[#2247] Added a note against client-keytab

author Francis Dupont <fdupont@isc.org>

Mon, 6 Jun 2022 14:55:51 +0000 (16:55 +0200)

committer Tomek Mrugalski <tomek@isc.org>

Fri, 24 Jun 2022 08:04:07 +0000 (08:04 +0000)
author Francis Dupont <fdupont@isc.org>
Mon, 6 Jun 2022 14:55:51 +0000 (16:55 +0200)
committer Tomek Mrugalski <tomek@isc.org>
Fri, 24 Jun 2022 08:04:07 +0000 (08:04 +0000)
diff --git a/doc/sphinx/arm/ext-gss-tsig.rst b/doc/sphinx/arm/ext-gss-tsig.rst

index 6126e32f30c0f001fe20c8cdf2740d49d732aca6..28a9fd9ed46ce37439a695070cfc60e21ad00b88 100644 (file)
--- a/doc/sphinx/arm/ext-gss-tsig.rst
+++ b/doc/sphinx/arm/ext-gss-tsig.rst
@@ -804,6 +804,17 @@ The server map parameters are described below:
  
  - ``comment`` is allowed but currently ignored.
  
+.. note::
+
+    Even when the client keytab can be specified either in the configuration
+    or the environment variable, leaving the library acquiring and caching
+    client credentials, to use cached client credentials is far better.
+
+    For instance only the read access right is needed to use the cache,
+    to fetch credentials and update the cache requires the write access
+    right too.
+
+
  GSS-TSIG Automatic Key Removal
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Francis Dupont <fdupont@isc.org>
	Mon, 6 Jun 2022 14:55:51 +0000 (16:55 +0200)
committer	Tomek Mrugalski <tomek@isc.org>
	Fri, 24 Jun 2022 08:04:07 +0000 (08:04 +0000)