After upgrading pambase all references to mod_krb5.so were removed from /etc/pam.d/system-auth The original working config is given below: auth required pam_env.so auth [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so account [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_env.so session [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass session required pam_unix.so session optional pam_permit.so The updated broken config is given below: auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so Reproducible: Always Steps to Reproduce: 1. Updated pambase as part of standard portage "emerge -uD world" 2. /etc/pam.d/system-auth over-written 3. Login via SSH no longer works for non-root accounts using kerberos (mod_krb5.so) Actual Results: Login fails as mod_krb5.so is not being called in system-auth Expected Results: Login should work.
The USE flag was renamed from kerberos to pam_krb5 (as too many people complained after enabling kerberos unconditionally). Please check what your emerge command is telling you to update, next upgrade.