I looked into this a bit further. As far as I can tell, when sudo calls pam_end, pam_krb5's pamk5_context_destroy function should be called (as pam_krb5's auth.c line 976 sets it up to be). However the function is not called, and so the ticket cache stays behind after sudo dispenses with PAM.
-- Sam Morris <s...@robots.org.uk> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
