From cf63cda866c129bb69a0646b4952f271dc70208f Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 7 Sep 2022 00:10:34 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/integration/kerberos.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'doc/integration/kerberos.md')

diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md
index 257ba4e6708..da854582c12 100644
--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
@@ -368,6 +368,15 @@ GitLab supports, authentication fails with a message like this in the log:
 OmniauthKerberosSpnegoController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested Unknown error
 ```
 
+There are a number of potential causes and solutions for this error message.
+
+#### Kerberos integration not using a dedicated port
+
+GitLab CI/CD doesn’t work with a Kerberos-enabled GitLab instance unless the Kerberos integration 
+is configured to [use a dedicated port](kerberos.md#http-git-access-with-kerberos-token-passwordless-authentication). 
+
+#### Lack of connectivity between client machine and Kerberos server
+
 This is usually seen when the browser is unable to contact the Kerberos server
 directly. It falls back to an unsupported mechanism known as
 [`IAKERB`](https://k5wiki.kerberos.org/wiki/Projects/IAKERB), which tries to use
@@ -377,6 +386,8 @@ If you're experiencing this error, ensure there is connectivity between the
 client machine and the Kerberos server - this is a prerequisite! Traffic may be
 blocked by a firewall, or the DNS records may be incorrect.
 
+#### Mismatched forward and reverse DNS records for GitLab instance hostname
+
 Another failure mode occurs when the forward and reverse DNS records for the
 GitLab server do not match. Often, Windows clients work in this case while
 Linux clients fail. They use reverse DNS while detecting the Kerberos
@@ -389,6 +400,8 @@ match. So for instance, if you access GitLab as `gitlab.example.com`, resolving
 to IP address `1.2.3.4`, then `4.3.2.1.in-addr.arpa` must be a `PTR` record for
 `gitlab.example.com`.
 
+#### Missing Kerberos libraries on browser or client machine
+
 Finally, it's possible that the browser or client machine lack Kerberos support
 completely. Ensure that the Kerberos libraries are installed and that you can
 authenticate to other Kerberos services.
-- 
cgit v1.2.1