Description
Currently, security/init.cc initializes the Kerberos client keytab on startup, but never renews it. The credentials expire after some time so it's important to have some thread which renews it before expiration (hopefully in such a way that if a renewal transiently fails, we don't lose our previously good ticket)