When attempting to configure ACL to grant as few permissions as possible, adding a replica-instance fails.

The following set of log messages are repeated added to the replica's log.

29012:29018:S 21 Dec 2020 20:26:02.682 * Connecting to MASTER 127.0.0.1:9000
29012:29018:S 21 Dec 2020 20:26:02.682 * MASTER <-> REPLICA sync started
29012:29018:S 21 Dec 2020 20:26:02.682 * Non blocking connect for SYNC fired the event.
29012:29018:S 21 Dec 2020 20:26:02.683 # Error reply to PING from master: '-NOPERM this user 

You can reproduce this behavior by using the following ACL file for both the master and the replica instance:

user danny on >silly ~* +@all
user replica-user on >replica-password +psync +replconf +ping
user default off

Then put these lines in the config files for both the master and replica:

masteruser replica-user
masterauth replica-password
aclfile <filename>.acl

Start the master instance.
Connect to the replica instance using a CLI.
Authenticate as danny so that you can issue the REPLICAOF command.
Enter the command REPLICAOF <master-ip-addr> <master-port>

Note: the same test passes for Redis-6.0.9

Note: this is likely caused by https://github.com/JohnSully/KeyDB/blob/d03c2de9017b73b5d339fe76dd99292f27dfcd52/src/replication.cpp#L2623, which happens before any attempt to authenticate with the master. Thus, at this point, the replica is still attempting to communicate with the master as the default user.

Workaround: change the entry for the default user to user default on >a-strong-password -@all +ping