I looked into this a bit further. As far as I can tell, when sudo calls pam_end, pam_krb5's pamk5_context_destroy function should be called (as pam_krb5's auth.c line 976 sets it up to be). However the function is not called, and so the ticket cache stays behind after sudo dispenses with PAM.
-- Sam Morris <[email protected]> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
