Received: from cmr0.ash.ops.us.uu.net (cmr0.ash.ops.us.uu.net [198.5.241.38]) by krbdev.mit.edu (8.9.3p2) with ESMTP id RAA11339; Tue, 6 Jan 2004 17:14:35 -0500 (EST) From: gsu@UU.NET Received: from imr0.ash.ops.us.uu.net by cmr0.ash.ops.us.uu.net with ESMTP (peer crosschecked as: imr0.ash.ops.us.uu.net [153.39.43.11]) id QQpwiy23465; Tue, 6 Jan 2004 22:14:29 GMT Received: from imr0.ash.ops.us.uu.net by imr0.ash.ops.us.uu.net with ESMTP (peer crosschecked as: localhost [127.0.0.1]) id QQpwiy05527; Tue, 6 Jan 2004 22:14:08 GMT Received: from galaxy.argfrp.us.uu.net by imr0.ash.ops.us.uu.net with ESMTP (peer crosschecked as: galaxy.argfrp.us.uu.net [153.39.56.113]) id QQpwiy05468; Tue, 6 Jan 2004 22:14:07 GMT Received: from localhost (gsu@localhost) by galaxy.argfrp.us.uu.net (8.9.3p2/8.9.3) with ESMTP id QQpwiy29419; Tue, 6 Jan 2004 22:14:07 GMT X-Authentication-Warning: galaxy.argfrp.us.uu.net: gsu owned process doing -bs Date: Tue, 6 Jan 2004 17:14:07 -0500 (EST) To: Sam Hartman via RT Cc: gsu@UU.NET, krb5-prs@mit.edu Subject: Re: [krbdev.mit.edu #2106] bug in krb5_cc_remove_cred API? In-Reply-To: Message-Id: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 716 On Tue, 6 Jan 2004, Sam Hartman via RT wrote: > gsu> So there is no way that I can remove any expired credential? > > Correct, but it is probably not a major problem; expired credentials > will not be used. If your cache is getting too full, remove all the > credentials and get a new TGT. > I noticed that if there are more than one credentials for the same server, krb5_get_credentials returns the first one found which may be expired. I have to use krb5_cc_retrieve_cred with KRB5_TC_MATCH_TIMES option to get the good credential and send to the server for authentication. Since I have to keep getting new service ticket, I thought it would be nice if I can remove all old ones. Thank you for the info.