Currently in fuse_dfs, if one kinits as some principal "foo" and then does some operation on fuse_dfs, then kdestroy and kinit as some principal "bar", subsequent operations done via fuse_dfs will still use cached credentials for "foo". The reason for this is that fuse_dfs caches Filesystem instances using the UID of the user running the command as the key into the cache. This is a very uncommon scenario, since it's pretty uncommon for a single user to want to use credentials for several different principals on the same box.
However, we can use inotify to detect changes in the Kerberos ticket cache file and force the next operation to create a new FileSystem instance in that case. This will also require a reference counting mechanism in fuse_dfs so that we can free the FileSystem classes when they refer to previous Kerberos ticket caches.
Another mechanism is to run a stat periodically on the ticket cache file. This is a good fallback mechanism if inotify does not work on the file (for example, because it's on an NFS mount.)