Skip Menu |
 

Date: Fri, 3 Oct 2014 12:30:16 -0400 (EDT)
From: Jonathan Reed <jdreed@mit.edu>
To: krb5-bugs@mit.edu
Subject: klist -s only looks for TGTs
Download (untitled) / with headers
text/plain 1.1KiB
The man page for klist(1) says, of the "-s" option:

Show quoted text
>Causes klist to run silently (produce no output), but to still set the
>exit status according to whether it finds the credentials cache. The
>exit status is '0' if klist finds a credentials cache, and '1' if it does
>not or if the tickets are expired.

However, it only looks for TGTs in the credentials cache, and doesn't
behave correctly when there are other valid tickets in the cache, as
demonstrated by the following output:

jdreed@infinite-loop:~$ klist -c "FILE:/tmp/tmp.E7ghhiStR8"
Ticket cache: FILE:/tmp/tmp.E7ghhiStR8
Default principal: jdreed/root@ATHENA.MIT.EDU

Valid starting Expires Service principal
10/03/2014 12:19:10 10/03/2014 15:19:10 kadmin/admin@ATHENA.MIT.EDU
renew until 10/03/2014 12:19:10
jdreed@infinite-loop:~$ klist -s -c "FILE:/tmp/tmp.E7ghhiStR8"
jdreed@infinite-loop:~$ echo $?
1
jdreed@infinite-loop:~$

klist -s should be updated to check for the presence of any valid ticket,
not just a TGT. It's unclear what should happen if the cache contains
some valid tickets and some expired ones, but I suspect it should return
nonzero.

Thanks,
-Jon
From: ghudson@mit.edu
Subject: git commit

Improve klist check for expired cache

Make klist -s succeed for a cache which contains a non-expired
credential and no TGT cred.

https://github.com/krb5/krb5/commit/922f627b28f480eafc240fb4706cacf6aa7f4c14
Author: Greg Hudson <ghudson@mit.edu>
Commit: 922f627b28f480eafc240fb4706cacf6aa7f4c14
Branch: master
src/clients/klist/klist.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)