Weird log messages when 'krb5_child' renews a KCM ticket

[alexey-tikhonov]

(based on #7703 (comment))

When 'krb5_child' renews a KCM ticket it logs:

[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.

when TGT is present and valid.
This is more or less cosmetic issue since results of ccache validation are ignored for non-FILE:/DIR: types.
Still it would be good to understand the reason.
Issue isn't observed when 'sssd_be' renews KEYRING: type ticket.

Logs with stock sssd-2.10:

$ kinit -r 120 -l 35

$ klist -A
Ticket cache: KCM:1506600003
Default principal: [email protected]

Valid starting       Expires              Service principal
11/29/2024 14:23:49  11/29/2024 14:24:21  krbtgt/[email protected]
	renew until 11/29/2024 14:25:46

(14:24:06): [krb5_child[7597]] [unpack_buffer] (0x0100): cmd [248 (ticket renewal)] uid [1506600003] gid [1506600003] validate [false] enterprise principal [false] offline [false] UPN [[email protected]]
(14:24:06): [krb5_child[7597]] [unpack_buffer] (0x0100): ccname: [KCM:1506600003] old_ccname: [KCM:1506600003] keytab: [not set]
(14:24:06): [krb5_child[7597]] [privileged_krb5_setup] (0x0080): Realm not available.
(14:24:06): [krb5_child[7597]] [check_keytab_name] (0x0400): Missing krb5_keytab option for domain, looking for default one
(14:24:06): [krb5_child[7597]] [check_keytab_name] (0x0400): krb5_kt_default_name() returned: FILE:/etc/krb5.keytab
(14:24:06): [krb5_child[7597]] [check_keytab_name] (0x0400): krb5_child will default to: /etc/krb5.keytab
(14:24:06): [krb5_child[7597]] [check_use_fast] (0x0100): Not using FAST.
(14:24:06): [krb5_child[7597]] [switch_creds] (0x0200): Switch user to [1506600003][1506600003].
   -- (14:24:06): [kcm] [kcm_output_construct] (0x1000): [CID#16] Sending a reply with 1859 bytes of payload
(14:24:06): [krb5_child[7597]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(14:24:06): [krb5_child[7597]] [switch_creds] (0x0200): Switch user to [990][986].
(14:24:06): [krb5_child[7597]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KCM:1506600003] and is  active and TGT is  valid.
(14:24:06): [krb5_child[7597]] [become_user] (0x0200): Trying to become user [1506600003][1506600003].
...
(14:24:07): [krb5_child[7597]] [main] (0x0400): krb5_child completed successfully

$ klist -A
Ticket cache: KCM:1506600003
Default principal: [email protected]

Valid starting       Expires              Service principal
11/29/2024 14:24:06  11/29/2024 14:24:38  krbtgt/[email protected]
	renew until 11/29/2024 14:25:46

Take a note that ticket is successfully renewed.

Comment of ltrace from @sumit-bose:
"""
It is reading and getting tickets from KCM but there are krb5_principal_compare_flags() which return 0 (false). I guess this is coming from princs_match() in the krb5 source code. The comparison with the client principal works but something failed with the server principal (KRBTGT/REALM@REALM)?
"""