Description of problem:
When you ftp to a machine running vsftpd that uses krb5 authentication through PAM it generates a TGT credentials cache in /tmp. As expected. But this never gets removed when the ftp session ends. 

This means /tmp gets very full of (tens of) thousands of krb5cc files on a busy server.

Version-Release number of selected component (if applicable):
All versions (including RHEL 4)
(but interestingly seems to not happen on F13 using SSSD)

How reproducible:
Every time

Steps to Reproduce:
1.ftp to server and login as a kerberos user.
2.Examine the server's /tmp directory for new krb5cc_ file for this user
3.Log out of FTP
4.Check /tmp for the new krb5cc file and observer that it's still there
  
Expected results:
The credentials cache gets removed at the end of the FTP session.

Additional info:
It's not like ftpd can just throw away it's credentials cache on login, as it's possible (I guess) it may need to access say NFSv4 directories requiring krb5 authentication. 

I suppose this maybe hard to fix if vsftp has chrooted, can't remember if it does in a non-anonymous login?

A further wrinkle, on certain FTP clients that start lots of parallel sessions you end up with log entries on the KDC:

Jul 30 10:38:31 cslu2ux01 krb5kdc[5037](info): DISPATCH: repeated (retransmitted?) request from 10.100.53.144, resending previous response

, but I guess this is just expected. 

F13 not doing this with SSSD, I'd imagine points to the ultimate solution to this in later RHEL's (i.e. 6) using a smarter back end.