|From:||Fabiano Tarlao <email@example.com>|
|Date:||Mon, 13 Nov 2017 11:02:13 +0100|
|Subject:||ksu command doesn't use service ticket in cache file but always re-requests to TGS|
Otherwise, ksu looks for an appropriate Kerberos ticket in the source cache. The ticket can either be for the end-server or a ticket granting ticket (TGT) for the target principal’s realm. If the ticket for the end-server is already in the cache, it’s decrypted and verified. If it’s not in the cache but the TGT is, the TGT is used to obtain the ticket for the end-server. The end-server ticket is then verified.