On Nov 5, 2008, at 21:16, Stefan Monnier wrote: > How can I destroy expired tickets? > > They're useless at best, and in some cases they're positively harmful > (their presence prompts `ssh' to contact the KDC to try and delegate > credentials, which is a waste if the tickets are expired, and is > really > annoying when the KDC times out because it's behind a firewall).
Hm, that sounds a bit broken. I could see, maybe, inferring that you want to use Kerberos and prompting to get new tickets, but trying to forward expired ones is no good... > But I couldn't find any command that would destroy only expired > tickets. > Any idea what I should use? I guess I could try and parse the > date&time > in "klist", but it'd be a pain in the rear and blatantly brittle. Running "klist -s" and testing the exit status should let you figure out if there are currently-valid tickets. I don't know if there's a way to test for "tickets exist and are not valid", though perhaps "klist >& /dev/null" (C shell syntax) succeeding and "klist -s" failing would do the job. Or you could try "klist -s" and then just run "kdestroy >& /dev/null", ignoring any errors caused by a ticket cache not existing. Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
