Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id B952458140; Fri, 3 Oct 2014 12:42:25 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s93GgPSf013565; Fri, 3 Oct 2014 12:42:25 -0400 Received: from mailhub-auth-4.mit.edu (mailhub-auth-4.mit.edu [18.7.62.39]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s93GUI6T011766 for ; Fri, 3 Oct 2014 12:30:18 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s93GUHkP006031 for ; Fri, 3 Oct 2014 12:30:18 -0400 Received: from localhost (infinite-loop.mit.edu [18.155.2.12]) (authenticated bits=0) (User authenticated as jdreed@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s93GUGLr009377 for ; Fri, 3 Oct 2014 12:30:17 -0400 Date: Fri, 3 Oct 2014 12:30:16 -0400 (EDT) From: Jonathan Reed To: krb5-bugs@mit.edu Subject: klist -s only looks for TGTs Message-ID: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Mailman-Approved-At: Fri, 03 Oct 2014 12:42:24 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 1167 The man page for klist(1) says, of the "-s" option: >Causes klist to run silently (produce no output), but to still set the >exit status according to whether it finds the credentials cache. The >exit status is '0' if klist finds a credentials cache, and '1' if it does >not or if the tickets are expired. However, it only looks for TGTs in the credentials cache, and doesn't behave correctly when there are other valid tickets in the cache, as demonstrated by the following output: jdreed@infinite-loop:~$ klist -c "FILE:/tmp/tmp.E7ghhiStR8" Ticket cache: FILE:/tmp/tmp.E7ghhiStR8 Default principal: jdreed/root@ATHENA.MIT.EDU Valid starting Expires Service principal 10/03/2014 12:19:10 10/03/2014 15:19:10 kadmin/admin@ATHENA.MIT.EDU renew until 10/03/2014 12:19:10 jdreed@infinite-loop:~$ klist -s -c "FILE:/tmp/tmp.E7ghhiStR8" jdreed@infinite-loop:~$ echo $? 1 jdreed@infinite-loop:~$ klist -s should be updated to check for the presence of any valid ticket, not just a TGT. It's unclear what should happen if the cache contains some valid tickets and some expired ones, but I suspect it should return nonzero. Thanks, -Jon