handling of expired TGT ticket in heimdal krb5 lib
I'm wondering if there isn't a problem in heimdal in the way the expiration of TGT is handled.
I'm seeing this problem, I have two realms: MYFB.COM and ENG.MYFB.COM; ENG.MYFB.COM is trusting MYFB.COM, when I log on my laptop I get a TGT ticket for MYFB.COM for 10 days, then I try to ssh to a machine that use the ENG.MYFB.COM so I get a TGT for ENG.MYFB.COM:
tickets 2 and 3 are expired and when try one more time to ssh to my server it's failing because the expired TGT for ENG.MYFB.COM is sent to a kdc for this realm and the kdc reply indicating that the ticket is expired.
I tried the same with MIT kerberos on linux (1.13) and it's working fine as the library fetches a new TGT for ENG.MYFB.COM if the existing one is expired and the main TGT is not expired.