diff --git a/kuser/kimpersonate.c b/kuser/kimpersonate.c
index b8b0edaf1..8395477b6 100644
--- a/kuser/kimpersonate.c
+++ b/kuser/kimpersonate.c
@@ -166,12 +166,13 @@ create_krb5_tickets(krb5_context context, krb5_keytab kt)
 
 
     ret = krb5_copy_principal(context, client_principal, &cred.client);
+    if (ret == 0)
+        ret = krb5_copy_principal(context, server_principal, &cred.server);
     if (ret)
 	krb5_err(context, 1, ret, "krb5_copy_principal");
-    ret = krb5_copy_principal(context, server_principal, &cred.server);
+    ret = krb5_generate_random_keyblock(context, session_etype, &cred.session);
     if (ret)
-	krb5_err(context, 1, ret, "krb5_copy_principal");
-    krb5_generate_random_keyblock(context, session_etype, &cred.session);
+	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
 
     cred.times.authtime = time(NULL);
     cred.times.starttime = time(NULL);
diff --git a/kuser/kinit.c b/kuser/kinit.c
index 1867994fb..6ac4b4542 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -502,7 +502,7 @@ renew_validate(krb5_context context,
 	 * no need to check the error here, it's only to be
 	 * friendly to the user
 	 */
-	krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
+	(void) krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
     }
 
     flags.i = 0;
diff --git a/kuser/klist.c b/kuser/klist.c
index 049b87293..1679d1249 100644
--- a/kuser/klist.c
+++ b/kuser/klist.c
@@ -553,7 +553,7 @@ list_caches(krb5_context context, struct klist_options *opt)
     if (opt->json_flag)
 	rtbl_set_flags(ct, RTBL_JSON);
 
-    while (krb5_cccol_cursor_next(context, cursor, &id) == 0) {
+    while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
 	int expired = 0;
 	char *name;
 	time_t t;