[krbdev.mit.edu #8022] klist -s only looks for TGTs
Jonathan Reed via RT
rt-comment at krbdev.mit.edu
Fri Oct 3 12:42:26 EDT 2014
The man page for klist(1) says, of the "-s" option:
>Causes klist to run silently (produce no output), but to still set the
>exit status according to whether it finds the credentials cache. The
>exit status is '0' if klist finds a credentials cache, and '1' if it does
>not or if the tickets are expired.
However, it only looks for TGTs in the credentials cache, and doesn't
behave correctly when there are other valid tickets in the cache, as
demonstrated by the following output:
jdreed at infinite-loop:~$ klist -c "FILE:/tmp/tmp.E7ghhiStR8"
Ticket cache: FILE:/tmp/tmp.E7ghhiStR8
Default principal: jdreed/root at ATHENA.MIT.EDU
Valid starting Expires Service principal
10/03/2014 12:19:10 10/03/2014 15:19:10 kadmin/admin at ATHENA.MIT.EDU
renew until 10/03/2014 12:19:10
jdreed at infinite-loop:~$ klist -s -c "FILE:/tmp/tmp.E7ghhiStR8"
jdreed at infinite-loop:~$ echo $?
1
jdreed at infinite-loop:~$
klist -s should be updated to check for the presence of any valid ticket,
not just a TGT. It's unclear what should happen if the cache contains
some valid tickets and some expired ones, but I suspect it should return
nonzero.
Thanks,
-Jon
More information about the krb5-bugs
mailing list