[krbdev.mit.edu #8152] gss_acquire_cred_with_password() ignores expired creds

[Sam Hartman via RT]

>>>>> "Greg" == Greg Hudson via RT <rt-comment at krbdev.mit.edu> writes:

    Greg> If you don't carefully manage your KRB5CCNAME, there is the
    Greg> potential that gss_acquire_cred_with_password() might succeed
    Greg> without making an AS request, and the creds you have might
    Greg> verify correctly even though the password was never used.

Was this true when it generated a memory ccache?
Is that the behavior you want to go back to?