Is anyone else seeing what look like double-frees in krb524d using the patch for 1.2.0? It looks like v5tkt->enc_part2 is freed around line 374, and because the pointer isn't zeroed, another attempt to free it is made in when krb5_free_ticket() call a few lines later. Thanks, Nalin