Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Content-Length: 1328

<div dir="ltr"><div>ksu command doesn&#39;t use service ticket in the cache file but always re-requests to TGS (or fails when there is no TGT in cache)<br></div><div><br></div><div>The documentation states it should not re-request the service ticket (for end-server) but use the already cached quote:</div><div>

<blockquote>
  <p>Otherwise, ksu looks for an appropriate Kerberos ticket in the source
  cache. The ticket can either be for the end-server or a ticket
  granting ticket (TGT) for the target principal’s realm. If the ticket
  for the end-server is already in the cache, it’s decrypted and
  verified. If it’s not in the cache but the TGT is, the TGT is used to
  obtain the ticket for the end-server. The end-server ticket is then
  verified.</p>
</blockquote></div><div>Details about the problem (my experiments and my enviroment) in this (long) serverfault question:</div><div><br><a href="https://serverfault.com/questions/882476/linux-ksu-kerberized-super-user-command-fails-to-use-cached-service-host-tic">https://serverfault.com/questions/882476/linux-ksu-kerberized-super-user-command-fails-to-use-cached-service-host-tic</a></div><div><br></div><div> I already asked to but got no solution in the Krb5 mailing lists and no response on serverfault.</div><div>Regards</div><div>Fabiano<br></div></div>