Dear Colleauges, I have a perfectly valid TGT and some expired service tickets (see the klist output below). When I ssh to techno2 or fs01, the ssh client asks me for the password. Why does it happen?
I expect that the ssh client should request a new service ticket for the relevant host, and not just give up? Credentials cache: FILE:/tmp/krb5cc_3001 Principal: sudakov@REALM.HIDDEN Issued Expires Principal Aug 7 08:27:14 2017 Aug 14 08:27:14 2017 krbtgt/REALM.HIDDEN@REALM.HIDDEN Aug 7 08:27:16 2017 >>>Expired<<< host/pager11.REALM.HIDDEN@REALM.HIDDEN [...] Aug 7 11:01:56 2017 >>>Expired<<< host/techno2.REALM.HIDDEN@REALM.HIDDEN Aug 7 11:01:56 2017 >>>Expired<<< host/techno2.REALM.HIDDEN@REALM.HIDDEN Aug 7 12:58:54 2017 >>>Expired<<< host/fs01-sibptus.REALM.HIDDEN@REALM.HIDDEN Aug 7 12:58:54 2017 >>>Expired<<< host/fs01-sibptus.REALM.HIDDEN@REALM.HIDDEN -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859