While inspecting bug # I was curious why sshd/ssh doesn't try my kerberos tickets. After some poking around and enabling the variables in /etc/ssh/sshd_config it turned out the *client* lacked the variables in /etc/ssh/ssh_config, which would instruct it to try gssapi. Please add to /etc/ssh/ssh_config these two lines: # Instruct ssh(1) client to attempt GSSAPI authentication, see ssh_config(5) # GSSAPIAuthentication yes # GSSAPIDelegateCredentials yes They should be commented out by default so people with USE="-kerberos" won't see warnings from sshd/ssh about unknown directives. This is simple fix, please push it soon into portage.
the ssh_config file notes that it is not a comprehensive list and that you should see the ssh_config(5) manpage for all options ... you could file a bug at http://bugzilla.mindrot.org/ if you wish