The ``dhcp.keytab`` takes the same usage as for Unix Kerberos.
-GSS troubleshooting
-~~~~~~~~~~~~~~~~~~~
+GSS-TSIG Troubleshooting
+~~~~~~~~~~~~~~~~~~~~~~~~
While testing GSS-TSIG integration with Active Directory we came across
one very cryptic error:
- ``comment`` is allowed but currently ignored.
+
+GSS-TSIG Automatic Key Removal
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The server will periodically delete keys which expired more than 3 times the
+maximum key lifetime.
+
+
GSS-TSIG Configuration for Deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~