Dear lazyweb,

Is it possible, under Linux, to request a Kerberos ticket-granting ticket from one Kerberos realm without destroying your TGTs from another realm that are already in your credentials cache?

Otherwise, this happens:

Ticket cache: FILE:/tmp/krb5cc_2000_O5THYS
Default principal: wouter@EXAMPLE.COM

Valid starting     Expires            Service principal
10/02/07 19:29:53  10/03/07 05:29:53  krbtgt/EXAMPLE.COM@EXAMPLE.COM
	renew until 10/03/07 19:29:50
10/02/07 19:29:56  10/03/07 05:29:53  HTTP/exampleserver.example.com@
	renew until 10/03/07 19:29:50
10/02/07 20:52:54  10/03/07 05:29:53  host/exampleserver.example.com@
	renew until 10/03/07 19:29:50


Kerberos 4 ticket cache: /tmp/tkt2000
klist: You have no tickets cached
wouter@country:~$ kinit wouter@GREP.BE
Password for wouter@GREP.BE: 
wouter@country:~$ klist
Ticket cache: FILE:/tmp/krb5cc_2000_O5THYS
Default principal: wouter@GREP.BE

Valid starting     Expires            Service principal
10/02/07 20:59:01  10/03/07 06:59:01  krbtgt/GREP.BE@GREP.BE
	renew until 10/03/07 20:58:57


Kerberos 4 ticket cache: /tmp/tkt2000
klist: You have no tickets cached

Note the complete absense of any reference to the first realm in the second klist output, which is annoying.

(Yes, I do know about the possibility to create trust paths between two realms; But I'm not going to give customers access to my personal mailserver...)