The idea is to not complain about problems in the default ticket file if we
couldn't read it, because the client would be able to tell if it's there or
not.  Still needs work, I think.

diff -up krb5-1.8/src/clients/ksu/ccache.c.ksu-access krb5-1.8/src/clients/ksu/ccache.c
--- krb5-1.8/src/clients/ksu/ccache.c.ksu-access	2009-10-30 20:48:38.000000000 -0400
+++ krb5-1.8/src/clients/ksu/ccache.c	2010-03-05 10:57:56.000000000 -0500
@@ -78,7 +78,7 @@ krb5_error_code krb5_ccache_copy (contex
     cc_def_name = krb5_cc_get_name(context, cc_def);
     cc_other_name = krb5_cc_get_name(context, *cc_other);
 
-    if ( ! stat(cc_def_name, &st_temp)){
+    if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
         if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
             return retval;
         }
diff -up krb5-1.8/src/clients/ksu/heuristic.c.ksu-access krb5-1.8/src/clients/ksu/heuristic.c
--- krb5-1.8/src/clients/ksu/heuristic.c.ksu-access	2009-10-30 20:48:38.000000000 -0400
+++ krb5-1.8/src/clients/ksu/heuristic.c	2010-03-05 10:57:56.000000000 -0500
@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
 
     cc_source_name = krb5_cc_get_name(context, cc);
 
-    if ( ! stat(cc_source_name, &st_temp)){
+    if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
 
         retval = find_ticket(context, cc, client, end_server, &temp_found);
         if (retval)
@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
     cc_source_name = krb5_cc_get_name(context, cc_source);
 
 
-    if (! stat(cc_source_name, &st_temp)) {
+    if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
         retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
         if (retval)
             return retval;
diff -up krb5-1.8/src/clients/ksu/main.c.ksu-access krb5-1.8/src/clients/ksu/main.c
--- krb5-1.8/src/clients/ksu/main.c.ksu-access	2010-03-05 10:57:55.000000000 -0500
+++ krb5-1.8/src/clients/ksu/main.c	2010-03-05 10:57:56.000000000 -0500
@@ -270,7 +270,7 @@ main (argc, argv)
                 if ( strchr(cc_source_tag, ':')){
                     cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
 
-                    if( stat( cc_source_tag_tmp, &st_temp)){
+                    if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
                         com_err (prog_name, errno,
                                  "while looking for credentials file %s",
                                  cc_source_tag_tmp);