This is more or less the same as bug #201341, and was originally upstream #918 (https://bugzilla.mindrot.org/show_bug.cgi?id=918). Basically sshd doesn't store forwarded GSSAPI credentials to disk before opening the PAM session for the user, so modules don't have access to the credentials even when they may have use for them.
Actually the patch I have to fix bug 216689 will solve this one as well. *** This bug has been marked as a duplicate of 216689 ***
You're right, it looks like it will. Thanks!
Nalin, could you please test the latest openssh in dist-4E-qu-candidate whether it fixes the problem?
Seems to work properly in combination with the corresponding dist-4E-qu-candidate pam_krb5 2.1.15-1 and later. Thanks!
Hi. What's the status and expected release of a fix for RHEL4 on this? The bug this is marked as a duplicate of (bug 216689) is restricted, so the rest of the community has no idea what's going on. thanks!
This should be fixed (well, #216689 is called out as fixed in the changelog) in the openssh packages in the beta channel.