Dear Colleagues,

Starting from a clean credentials cache, just after the first kinit:

$ klist
Credentials cache: FILE:/tmp/krb5cc_3001
        Principal: sudakov@REALM1.EXAMPLE

  Issued                Expires               Principal
Jun  1 17:57:33 2017  Jun  8 17:57:33 2017
krbtgt/REALM1.EXAMPLE@REALM1.EXAMPLE
$

Now if I ssh to a host in a trusted realm several times, my credentials cache
will look like this:

$ klist
Credentials cache: FILE:/tmp/krb5cc_3001
        Principal: sudakov@REALM1.EXAMPLE

  Issued                Expires               Principal
Jun  1 17:57:33 2017  Jun  8 17:57:33 2017  krbtgt/REALM1.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:40 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:40 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:42 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:42 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:44 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
Jun  1 17:58:44 2017  Jun  8 17:57:33 2017  krbtgt/REALM2.EXAMPLE@REALM1.EXAMPLE
Jun  1 17:58:38 2017  Jun  8 17:57:33 2017  
host/svn.REALM2.EXAMPLE@REALM2.EXAMPLE
$

Why do those entries multiply?

(Heimdal 1.5.2, FreeBSD 10.3)

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
AS43859

Reply via email to