Kerberos Authentication in k6 Script

I have an issue related to Kerberos authentication in a k6 script. Below is a detailed account of the steps I have taken, the environment setup, and the issues encountered.

Environment Details
k6 Version: v0.47.0
Extension Used: xk6-kerberos
Operating System: Windows 10
Kerberos Configuration File (krb5.conf):
ini
[libdefaults]
default_realm = INTERNAL.EPO.ORG
default_tkt_enctypes = aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-md5
default_tgs_enctypes = aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-md5
kdc_timesync = 0
kdc_default_options = 0x40000010
clockskew = 300
check_delegate = 0
ccache_type = 3
kdc_timeout = 6000
udp_preference_limit = 1
allow_weak_crypto = true
forwardable = true

[domain_realm]
internal.epo.org = INTERNAL.EPO.ORG
.internal.epo.org = INTERNAL.EPO.ORG

[realms]
INTERNAL.EPO.ORG = {
admin_server = GVKDC01.internal.epo.org
kdc = GVKDC01.internal.epo.org
kdc = GVKDC02.internal.epo.org
kdc = BEKDC01.internal.epo.org
kdc = BEKDC02.internal.epo.org
}

Steps Taken
Manual Authentication with kinit:
Successfully obtained a Kerberos ticket using kinit.

kinit OSA0002@INTERNAL.EPO.ORG
Verified the ticket cache with klist:klist
Credentials cache: C:\Users\pb85371\krb5cc_pb85371
Default principal: OSA0002@INTERNAL.EPO.ORG

Setting Environment Variable:Set the KRB5CCNAME environment variable to point to the Kerberos ticket cache.
set KRB5CCNAME=C:\Users\pb85371\krb5cc_pb85371

Ran the k6 script with the following content:

import http from ‘k6/http’;
import exec from ‘k6/execution’;
import { check } from ‘k6’;
import { UserClient } from ‘k6/x/kerberos’;

export const options = {
iterations: 1,
vus: 1,
thresholds: {
checks: [{ threshold: ‘rate == 1.00’, abortOnFail: true }],
http_req_failed: [{ threshold: ‘rate == 0.00’, abortOnFail: true }],
},
};

var users = [{
username: “OSA0002@INTERNAL.EPO.ORG”,
password: “XXX”,
}];

// Set Kerberos domain
const service = “HTTP/awm-service-o.internal.epo.org”;
const realm = “INTERNAL.EPO.ORG”;

// Open and load the Kerberos configuration file
const config = open(‘krb5.conf’);

let session;

export default function () {
// Log all environment variables for debugging
console.log(Environment Variables: ${JSON.stringify(__ENV, null, 2)});

// Log the Kerberos cache file
console.log(Kerberos cache: ${__ENV.KRB5CCNAME});

// Ensure the KRB5CCNAME environment variable is set
if (!__ENV.KRB5CCNAME) {
console.error(‘KRB5CCNAME environment variable is not set’);
exec.test.abort(new Error(‘KRB5CCNAME environment variable is not set’));
}

// A unique session is assigned for each VU.
if (session == null) {
try {
// Use the unique identifier of the VU as the index for accessing a single pair of credentials.
const user = users[(exec.vu.idInTest - 1) % users.length];

  console.log(`Authenticating user: ${user.username}`);
  console.log(`Using realm: ${realm}`);
  console.log(`Kerberos configuration: ${config}`);

  // Authenticate the user and get the session token.
  const client = new UserClient(config, user.username, user.password, realm);
  const token = client.authenticate(service);

  // Log the ticket information
  const tickets = client.listTickets();
  console.log(`Tickets: ${JSON.stringify(tickets, null, 2)}`);

  session = token.negotiateHeader();

  console.log(`User authenticated: ${user.username}`);
} catch (e) {
  console.error(`Authentication failed for user: ${users[(exec.vu.idInTest - 1) % users.length].username}`);
  console.error(`Error: ${e.message}`);
  console.error(JSON.stringify(e, null, 2));
  exec.test.abort(e);
}

}

// Add headers and send HTTP request
const headers = {
‘Accept’: ‘application/json’,
‘AppD_Header’: ‘AWM_0250_AllTeams_GET’,
‘Authorization’: session,
};

const url = ‘http://awm-service-o.internal.epo.org/service/teams’;

// Log the start of the transaction
console.log(‘Starting AWM_0250_AllTeams_GET transaction’);

const res = http.get(url, { headers: headers });

// Log the end of the transaction
console.log(‘AWM_0250_AllTeams_GET transaction completed’);

check(res, {
‘is status 200’: (r) => r.status === 200,
‘response body contains “teamId”’: (r) => r.body.includes(‘teamId’),
});
}

Issues Encountered
Environment Variable Not Set:
Despite setting the KRB5CCNAME environment variable correctly, the script logs that it is undefined and fails with:

KRB5CCNAME environment variable is not set
Authentication Failure:
When the environment variable is recognized, the script fails with the following error:

GoError: failed to acquire credentials: could not get valid TGT for client’s realm: [Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (6) KDC_ERR_C_PRINCIPAL_UNKNOWN Client not found in Kerberos database
Request for Assistance
Could you please provide guidance on the following:

Ensuring the KRB5CCNAME environment variable is recognized consistently by the k6 script.
Diagnosing and resolving the KDC_ERR_C_PRINCIPAL_UNKNOWN error despite having a valid Kerberos ticket obtained via kinit.