Andrew Levin <amle...@mit.edu> writes: > I have noticed that even after I delete my kerberos ticket cache, as below, I > remain authenticated (eg I can open files in an area where kerberos > authentication is required). How is this possible? > > [anlevin@lxplus0055 ~]$ klist > Ticket cache: FILE:/tmp/krb5cc_13535_4nn0mf > Default principal: anle...@cern.ch > > Valid starting Expires Service principal > 07/10/15 09:54:58 07/11/15 10:54:58 krbtgt/cern...@cern.ch > renew until 07/15/15 09:54:58 > 07/10/15 09:54:59 07/11/15 10:54:58 afs/cern...@cern.ch > renew until 07/15/15 09:54:58 > [anlevin@lxplus0055 ~]$ rm /tmp/krb5cc_13535_4nn0mf
You didn't mention which sort of remote filesystem you're concerned with, but based on your klist output, you might be using AFS. The AFS client maintains a separate cache of AFS tokens, derived from the afs/cellname Kerberos ticket. You can typically use the "unlog" command to destroy those AFS tokens. Also, we generally recommend that people use kdestroy to destroy Kerberos tickets. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
