The most useful version of pam_krb5 that works both with mit and heimdal and has the most features / is actively maintained, namely pam_krb5-2.2.6, is missing keywords for quite some time now. After having some small problems with 2.2.6 and 2.2.20 I can vouch for upstreams active maintenance (Nalin Dahyabhai made a patch and a release for us after two days and seems to have an extensive testing setup with AFS and both krb5 libs). See http://people.redhat.com/nalin/pam_krb5/ for all releases, and the changelog contained in the tarballs for the long list of bug fixes and features this plugin provides over the others. We use pam_krb5-2.2.21 now with AFS and heimdal on x86 and amd64 and it's really just plain better than the other (stale) pam_krb5 versions currently in portage (e.g. the debug messages make sense), so we think other users would benefit from a bump. Are there any reasons in particular why this can't be? Bug #196296 was closed with a confusing message from Jakub, go there for a ebuild diff that uses tar balls instead of srpms as source.
Seems like the only PAM maintainer at the moment is me, and I'm not going to learn kerberos to maintain this, sorry. Especially since even kerberos is not maintained. I'm sorry then, but unless I end up finding a job requiring me to do this, it'll have to wait for someone else to join PAM maintenance. Unfortunately nobody has in about two years now.
After talking to my boss we'd be willing to proxy-maintain. After all we already use it in production on quite a lot machines and I can't hurt if others use it, too; and, as noted, upstream is easy to work with. Perhaps in the future we'll do something about the krblibs state, too (some things we could use are supposed to work with upcoming 1.0 releases of heimdal).
Move this to Bug 163840 *** This bug has been marked as a duplicate of bug 196296 ***