I am running self-hosted GitLab EE. Both, LDAP and Kerberos authentication are implemented. Kerberos was working fine until recently. When attempting to authenticate with Kerberos, the result is the Kerberos Access Denied 401 page.
It’s not a client issue as the clients are able to perform Kerberos authentication to a different service seamlessly and successfully.
The connectivity test from the above troubleshooting is successful for testing between GitLab and the Kerberos server.
When consulting the GitLab logs, the following error message is what presents:
OmniauthKerberosController: failed to process Negotiate/Kerberos authentication: gss_acquire_cred did not return GSS_S_COMPLETE: Unspecified GSS failure. Minor code may provide more information
Cannot create replay cache file /var/tmp/HTTP_996: Permission denied
The file specified above is readable and writable by the git user which gitlab is running as.
The DNS records have not been changed, but they were verified and there are no errors with them. The forward and reverse records correlate as they should.
Any help getting to the bottom of this would be greatly appreciated. Cheers!