Hi the sshd_config file in /etc/ssh contains the following lines:
# To change Kerberos options
uncommenting these lines will cause an error claiming that the
configuration directives are incorrect.
This appears to be a brokenness in openssh - not in your build of it.
However ssh'ing into a configured kerberos system does not succeed while
using login from the same system on the same account does.
I've checked the pam config for both and b/c of system-auth (pam_stack)
they are both using more or less the same rules (excluding ssh's use of
nevertheless something is broken - I'll relate more as I know it.
This is a feature or "feature" of OpenSSH.
If certain options (I tried AFSTokenPassing and KerberosTgtPassing myself, a month or two ago),
aren't enabled at compile time, sshd will barf if they're used -- those won't be recognized at all.
This isn't how it's usually done I think.
-- e.g. from servconf.c ---
[ ... ]
#endif /* KRB4 */
[ ... ]
OpenSSH doesn't yet support Kerberos 5 for authentication, and we're trying to
stay away from using Kerberos IV auth for anything in the distribution. Local
testing shows that sshd with PAM and pam_krb5 does operate correctly, so I'm not
sure what to make of Seth's results otherwise.
This doesn't seem to me as a real bug (see comment #1, and comment #2).
Maybe we could patch out the commented options from the config file
but it doesn't seem to me to be worth the patch.