[krbdev.mit.edu #8619] ksu command doesn't use service ticket in cache file but always re-requests to TGS

[Greg Hudson via RT]

I can look into changing the code's behavior, but not on any specific 
time table.  ksu isn't a terribly high priority component for the 
project.

>From your stated security motivation, it sounds like you are building a 
scripted or programmatic system on top of ksu to allow specific 
operations to be performed at an escalated privilege level.  I don't 
think ksu makes a great building block.  Without knowing the full 
parameters of the system I can't say what would make a better building 
block, but perhaps remctl ( 
https://www.eyrie.org/~eagle/software/remctl/ ) would be better.