Since the s3-waf removal, s3 components are always built with heimdal, where various issues w.r.t. keytabs are seen (heimdal support hasnt been thoroughly tested recently). This is a tracker bug to collect further information...
Along with these issues there are also two unsupported modes of the lp_kerberos_method() setting in the rpc gse server case (system and dedicated keytab) which need to be fleshed out. Here also the secrets based in-memory keytab would need to be converted into an on-disc (/var/lib/samba/private) file based keytab.
Günther, can you please update the status on this, only the initial information about various bugs existing here is not so helpful. What was this bug report all about?
Closing as INVALID because there isn't enough information here to make any particular change or fix.