From c57484fe932ab4fb2d75186d7fbf2a1723d220b6 Mon Sep 17 00:00:00 2001 From: Francis Dupont Date: Mon, 6 Jun 2022 16:55:51 +0200 Subject: [PATCH] [#2247] Added a note against client-keytab --- doc/sphinx/arm/ext-gss-tsig.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/sphinx/arm/ext-gss-tsig.rst b/doc/sphinx/arm/ext-gss-tsig.rst index 6126e32f30..28a9fd9ed4 100644 --- a/doc/sphinx/arm/ext-gss-tsig.rst +++ b/doc/sphinx/arm/ext-gss-tsig.rst @@ -804,6 +804,17 @@ The server map parameters are described below: - ``comment`` is allowed but currently ignored. +.. note:: + + Even when the client keytab can be specified either in the configuration + or the environment variable, leaving the library acquiring and caching + client credentials, to use cached client credentials is far better. + + For instance only the read access right is needed to use the cache, + to fetch credentials and update the cache requires the write access + right too. + + GSS-TSIG Automatic Key Removal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- 2.47.3