GitLab

While testing gss tsig hook I came upon one major issue all came down to configuring two values:

"client-keytab": "FILE:/etc/dhcp.keytab",
"credentials-cache": "FILE:/etc/ccache",

Tests are based on keytabs, and based on documentation and examples I had always those two values configured.

While I was running kea on root account (installed from tarball) having "credentials-cache" configured did NOT caused any problems, but while running Kea from _kea account (debian pkg) Kea failed to authenticate with an error:

BAD_CLIENT_CREDENTIALS bad client credentials: gss_acquire_cred failed with GSSAPI error: Major = 'Unspecified GSS failure.  Minor code may provide more information' (851968), Minor = 'Principal in credential cache does not match desired name' (39756032).

After discussing this with @razvan I learned that those two values can't be used together.

This have two ways forward:

• update documentation and example files
• the fact that from root account this configuration worked may be indicating underling issue, it should be investigated