https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407
--- Comment #4 from Cy Schubert <[email protected]> --- Confirmed with: auth required pam_krb5.so no_warn try_first_pass debug I was able to log in using my krb5 password with: auth sufficient pam_krb5.so no_warn try_first_pass debug The machine I tested on uses LDAP accounts. Passwords are not served by LDAP. Only my KDC handles authentication. There is no other way to log into that machine, proving that my KDC authenticated. Jul 26 12:48:01 cwsys sshd[42117]: Accepted keyboard-interactive/pam for cy from 10.1.1.91 port 43327 ssh2 The customer should change the "required" to "sufficient". The krb5 documentation I've read always says sufficient. -- You are receiving this mail because: You are the assignee for the bug.
