taken from the output ccache (if it exists). We will need to alter the structure somehow to handle this case correctly.