Date: | Fri, 3 Oct 2014 12:30:16 -0400 (EDT) |
From: | Jonathan Reed <jdreed@mit.edu> |
To: | krb5-bugs@mit.edu |
Subject: | klist -s only looks for TGTs |
The man page for klist(1) says, of the "-s" option:
However, it only looks for TGTs in the credentials cache, and doesn't
behave correctly when there are other valid tickets in the cache, as
demonstrated by the following output:
jdreed@infinite-loop:~$ klist -c "FILE:/tmp/tmp.E7ghhiStR8"
Ticket cache: FILE:/tmp/tmp.E7ghhiStR8
Default principal: jdreed/root@ATHENA.MIT.EDU
Valid starting Expires Service principal
10/03/2014 12:19:10 10/03/2014 15:19:10 kadmin/admin@ATHENA.MIT.EDU
renew until 10/03/2014 12:19:10
jdreed@infinite-loop:~$ klist -s -c "FILE:/tmp/tmp.E7ghhiStR8"
jdreed@infinite-loop:~$ echo $?
1
jdreed@infinite-loop:~$
klist -s should be updated to check for the presence of any valid ticket,
not just a TGT. It's unclear what should happen if the cache contains
some valid tickets and some expired ones, but I suspect it should return
nonzero.
Thanks,
-Jon
Show quoted text
>Causes klist to run silently (produce no output), but to still set the
>exit status according to whether it finds the credentials cache. The
>exit status is '0' if klist finds a credentials cache, and '1' if it does
>not or if the tickets are expired.
>exit status according to whether it finds the credentials cache. The
>exit status is '0' if klist finds a credentials cache, and '1' if it does
>not or if the tickets are expired.
However, it only looks for TGTs in the credentials cache, and doesn't
behave correctly when there are other valid tickets in the cache, as
demonstrated by the following output:
jdreed@infinite-loop:~$ klist -c "FILE:/tmp/tmp.E7ghhiStR8"
Ticket cache: FILE:/tmp/tmp.E7ghhiStR8
Default principal: jdreed/root@ATHENA.MIT.EDU
Valid starting Expires Service principal
10/03/2014 12:19:10 10/03/2014 15:19:10 kadmin/admin@ATHENA.MIT.EDU
renew until 10/03/2014 12:19:10
jdreed@infinite-loop:~$ klist -s -c "FILE:/tmp/tmp.E7ghhiStR8"
jdreed@infinite-loop:~$ echo $?
1
jdreed@infinite-loop:~$
klist -s should be updated to check for the presence of any valid ticket,
not just a TGT. It's unclear what should happen if the cache contains
some valid tickets and some expired ones, but I suspect it should return
nonzero.
Thanks,
-Jon