I just created a new PR on github to allow for multiple service principals in a single service, and to allow overriding the auto-generated service principal name.
With the new code, specifying the option
accept_any_principal will cause the GSSAPI plugin to accept any service principal with a valid entry in the keytab, per best practice.I kept the existing behaviour the same to avoid backwards compatibility issues, although I'd argue the current behaviour is undesirable in almost all cases.
